various modifications to prevent xss

- validation of names and labels against /^[\w\s\'\-]*$/i - html entities encoding git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
commit: 2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree: e5a80fb24158b350507c28021418a19aa7084991 /app/models/enumeration.rb
parent: 3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download: redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz
redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/app/models/enumeration.rb b/app/models/enumeration.rb
index b5c8ed6e7..0d6554f82 100644
--- a/app/models/enumeration.rb
+++ b/app/models/enumeration.rb
@@ -18,8 +18,9 @@
 class Enumeration < ActiveRecord::Base
   before_destroy :check_integrity
   
-	validates_presence_of :opt, :name
-	validates_uniqueness_of :name, :scope => [:opt]
+  validates_presence_of :opt, :name
+  validates_uniqueness_of :name, :scope => [:opt]
+  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
 	
 	OPTIONS = {
 	  "IPRI" => :enumeration_issue_priorities,
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
commit	2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree	e5a80fb24158b350507c28021418a19aa7084991 /app/models/enumeration.rb
parent	3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download	redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip