various modifications to prevent xss

- validation of names and labels against /^[\w\s\'\-]*$/i - html entities encoding git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
commit: 2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree: e5a80fb24158b350507c28021418a19aa7084991 /app/views/admin
parent: 3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download: redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz
redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/admin/projects.rhtml b/app/views/admin/projects.rhtml
index 0772c4e8b..bcf7cba43 100644
--- a/app/views/admin/projects.rhtml
+++ b/app/views/admin/projects.rhtml
@@ -17,7 +17,7 @@
 <% for project in @projects %>
   <tr class="<%= cycle("odd", "even") %>">
 	<td><%= link_to project.name, :controller => 'projects', :action => 'settings', :id => project %>
-	<td><%= project.description %>
+	<td><%=h project.description %>
 	<td align="center"><%= image_tag 'true' if project.is_public? %>
 	<td align="center"><%= project.projects_count %>
 	<td align="center"><%= format_date(project.created_on) %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
commit	2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree	e5a80fb24158b350507c28021418a19aa7084991 /app/views/admin
parent	3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download	redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip