diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2006-12-17 08:10:18 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2006-12-17 08:10:18 +0000 |
| commit | 2b86ef8e28d0e5376197391c29a8fb302f14820f (patch) | |
| tree | e5a80fb24158b350507c28021418a19aa7084991 /app/views/my/blocks/_documents.rhtml | |
| parent | 3e28dc669b014db811c0de673a090adf54f42bc1 (diff) | |
| download | redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip | |
various modifications to prevent xss
- validation of names and labels against /^[\w\s\'\-]*$/i
- html entities encoding
git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/views/my/blocks/_documents.rhtml')
| -rw-r--r-- | app/views/my/blocks/_documents.rhtml | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/app/views/my/blocks/_documents.rhtml b/app/views/my/blocks/_documents.rhtml index 5fa8c7980..8e7f6bc50 100644 --- a/app/views/my/blocks/_documents.rhtml +++ b/app/views/my/blocks/_documents.rhtml @@ -1,15 +1,7 @@ <h3><%=l(:label_document_plural)%></h3>
-<ul>
-<% for document in Document.find :all,
+<%= render(:partial => 'documents/document',
+ :collection => Document.find(:all,
:limit => 10,
:conditions => "documents.project_id in (#{@user.projects.collect{|m| m.id}.join(',')})",
- :include => [:project] %>
- <li>
- <b><%= link_to document.title, :controller => 'documents', :action => 'show', :id => document %></b>
- <br />
- <%= truncate document.description, 150 %><br />
- <em><%= format_time(document.created_on) %></em><br />
- </li>
-<% end unless @user.projects.empty? %>
-</ul>
\ No newline at end of file + :include => [:project])) unless @user.projects.empty? %>
\ No newline at end of file |