various modifications to prevent xss

- validation of names and labels against /^[\w\s\'\-]*$/i - html entities encoding git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2006-12-17 08:10:18 +0000
commit: 2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree: e5a80fb24158b350507c28021418a19aa7084991 /app/views/projects/list_news.rhtml
parent: 3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download: redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz
redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip
1 files changed, 1 insertions, 12 deletions
diff --git a/app/views/projects/list_news.rhtml b/app/views/projects/list_news.rhtml
index 1427c07be..8d8f99668 100644
--- a/app/views/projects/list_news.rhtml
+++ b/app/views/projects/list_news.rhtml
@@ -5,16 +5,5 @@
 <h2><%=l(:label_news_plural)%></h2>
 
 <% if @news.empty? %><p><i><%= l(:label_no_data) %></i></p><% end %>
-
-<ul>
-<% for news in @news %>
-	<li><%= link_to news.title, :controller => 'news', :action => 'show', :id => news %><br />
-	<% unless news.summary.empty? %><%= news.summary %><br /><% end %>
-	<em><%= news.author.name %>, <%= format_time(news.created_on) %></em><br />
-	<%= news.comments_count %> <%= lwr(:label_comment, news.comments_count).downcase %><br />&nbsp;
-	</li>
-<% end %>
-</ul>
-
-
+<%= render :partial => 'news/news', :collection => @news %>
 <%= pagination_links_full @news_pages %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2006-12-17 08:10:18 +0000
commit	2b86ef8e28d0e5376197391c29a8fb302f14820f (patch)
tree	e5a80fb24158b350507c28021418a19aa7084991 /app/views/projects/list_news.rhtml
parent	3e28dc669b014db811c0de673a090adf54f42bc1 (diff)
download	redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.tar.gz redmine-2b86ef8e28d0e5376197391c29a8fb302f14820f.zip