Escape query names (#2379).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2169 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-12-23 00:19:15 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-12-23 00:19:15 +0000
commit: e48f0f04e7c9985ead31afd93dc48067e072bc23 (patch)
tree: 72c315e2fa3f7db4ea6568254ce5f259ce795e66 /app/views
parent: fee8ada21421411278ffa3666da0bab2e5234642 (diff)
download: redmine-e48f0f04e7c9985ead31afd93dc48067e072bc23.tar.gz
redmine-e48f0f04e7c9985ead31afd93dc48067e072bc23.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml
index 9b7643ba9..bbc00f091 100644
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -20,7 +20,7 @@
 <h3><%= l(:label_query_plural) %></h3>
 
 <% sidebar_queries.each do |query| -%>
-<%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %><br />
+<%= link_to(h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query) %><br />
 <% end -%>
 <%= call_hook(:view_issues_sidebar_queries_bottom) %>
 <% end -%>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-12-23 00:19:15 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-12-23 00:19:15 +0000
commit	e48f0f04e7c9985ead31afd93dc48067e072bc23 (patch)
tree	72c315e2fa3f7db4ea6568254ce5f259ce795e66 /app/views
parent	fee8ada21421411278ffa3666da0bab2e5234642 (diff)
download	redmine-e48f0f04e7c9985ead31afd93dc48067e072bc23.tar.gz redmine-e48f0f04e7c9985ead31afd93dc48067e072bc23.zip