Rails3: use image_tag instead of hard-coded html tag to prevent escaping in gravatar plugin

Contributed by Sernin van de Krol. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@8920 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2012-02-22 11:41:07 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2012-02-22 11:41:07 +0000
commit: 4fcac7d3b1295408a9d64e64aa17800f4ad31299 (patch)
tree: 1213754422b7fff24b02680c034308aa81b5fbf3 /vendor
parent: 652871d4c3e459b428637aa5b340dbd368e83618 (diff)
download: redmine-4fcac7d3b1295408a9d64e64aa17800f4ad31299.tar.gz
redmine-4fcac7d3b1295408a9d64e64aa17800f4ad31299.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/vendor/plugins/gravatar/lib/gravatar.rb b/vendor/plugins/gravatar/lib/gravatar.rb
index c1b62c584..a0b1241b2 100644
--- a/vendor/plugins/gravatar/lib/gravatar.rb
+++ b/vendor/plugins/gravatar/lib/gravatar.rb
@@ -51,8 +51,8 @@ module GravatarHelper
     def gravatar(email, options={})
       src = h(gravatar_url(email, options))
       options = DEFAULT_OPTIONS.merge(options)
-      [:class, :alt, :size, :title].each { |opt| options[opt] = h(options[opt]) }
-      "<img class=\"#{options[:class]}\" alt=\"#{options[:alt]}\" title=\"#{options[:title]}\" width=\"#{options[:size]}\" height=\"#{options[:size]}\" src=\"#{src}\" />"
+      [:class, :alt, :title].each { |opt| options[opt] = h(options[opt]) }
+      image_tag src, options
     end
     
     # Returns the base Gravatar URL for the given email hash. If ssl evaluates to true,
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2012-02-22 11:41:07 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2012-02-22 11:41:07 +0000
commit	4fcac7d3b1295408a9d64e64aa17800f4ad31299 (patch)
tree	1213754422b7fff24b02680c034308aa81b5fbf3 /vendor
parent	652871d4c3e459b428637aa5b340dbd368e83618 (diff)
download	redmine-4fcac7d3b1295408a9d64e64aa17800f4ad31299.tar.gz redmine-4fcac7d3b1295408a9d64e64aa17800f4ad31299.zip