summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/helpers/custom_fields_helper.rb2
-rw-r--r--app/helpers/queries_helper.rb2
-rw-r--r--app/helpers/sort_helper.rb2
-rw-r--r--app/views/context_menus/issues.html.erb10
-rw-r--r--app/views/custom_fields/_form.rhtml2
-rw-r--r--app/views/custom_fields/_index.rhtml2
-rw-r--r--app/views/issue_statuses/index.html.erb2
-rw-r--r--app/views/issues/_relations.rhtml2
-rw-r--r--app/views/projects/_form.rhtml4
-rw-r--r--app/views/reports/_details.rhtml4
-rw-r--r--app/views/reports/_simple.rhtml2
-rw-r--r--app/views/roles/index.html.erb2
-rw-r--r--app/views/trackers/index.html.erb2
13 files changed, 19 insertions, 19 deletions
diff --git a/app/helpers/custom_fields_helper.rb b/app/helpers/custom_fields_helper.rb
index 3028cd4ed..bcc4cfa11 100644
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -57,7 +57,7 @@ module CustomFieldsHelper
# Return custom field label tag
def custom_field_label_tag(name, custom_value)
- content_tag "label", custom_value.custom_field.name +
+ content_tag "label", h(custom_value.custom_field.name) +
(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
:class => (custom_value.errors.empty? ? nil : "error" )
diff --git a/app/helpers/queries_helper.rb b/app/helpers/queries_helper.rb
index 31a363d28..e65e957b6 100644
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -24,7 +24,7 @@ module QueriesHelper
def column_header(column)
column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
:default_order => column.default_order) :
- content_tag('th', column.caption)
+ content_tag('th', h(column.caption))
end
def column_content(column, issue)
diff --git a/app/helpers/sort_helper.rb b/app/helpers/sort_helper.rb
index a1808a056..e7b2ba7c0 100644
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -205,7 +205,7 @@ module SortHelper
# Add project_id to url_options
url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)
- link_to_content_update(caption, url_options, :class => css)
+ link_to_content_update(h(caption), url_options, :class => css)
end
# Returns a table header <th> tag with a sort link for the named column
diff --git a/app/views/context_menus/issues.html.erb b/app/views/context_menus/issues.html.erb
index 7b67c65c7..34861c917 100644
--- a/app/views/context_menus/issues.html.erb
+++ b/app/views/context_menus/issues.html.erb
@@ -14,7 +14,7 @@
<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
<ul>
<% @statuses.each do |s| -%>
- <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {:status_id => s}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(s.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {:status_id => s}, :back_url => @back}, :method => :post,
:selected => (@issue && s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
<% end -%>
</ul>
@@ -26,7 +26,7 @@
<a href="#" class="submenu"><%= l(:field_tracker) %></a>
<ul>
<% @trackers.each do |t| -%>
- <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'tracker_id' => t}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(t.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'tracker_id' => t}, :back_url => @back}, :method => :post,
:selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
<% end -%>
</ul>
@@ -37,7 +37,7 @@
<a href="#" class="submenu"><%= l(:field_priority) %></a>
<ul>
<% @priorities.each do |p| -%>
- <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(p.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
:selected => (@issue && p == @issue.priority), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
<% end -%>
</ul>
@@ -62,7 +62,7 @@
<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
<ul>
<% @assignables.each do |u| -%>
- <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => u}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(u.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => u}, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
<% end -%>
<li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => 'none'}, :back_url => @back}, :method => :post,
@@ -75,7 +75,7 @@
<a href="#" class="submenu"><%= l(:field_category) %></a>
<ul>
<% @project.issue_categories.each do |u| -%>
- <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => u}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(u.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => u}, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
<% end -%>
<li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => 'none'}, :back_url => @back}, :method => :post,
diff --git a/app/views/custom_fields/_form.rhtml b/app/views/custom_fields/_form.rhtml
index 2900af900..7bbce5d57 100644
--- a/app/views/custom_fields/_form.rhtml
+++ b/app/views/custom_fields/_form.rhtml
@@ -82,7 +82,7 @@ when "IssueCustomField" %>
<fieldset><legend><%=l(:label_tracker_plural)%></legend>
<% for tracker in @trackers %>
- <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%= tracker.name %>
+ <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%=h tracker.name %>
<% end %>
<%= hidden_field_tag "custom_field[tracker_ids][]", '' %>
</fieldset>
diff --git a/app/views/custom_fields/_index.rhtml b/app/views/custom_fields/_index.rhtml
index 21ae01bef..a6495fbfe 100644
--- a/app/views/custom_fields/_index.rhtml
+++ b/app/views/custom_fields/_index.rhtml
@@ -13,7 +13,7 @@
<tbody>
<% (@custom_fields_by_type[tab[:name]] || []).sort.each do |custom_field| -%>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to custom_field.name, :action => 'edit', :id => custom_field %></td>
+ <td><%= link_to h(custom_field.name), :action => 'edit', :id => custom_field %></td>
<td align="center"><%= l(Redmine::CustomFieldFormat.label_for(custom_field.field_format)) %></td>
<td align="center"><%= checked_image custom_field.is_required? %></td>
<% if tab[:name] == 'IssueCustomField' %>
diff --git a/app/views/issue_statuses/index.html.erb b/app/views/issue_statuses/index.html.erb
index 03f767252..9b6a552f7 100644
--- a/app/views/issue_statuses/index.html.erb
+++ b/app/views/issue_statuses/index.html.erb
@@ -19,7 +19,7 @@
<tbody>
<% for status in @issue_statuses %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to status.name, :action => 'edit', :id => status %></td>
+ <td><%= link_to h(status.name), :action => 'edit', :id => status %></td>
<% if Issue.use_status_for_done_ratio? %>
<td align="center"><%= h status.default_done_ratio %></td>
<% end %>
diff --git a/app/views/issues/_relations.rhtml b/app/views/issues/_relations.rhtml
index 12a39ddc4..022ed590b 100644
--- a/app/views/issues/_relations.rhtml
+++ b/app/views/issues/_relations.rhtml
@@ -16,7 +16,7 @@
<%= h(relation.other_issue(@issue).project) + ' - ' if Setting.cross_project_issue_relations? %>
<%= link_to_issue(relation.other_issue(@issue), :truncate => 60) %>
</td>
-<td class="status"><%= relation.other_issue(@issue).status.name %></td>
+<td class="status"><%=h relation.other_issue(@issue).status.name %></td>
<td class="start_date"><%= format_date(relation.other_issue(@issue).start_date) %></td>
<td class="due_date"><%= format_date(relation.other_issue(@issue).due_date) %></td>
<td class="buttons"><%= link_to_remote(image_tag('link_break.png'), { :url => {:controller => 'issue_relations', :action => 'destroy', :id => relation},
diff --git a/app/views/projects/_form.rhtml b/app/views/projects/_form.rhtml
index 9772a899c..45d0ff1c4 100644
--- a/app/views/projects/_form.rhtml
+++ b/app/views/projects/_form.rhtml
@@ -42,7 +42,7 @@
<% @trackers.each do |tracker| %>
<label class="floating">
<%= check_box_tag 'project[tracker_ids][]', tracker.id, @project.trackers.include?(tracker) %>
- <%= tracker %>
+ <%=h tracker %>
</label>
<% end %>
<%= hidden_field_tag 'project[tracker_ids][]', '' %>
@@ -54,7 +54,7 @@
<% @issue_custom_fields.each do |custom_field| %>
<label class="floating">
<%= check_box_tag 'project[issue_custom_field_ids][]', custom_field.id, (@project.all_issue_custom_fields.include? custom_field), (custom_field.is_for_all? ? {:disabled => "disabled"} : {}) %>
- <%= custom_field.name %>
+ <%=h custom_field.name %>
</label>
<% end %>
<%= hidden_field_tag 'project[issue_custom_field_ids][]', '' %>
diff --git a/app/views/reports/_details.rhtml b/app/views/reports/_details.rhtml
index c9cd88bb8..7b565a325 100644
--- a/app/views/reports/_details.rhtml
+++ b/app/views/reports/_details.rhtml
@@ -6,7 +6,7 @@
<thead><tr>
<th style="width:25%"></th>
<% for status in @statuses %>
-<th style="width:<%= col_width %>%"><%= status.name %></th>
+<th style="width:<%= col_width %>%"><%=h status.name %></th>
<% end %>
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_open_issues_plural)%></strong></th>
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_closed_issues_plural)%></strong></th>
@@ -15,7 +15,7 @@
<tbody>
<% for row in rows %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
+ <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
:set_filter => 1,
:subproject_id => '!*',
"#{field_name}" => row.id %></td>
diff --git a/app/views/reports/_simple.rhtml b/app/views/reports/_simple.rhtml
index e82f376a1..8d47bba76 100644
--- a/app/views/reports/_simple.rhtml
+++ b/app/views/reports/_simple.rhtml
@@ -11,7 +11,7 @@
<tbody>
<% for row in rows %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
+ <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
:set_filter => 1,
:subproject_id => '!*',
"#{field_name}" => row.id %></td>
diff --git a/app/views/roles/index.html.erb b/app/views/roles/index.html.erb
index 41878146b..73c7e0841 100644
--- a/app/views/roles/index.html.erb
+++ b/app/views/roles/index.html.erb
@@ -13,7 +13,7 @@
<tbody>
<% for role in @roles %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(role.name, :action => 'edit', :id => role)) %></td>
+ <td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(h(role.name), :action => 'edit', :id => role)) %></td>
<td align="center" style="width:15%;">
<% unless role.builtin? %>
<%= reorder_links('role', {:action => 'edit', :id => role}) %>
diff --git a/app/views/trackers/index.html.erb b/app/views/trackers/index.html.erb
index ab6eba575..c4981ccd3 100644
--- a/app/views/trackers/index.html.erb
+++ b/app/views/trackers/index.html.erb
@@ -14,7 +14,7 @@
<tbody>
<% for tracker in @trackers %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to tracker.name, :action => 'edit', :id => tracker %></td>
+ <td><%= link_to h(tracker.name), :action => 'edit', :id => tracker %></td>
<td align="center"><% unless tracker.workflows.count > 0 %><span class="icon icon-warning"><%= l(:text_tracker_no_workflow) %> (<%= link_to l(:button_edit), {:controller => 'workflows', :action => 'edit', :tracker_id => tracker} %>)</span><% end %></td>
<td align="center" style="width:15%;"><%= reorder_links('tracker', {:action => 'edit', :id => tracker}) %></td>
<td class="buttons">
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 03:03:35 +0000