summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/issues_controller.rb4
-rw-r--r--app/views/projects/settings/_versions.rhtml2
-rw-r--r--app/views/roles/edit.rhtml2
3 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 7f19fdf87..569d0c461 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -43,6 +43,10 @@ class IssuesController < ApplicationController
helper :timelog
include Redmine::Export::PDF
+ verify :method => :post,
+ :only => :destroy,
+ :render => { :nothing => true, :status => :method_not_allowed }
+
def index
retrieve_query
sort_init 'id', 'desc'
diff --git a/app/views/projects/settings/_versions.rhtml b/app/views/projects/settings/_versions.rhtml
index 79d92d81e..1f66dec43 100644
--- a/app/views/projects/settings/_versions.rhtml
+++ b/app/views/projects/settings/_versions.rhtml
@@ -14,7 +14,7 @@
<td><%= link_to h(version.name), :controller => 'versions', :action => 'show', :id => version %></td>
<td align="center"><%= format_date(version.effective_date) %></td>
<td><%=h version.description %></td>
- <td><%= link_to(version.wiki_page_title, :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td>
+ <td><%= link_to(h(version.wiki_page_title), :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td>
<td align="center"><%= link_to_if_authorized l(:button_edit), { :controller => 'versions', :action => 'edit', :id => version }, :class => 'icon icon-edit' %></td>
<td align="center"><%= link_to_if_authorized l(:button_delete), {:controller => 'versions', :action => 'destroy', :id => version}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %></td>
</tr>
diff --git a/app/views/roles/edit.rhtml b/app/views/roles/edit.rhtml
index e53a0f545..b357cc985 100644
--- a/app/views/roles/edit.rhtml
+++ b/app/views/roles/edit.rhtml
@@ -1,4 +1,4 @@
-<h2><%=l(:label_role)%>: <%= @role.name %></h2>
+<h2><%=l(:label_role)%>: <%=h @role.name %></h2>
<% labelled_tabular_form_for :role, @role, :url => { :action => 'edit' }, :html => {:id => 'role_form'} do |f| %>
<%= render :partial => 'form', :locals => { :f => f } %>