diff options
| -rw-r--r-- | app/controllers/issues_controller.rb | 4 | ||||
| -rw-r--r-- | app/views/projects/settings/_versions.rhtml | 2 | ||||
| -rw-r--r-- | app/views/roles/edit.rhtml | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 7f19fdf87..569d0c461 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -43,6 +43,10 @@ class IssuesController < ApplicationController helper :timelog include Redmine::Export::PDF + verify :method => :post, + :only => :destroy, + :render => { :nothing => true, :status => :method_not_allowed } + def index retrieve_query sort_init 'id', 'desc' diff --git a/app/views/projects/settings/_versions.rhtml b/app/views/projects/settings/_versions.rhtml index 79d92d81e..1f66dec43 100644 --- a/app/views/projects/settings/_versions.rhtml +++ b/app/views/projects/settings/_versions.rhtml @@ -14,7 +14,7 @@ <td><%= link_to h(version.name), :controller => 'versions', :action => 'show', :id => version %></td> <td align="center"><%= format_date(version.effective_date) %></td> <td><%=h version.description %></td> - <td><%= link_to(version.wiki_page_title, :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td> + <td><%= link_to(h(version.wiki_page_title), :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td> <td align="center"><%= link_to_if_authorized l(:button_edit), { :controller => 'versions', :action => 'edit', :id => version }, :class => 'icon icon-edit' %></td> <td align="center"><%= link_to_if_authorized l(:button_delete), {:controller => 'versions', :action => 'destroy', :id => version}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %></td> </tr> diff --git a/app/views/roles/edit.rhtml b/app/views/roles/edit.rhtml index e53a0f545..b357cc985 100644 --- a/app/views/roles/edit.rhtml +++ b/app/views/roles/edit.rhtml @@ -1,4 +1,4 @@ -<h2><%=l(:label_role)%>: <%= @role.name %></h2> +<h2><%=l(:label_role)%>: <%=h @role.name %></h2> <% labelled_tabular_form_for :role, @role, :url => { :action => 'edit' }, :html => {:id => 'role_form'} do |f| %> <%= render :partial => 'form', :locals => { :f => f } %> |