jro_apps/redmine Commit - r6273:0c2958dbdac8

HTML escape at app/views/wiki/show.rhtml....

Toshi MARUYAMA -

r6273:0c2958dbdac8

parent child

Context file:

r6273:0c2958dbdac8

Collapse all files

app/views/wiki/show.rhtml +2 -2

              <div class="contextual">
              <% if @editable %>
              <%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :id => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
              <%= watcher_tag(@page, User.current) %>
              <%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :id => @page.title, :protected => 1}, :method => :post, :class => 'icon icon-lock') if !@page.protected? %>
              <%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :id => @page.title, :protected => 0}, :method => :post, :class => 'icon icon-unlock') if @page.protected? %>
              <%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :id => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
              <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :id => @page.title}, :method => :delete, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
              <%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :id => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
              <% end %>
              <%= link_to_if_authorized(l(:label_history), {:action => 'history', :id => @page.title}, :class => 'icon icon-history') %>
              </div>
              <%= wiki_page_breadcrumb(@page) %>
              <% if @content.version != @page.content.version %>
                  <p>
                  <%= link_to(('&#171; ' + l(:label_previous)), :action => 'show', :id => @page.title, :project_id => @page.project, :version => (@content.version - 1)) + " - " if @content.version > 1 %>
                  <%= "#{l(:label_version)} #{@content.version}/#{@page.content.version}" %>
                  <%= '(' + link_to('diff', :controller => 'wiki', :action => 'diff', :id => @page.title, :project_id => @page.project, :version => @content.version) + ')' if @content.version > 1 %> -
                  <%= link_to((l(:label_next) + ' &#187;'), :action => 'show', :id => @page.title, :project_id => @page.project, :version => (@content.version + 1)) + " - " if @content.version < @page.content.version %>
                  <%= link_to(l(:label_current_version), :action => 'show', :id => @page.title, :project_id => @page.project) %>
                  <br />
-                 <em><%= @content.author ? @content.author.name : "anonyme" %>, <%= format_time(@content.updated_on) %> </em><br />
+                 <em><%= @content.author ? link_to_user(@content.author) : "anonyme" %>, <%= format_time(@content.updated_on) %> </em><br />
                  <%=h @content.comments %>
                  </p>
                  <hr />
              <% end %>
              <%= render(:partial => "wiki/content", :locals => {:content => @content}) %>
              <%= link_to_attachments @page %>
              <% if @editable && authorize_for('wiki', 'add_attachment') %>
              <div id="wiki_add_attachment">
              <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
                                                           :id => 'attach_files_link' %></p>
              <% form_tag({ :controller => 'wiki', :action => 'add_attachment', :project_id => @project, :id => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
                <div class="box">
                <p><%= render :partial => 'attachments/form' %></p>
                </div>
              <%= submit_tag l(:button_add) %>
              <%= link_to l(:button_cancel), {}, :onclick => "Element.hide('add_attachment_form'); Element.show('attach_files_link'); return false;" %>
              <% end %>
              </div>
              <% end %>
              <% other_formats_links do |f| %>
              	<%= f.link_to 'HTML', :url => {:id => @page.title, :version => @content.version} %>
              	<%= f.link_to 'TXT', :url => {:id => @page.title, :version => @content.version} %>
              <% end if User.current.allowed_to?(:export_wiki_pages, @project) %>
              <% content_for :header_tags do %>
                <%= stylesheet_link_tag 'scm' %>
              <% end %>
              <% content_for :sidebar do %>
                <%= render :partial => 'sidebar' %>
              <% end %>
-             <% html_title @page.pretty_title %>
+             <% html_title h(@page.pretty_title) %>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages