jro_apps/redmine Commit - r10324:2df7c0ff3a60

Merged r10465 from trunk....

Jean-Philippe Lang -

r10324:2df7c0ff3a60

parent child

Context file:

r10324:2df7c0ff3a60

Collapse all files

app/helpers/application_helper.rb +5 0

                  content_tag(:a, name, {:href => '#', :onclick => "#{function}; return false;"}.merge(html_options))
                end
+               # Helper to render JSON in views
+               def raw_json(arg)
+                 arg.to_json.to_s.gsub('/', '\/').html_safe
+               end
                def back_url
                  url = params[:back_url]
                  if url.nil? && referer = request.env['HTTP_REFERER']

app/views/queries/_filters.html.erb +5 -5

              <%= javascript_tag do %>
-             var operatorLabels = <%= raw Query.operators_labels.to_json %>;
-             var operatorByType = <%= raw Query.operators_by_filter_type.to_json %>;
-             var availableFilters = <%= raw query.available_filters_as_json.to_json %>;
-             var labelDayPlural = "<%= raw escape_javascript(l(:label_day_plural)) %>";
+             var operatorLabels = <%= raw_json Query.operators_labels %>;
+             var operatorByType = <%= raw_json Query.operators_by_filter_type %>;
+             var availableFilters = <%= raw_json query.available_filters_as_json %>;
+             var labelDayPlural = <%= raw_json l(:label_day_plural) %>;
              $(document).ready(function(){
                initFilters();
                <% query.filters.each do |field, options| %>
-               addFilter("<%= field %>", <%= raw query.operator_for(field).to_json %>, <%= raw query.values_for(field).to_json %>);
+               addFilter("<%= field %>", <%= raw_json query.operator_for(field) %>, <%= raw_json query.values_for(field) %>);
                <% end %>
              });
              <% end %>

public/javascripts/application.js +6 -6

                case "date":
                case "date_past":
                  tr.find('td.values').append(
-                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" value="'+values[0]+'" /></span>' +
-                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" value="'+values[1]+'" /></span>' +
-                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" value="'+values[0]+'" /> '+labelDayPlural+'</span>'
+                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" /></span>' +
+                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" /></span>' +
+                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" /> '+labelDayPlural+'</span>'
                  );
                  $('#values_'+fieldId+'_1').val(values[0]).datepicker(datepickerOptions);
                  $('#values_'+fieldId+'_2').val(values[1]).datepicker(datepickerOptions);
                case "string":
                case "text":
                  tr.find('td.values').append(
-                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" value="'+values[0]+'" /></span>'
+                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" /></span>'
                  );
                  $('#values_'+fieldId).val(values[0]);
                  break;
                case "integer":
                case "float":
                  tr.find('td.values').append(
-                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" value="'+values[0]+'" /></span>' +
-                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" value="'+values[1]+'" /></span>'
+                   '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" /></span>' +
+                   ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" /></span>'
                  );
                  $('#values_'+fieldId+'_1').val(values[0]);
                  $('#values_'+fieldId+'_2').val(values[1]);

test/functional/queries_controller_test.rb +8 0

                  assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :set_filter => 1, :query_id => nil
                  assert_nil Query.find_by_id(1)
                end
+               def test_backslash_should_be_escaped_in_filters
+                 @request.session[:user_id] = 2
+                 get :new, :subject => 'foo/bar'
+                 assert_response :success
+                 assert_template 'new'
+                 assert_include 'addFilter("subject", "=", ["foo\/bar"]);', response.body
+               end
              end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages