jro_apps/redmine Commit - r6235:5cd6aa0a09d8

HTML escape at app/helpers/repositories_helper.rb....

Toshi MARUYAMA -

r6235:5cd6aa0a09d8

parent child

Context file:

r6235:5cd6aa0a09d8

Collapse all files

app/helpers/repositories_helper.rb +4 -4

                   if s = tree[file][:s]
                     style << ' folder'
                     path_param = to_path_param(@repository.relative_path(file))
-                    text = link_to(text, :controller => 'repositories',
+                    text = link_to(h(text), :controller => 'repositories',
                                          :action => 'show',
                                          :id => @project,
                                          :path => path_param,
                   elsif c = tree[file][:c]
                     style << " change-#{c.action}"
                     path_param = to_path_param(@repository.relative_path(c.path))
-                    text = link_to(text, :controller => 'repositories',
+                    text = link_to(h(text), :controller => 'repositories',
                                          :action => 'entry',
                                          :id => @project,
                                          :path => path_param,
                                          :rev => @changeset.identifier) unless c.action == 'D'
-                    text << " - #{c.revision}" unless c.revision.blank?
+                    text << " - #{h(c.revision)}" unless c.revision.blank?
                     text << ' (' + link_to('diff', :controller => 'repositories',
                                                    :action => 'diff',
                                                    :id => @project,
                                                    :path => path_param,
                                                    :rev => @changeset.identifier) + ') ' if c.action == 'M'
-                    text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
+                    text << ' ' + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank?
                     output << "<li class='#{style}'>#{text}</li>"
                   end
                 end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages