jro_apps/redmine Commit - r1598:9703f576d96c

Escapes HTML tags....

Jean-Philippe Lang -

r1598:9703f576d96c

parent child

Context file:

r1598:9703f576d96c

app/views/account/show.rhtml +3 -3

              <h2><%=h @user.name %></h2>
              <p>
-             <%= mail_to @user.mail unless @user.pref.hide_mail %>
+             <%= mail_to(h(@user.mail)) unless @user.pref.hide_mail %>
              <ul>
                  <li><%=l(:label_registered_on)%>: <%= format_date(@user.created_on) %></li>
              <% for custom_value in @custom_values %>
              <h3><%=l(:label_project_plural)%></h3>
              <ul>
              <% for membership in @memberships %>
-             	<li><%= link_to membership.project.name, :controller => 'projects', :action => 'show', :id => membership.project %>
-                 (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
+             	<li><%= link_to(h(membership.project.name), :controller => 'projects', :action => 'show', :id => membership.project) %>
+                 (<%=h membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
              <% end %>
              </ul>
              <% end %>

app/views/projects/show.rhtml +1 -1

              <div class="splitcontentleft">
              	<%= textilizable @project.description %>
              	<ul>
-             	<% unless @project.homepage.blank? %><li><%=l(:field_homepage)%>: <%= auto_link @project.homepage %></li><% end %>
+             	<% unless @project.homepage.blank? %><li><%=l(:field_homepage)%>: <%= auto_link(h(@project.homepage)) %></li><% end %>
                  <% if @subprojects.any? %>
               	<li><%=l(:label_subproject_plural)%>: <%= @subprojects.collect{|p| link_to(h(p.name), :action => 'show', :id => p)}.join(", ") %></li>
                  <% end %>

app/views/users/list.rhtml +4 -4

                <tbody>
              <% for user in @users -%>
                <tr class="user <%= cycle("odd", "even") %> <%= %w(anon active registered locked)[user.status] %>">
-             	<td class="username"><%= link_to user.login, :action => 'edit', :id => user %></td>
-             	<td class="firstname"><%= user.firstname %></td>
-             	<td class="lastname"><%= user.lastname %></td>
-             	<td class="email"><%= user.mail %></td>
+             	<td class="username"><%= link_to h(user.login), :action => 'edit', :id => user %></td>
+             	<td class="firstname"><%= h(user.firstname) %></td>
+             	<td class="lastname"><%= h(user.lastname) %></td>
+             	<td class="email"><%= h(user.mail) %></td>
              	<td align="center"><%= image_tag('true.png') if user.admin? %></td>
              	<td class="created_on" align="center"><%= format_time(user.created_on) %></td>
              	<td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td>

app/views/welcome/index.rhtml +1 -1

              		<ul>
              		<% for project in @projects %>
              			<li>
-             			<%= link_to project.name, :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>)
+             			<%= link_to h(project.name), :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>)
              			<%= textilizable project.short_description, :project => project %>
              			</li>
              		<% end %>

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages