HTML escape at app/helpers/search_helper.rb.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6359 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-02 12:55:06 +00:00 · 2011-08-02 12:55:06 +00:00 · 07baff465f
parent b94b7b9383
commit 07baff465f
1 changed files with 7 additions and 6 deletions
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@ -57,7 +57,8 @@ module SearchHelper
      c = results_by_type[t]
      next if c == 0
      text = "#{type_label(t)} (#{c})"
-      links << link_to(text, :q => params[:q], :titles_only => params[:titles_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
+      links << link_to(h(text), :q => params[:q], :titles_only => params[:titles_only],
+                       :all_words => params[:all_words], :scope => params[:scope], t => 1)
    end
    ('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
  end