kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

HTML escape some user values in account sidebar (#8345). 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5747 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Toshi MARUYAMA 2011-05-12 00:26:16 +00:00
parent 16c0b67941
commit 1d78dd8324
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/views/my/_sidebar.rhtml
View File

@ -1,6 +1,6 @@
<h3><%=l(:label_my_account)%></h3> <h3><%=l(:label_my_account)%></h3>
<p><%=l(:field_login)%>: <strong><%= link_to @user.login, user_path(@user) %></strong><br /> <p><%=l(:field_login)%>: <strong><%= link_to(h(@user.login), user_path(@user) %></strong><br />
<%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p> <%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
@ -19,7 +19,7 @@
<h4><%= l(:label_api_access_key) %></h4> <h4><%= l(:label_api_access_key) %></h4>
<div> <div>
<%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%> <%= link_to_function(l(:button_show), "$('api-access-key').toggle();")%>
<pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre> <pre id='api-access-key' class='autoscroll'><%= h(@user.api_key) %></pre>
</div> </div>
<%= javascript_tag("$('api-access-key').hide();") %> <%= javascript_tag("$('api-access-key').hide();") %>
<p> <p>