various modifications to prevent xss
- validation of names and labels against /^[\w\s\'\-]*$/i - html entities encoding git-svn-id: http://redmine.rubyforge.org/svn/trunk@99 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
3e28dc669b
commit
2b86ef8e28
|
@ -56,9 +56,9 @@ module IssuesHelper
|
||||||
|
|
||||||
unless no_html
|
unless no_html
|
||||||
label = content_tag('strong', label)
|
label = content_tag('strong', label)
|
||||||
old_value = content_tag("i", old_value) if old_value
|
old_value = content_tag("i", h(old_value)) if old_value
|
||||||
old_value = content_tag("strike", old_value) if old_value and !value
|
old_value = content_tag("strike", h(old_value)) if old_value and !value
|
||||||
value = content_tag("i", value) if value
|
value = content_tag("i", h(value)) if value
|
||||||
end
|
end
|
||||||
|
|
||||||
if value
|
if value
|
||||||
|
|
|
@ -28,6 +28,7 @@ class CustomField < ActiveRecord::Base
|
||||||
|
|
||||||
validates_presence_of :name, :field_format
|
validates_presence_of :name, :field_format
|
||||||
validates_uniqueness_of :name
|
validates_uniqueness_of :name
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
validates_inclusion_of :field_format, :in => FIELD_FORMATS.keys
|
validates_inclusion_of :field_format, :in => FIELD_FORMATS.keys
|
||||||
validates_presence_of :possible_values, :if => Proc.new { |field| field.field_format == "list" }
|
validates_presence_of :possible_values, :if => Proc.new { |field| field.field_format == "list" }
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,9 @@
|
||||||
class Enumeration < ActiveRecord::Base
|
class Enumeration < ActiveRecord::Base
|
||||||
before_destroy :check_integrity
|
before_destroy :check_integrity
|
||||||
|
|
||||||
validates_presence_of :opt, :name
|
validates_presence_of :opt, :name
|
||||||
validates_uniqueness_of :name, :scope => [:opt]
|
validates_uniqueness_of :name, :scope => [:opt]
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
|
|
||||||
OPTIONS = {
|
OPTIONS = {
|
||||||
"IPRI" => :enumeration_issue_priorities,
|
"IPRI" => :enumeration_issue_priorities,
|
||||||
|
|
|
@ -21,6 +21,7 @@ class IssueStatus < ActiveRecord::Base
|
||||||
|
|
||||||
validates_presence_of :name
|
validates_presence_of :name
|
||||||
validates_uniqueness_of :name
|
validates_uniqueness_of :name
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
validates_length_of :html_color, :is => 6
|
validates_length_of :html_color, :is => 6
|
||||||
validates_format_of :html_color, :with => /^[a-f0-9]*$/i
|
validates_format_of :html_color, :with => /^[a-f0-9]*$/i
|
||||||
|
|
||||||
|
|
|
@ -31,6 +31,7 @@ class Project < ActiveRecord::Base
|
||||||
validates_presence_of :name, :description
|
validates_presence_of :name, :description
|
||||||
validates_uniqueness_of :name
|
validates_uniqueness_of :name
|
||||||
validates_associated :custom_values, :on => :update
|
validates_associated :custom_values, :on => :update
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
|
|
||||||
# returns 5 last created projects
|
# returns 5 last created projects
|
||||||
def self.latest
|
def self.latest
|
||||||
|
|
|
@ -23,6 +23,7 @@ class Role < ActiveRecord::Base
|
||||||
|
|
||||||
validates_presence_of :name
|
validates_presence_of :name
|
||||||
validates_uniqueness_of :name
|
validates_uniqueness_of :name
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
|
|
||||||
private
|
private
|
||||||
def check_integrity
|
def check_integrity
|
||||||
|
|
|
@ -23,7 +23,8 @@ class Tracker < ActiveRecord::Base
|
||||||
|
|
||||||
validates_presence_of :name
|
validates_presence_of :name
|
||||||
validates_uniqueness_of :name
|
validates_uniqueness_of :name
|
||||||
|
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
||||||
|
|
||||||
private
|
private
|
||||||
def check_integrity
|
def check_integrity
|
||||||
raise "Can't delete tracker" if Issue.find(:first, :conditions => ["tracker_id=?", self.id])
|
raise "Can't delete tracker" if Issue.find(:first, :conditions => ["tracker_id=?", self.id])
|
||||||
|
|
|
@ -32,7 +32,8 @@ class User < ActiveRecord::Base
|
||||||
validates_presence_of :login, :firstname, :lastname, :mail
|
validates_presence_of :login, :firstname, :lastname, :mail
|
||||||
validates_uniqueness_of :login, :mail
|
validates_uniqueness_of :login, :mail
|
||||||
# Login must contain lettres, numbers, underscores only
|
# Login must contain lettres, numbers, underscores only
|
||||||
validates_format_of :login, :with => /^[a-z0-9_]+$/i
|
validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
|
||||||
|
validates_format_of :login, :with => /^[a-z0-9_\-@\.]+$/i
|
||||||
validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
|
validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
|
||||||
# Password length between 4 and 12
|
# Password length between 4 and 12
|
||||||
validates_length_of :password, :in => 4..12, :allow_nil => true
|
validates_length_of :password, :in => 4..12, :allow_nil => true
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
<% for project in @projects %>
|
<% for project in @projects %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to project.name, :controller => 'projects', :action => 'settings', :id => project %>
|
<td><%= link_to project.name, :controller => 'projects', :action => 'settings', :id => project %>
|
||||||
<td><%= project.description %>
|
<td><%=h project.description %>
|
||||||
<td align="center"><%= image_tag 'true' if project.is_public? %>
|
<td align="center"><%= image_tag 'true' if project.is_public? %>
|
||||||
<td align="center"><%= project.projects_count %>
|
<td align="center"><%= project.projects_count %>
|
||||||
<td align="center"><%= format_date(project.created_on) %>
|
<td align="center"><%= format_date(project.created_on) %>
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<p><%= link_to h(document.title), :controller => 'documents', :action => 'show', :id => document %><br />
|
||||||
|
<% unless document.description.empty? %><%=h truncate document.description, 250 %><br /><% end %>
|
||||||
|
<em><%= format_time(document.created_on) %></em></p>
|
|
@ -6,6 +6,6 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
<% if journal.notes? %>
|
<% if journal.notes? %>
|
||||||
<%= simple_format auto_link journal.notes %>
|
<%= simple_format auto_link h(journal.notes) %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<td><p class="small"><%= issue.project.name %> - <%= issue.tracker.name %><br />
|
<td><p class="small"><%= issue.project.name %> - <%= issue.tracker.name %><br />
|
||||||
<%= issue.status.name %> - <%= format_time(issue.updated_on) %></p></td>
|
<%= issue.status.name %> - <%= format_time(issue.updated_on) %></p></td>
|
||||||
<td>
|
<td>
|
||||||
<p class="small"><%= link_to issue.subject, :controller => 'issues', :action => 'show', :id => issue %></p>
|
<p class="small"><%= link_to h(issue.subject), :controller => 'issues', :action => 'show', :id => issue %></p>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<h2><%=l(:label_issue)%> #<%= @issue.id %>: <%= @issue.subject %></h2>
|
<h2><%=l(:label_issue)%> #<%= @issue.id %>: <%=h @issue.subject %></h2>
|
||||||
|
|
||||||
<%= error_messages_for 'issue' %>
|
<%= error_messages_for 'issue' %>
|
||||||
<%= start_form_tag({:action => 'change_status', :id => @issue}, :class => "tabular") %>
|
<%= start_form_tag({:action => 'change_status', :id => @issue}, :class => "tabular") %>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<%= l(:label_export_to) %><%= link_to 'PDF', {:action => 'export_pdf', :id => @issue}, :class => 'pic picPdf' %>
|
<%= l(:label_export_to) %><%= link_to 'PDF', {:action => 'export_pdf', :id => @issue}, :class => 'pic picPdf' %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%= @issue.subject %></h2>
|
<h2><%= @issue.tracker.name %> #<%= @issue.id %> - <%=h @issue.subject %></h2>
|
||||||
|
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<table width="100%">
|
<table width="100%">
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td><b><%=l(:field_assigned_to)%> :</b></td><td><%= @issue.assigned_to ? @issue.assigned_to.name : "-" %></td>
|
<td><b><%=l(:field_assigned_to)%> :</b></td><td><%= @issue.assigned_to ? @issue.assigned_to.name : "-" %></td>
|
||||||
<td><b><%=l(:field_category)%> :</b></td><td><%= @issue.category ? @issue.category.name : "-" %></td>
|
<td><b><%=l(:field_category)%> :</b></td><td><%=h @issue.category ? @issue.category.name : "-" %></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td><b><%=l(:field_author)%> :</b></td><td><%= link_to_user @issue.author %></td>
|
<td><b><%=l(:field_author)%> :</b></td><td><%= link_to_user @issue.author %></td>
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
<tr>
|
<tr>
|
||||||
<% n = 0
|
<% n = 0
|
||||||
for custom_value in @custom_values %>
|
for custom_value in @custom_values %>
|
||||||
<td><b><%= custom_value.custom_field.name %> :</b></td><td><%= show_value custom_value %></td>
|
<td><b><%= custom_value.custom_field.name %> :</b></td><td><%=h show_value custom_value %></td>
|
||||||
<% n = n + 1
|
<% n = n + 1
|
||||||
if (n > 1)
|
if (n > 1)
|
||||||
n = 0 %>
|
n = 0 %>
|
||||||
|
|
|
@ -34,7 +34,7 @@ while day <= @date_to
|
||||||
elsif day == i.due_date
|
elsif day == i.due_date
|
||||||
image_tag('arrow_to')
|
image_tag('arrow_to')
|
||||||
end %>
|
end %>
|
||||||
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>: <%= i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small><br />
|
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>: <%=h i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small><br />
|
||||||
<% end %>
|
<% end %>
|
||||||
</td>
|
</td>
|
||||||
<%= '</tr><tr height="100">' if day.cwday >= 7 and day!=@date_to %>
|
<%= '</tr><tr height="100">' if day.cwday >= 7 and day!=@date_to %>
|
||||||
|
|
|
@ -1,15 +1,7 @@
|
||||||
<h3><%=l(:label_document_plural)%></h3>
|
<h3><%=l(:label_document_plural)%></h3>
|
||||||
|
|
||||||
<ul>
|
<%= render(:partial => 'documents/document',
|
||||||
<% for document in Document.find :all,
|
:collection => Document.find(:all,
|
||||||
:limit => 10,
|
:limit => 10,
|
||||||
:conditions => "documents.project_id in (#{@user.projects.collect{|m| m.id}.join(',')})",
|
:conditions => "documents.project_id in (#{@user.projects.collect{|m| m.id}.join(',')})",
|
||||||
:include => [:project] %>
|
:include => [:project])) unless @user.projects.empty? %>
|
||||||
<li>
|
|
||||||
<b><%= link_to document.title, :controller => 'documents', :action => 'show', :id => document %></b>
|
|
||||||
<br />
|
|
||||||
<%= truncate document.description, 150 %><br />
|
|
||||||
<em><%= format_time(document.created_on) %></em><br />
|
|
||||||
</li>
|
|
||||||
<% end unless @user.projects.empty? %>
|
|
||||||
</ul>
|
|
|
@ -1,13 +1,7 @@
|
||||||
<h3><%=l(:label_news_latest)%></h3>
|
<h3><%=l(:label_news_latest)%></h3>
|
||||||
|
|
||||||
<ul>
|
<%= render (:partial => 'news/news',
|
||||||
<% for news in News.find :all,
|
:collection => News.find(:all,
|
||||||
:limit => 10,
|
:limit => 10,
|
||||||
:conditions => "news.project_id in (#{@user.projects.collect{|m| m.id}.join(',')})",
|
:conditions => "news.project_id in (#{@user.projects.collect{|m| m.id}.join(',')})",
|
||||||
:include => [:project, :author] %>
|
:include => [:project, :author])) unless @user.projects.empty? %>
|
||||||
<li><%= link_to news.title, :controller => 'news', :action => 'show', :id => news %><br />
|
|
||||||
<% unless news.summary.empty? %><%= news.summary %><br /><% end %>
|
|
||||||
<em><%= news.author.name %>, <%= format_time(news.created_on) %></em><br />
|
|
||||||
</li>
|
|
||||||
<% end unless @user.projects.empty? %>
|
|
||||||
</ul>
|
|
|
@ -1,9 +1,9 @@
|
||||||
<h2><%=l(:label_my_page)%></h2>
|
<div class="contextual">
|
||||||
|
<%= link_to l(:label_personalize_page), :action => 'page_layout' %>
|
||||||
<div class="topright">
|
|
||||||
<small><%= link_to l(:label_personalize_page), :action => 'page_layout' %></small>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<h2><%=l(:label_my_page)%></h2>
|
||||||
|
|
||||||
<div id="list-top">
|
<div id="list-top">
|
||||||
<% @blocks['top'].each do |b| %>
|
<% @blocks['top'].each do |b| %>
|
||||||
<div class="mypage-box">
|
<div class="mypage-box">
|
||||||
|
|
|
@ -34,11 +34,10 @@ function removeBlock(block) {
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<div style="float:right;">
|
<div class="contextual">
|
||||||
|
<span id="indicator" style="display:none"><%= image_tag "loading.gif", :align => "absmiddle" %></span>
|
||||||
<%= start_form_tag({:action => "add_block"}, :id => "block-form") %>
|
<%= start_form_tag({:action => "add_block"}, :id => "block-form") %>
|
||||||
|
<%= select_tag 'block', "<option></option>" + options_for_select(@block_options), :id => "block-select" %>
|
||||||
<%= select_tag 'block', "<option></option>" + options_for_select(@block_options), :id => "block-select", :class => "select-small" %>
|
|
||||||
<small>
|
|
||||||
<%= link_to_remote l(:button_add),
|
<%= link_to_remote l(:button_add),
|
||||||
:url => { :action => "add_block" },
|
:url => { :action => "add_block" },
|
||||||
:with => "Form.serialize('block-form')",
|
:with => "Form.serialize('block-form')",
|
||||||
|
@ -48,16 +47,9 @@ function removeBlock(block) {
|
||||||
:loading => "Element.show('indicator')",
|
:loading => "Element.show('indicator')",
|
||||||
:loaded => "Element.hide('indicator')"
|
:loaded => "Element.hide('indicator')"
|
||||||
%>
|
%>
|
||||||
</small>
|
<%= end_form_tag %> |
|
||||||
<%= end_form_tag %>
|
|
||||||
<small>|
|
|
||||||
<%= link_to l(:button_save), :action => 'page_layout_save' %> |
|
<%= link_to l(:button_save), :action => 'page_layout_save' %> |
|
||||||
<%= link_to l(:button_cancel), :action => 'page' %>
|
<%= link_to l(:button_cancel), :action => 'page' %>
|
||||||
</small>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div style="float:right;margin-right:20px;">
|
|
||||||
<span id="indicator" style="display:none"><%= image_tag "loading.gif" %></span>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%=l(:label_my_page)%></h2>
|
<h2><%=l(:label_my_page)%></h2>
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
<p><%= link_to h(news.title), :controller => 'news', :action => 'show', :id => news %><br />
|
||||||
|
<% unless news.summary.empty? %><%=h news.summary %><br /><% end %>
|
||||||
|
<em><%= news.author.name %>, <%= format_time(news.created_on) %></em><br />
|
||||||
|
<%= news.comments_count %> <%= lwr(:label_comment, news.comments_count).downcase %><br /></p>
|
|
@ -3,9 +3,9 @@
|
||||||
<%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy', :id => @news}, :confirm => l(:text_are_you_sure), :post => true, :class => 'pic picDelete' %>
|
<%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy', :id => @news}, :confirm => l(:text_are_you_sure), :post => true, :class => 'pic picDelete' %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%= @news.title %></h2>
|
<h2><%=h @news.title %></h2>
|
||||||
|
|
||||||
<p><em><%= @news.summary %><br />
|
<p><em><%=h @news.summary %><br />
|
||||||
<%= @news.author.display_name %>, <%= format_time(@news.created_on) %></em></p>
|
<%= @news.author.display_name %>, <%= format_time(@news.created_on) %></em></p>
|
||||||
<br />
|
<br />
|
||||||
<%= textilizable auto_link @news.description %>
|
<%= textilizable auto_link @news.description %>
|
||||||
|
|
|
@ -18,20 +18,20 @@
|
||||||
<% @events_by_day[day].sort {|x,y| y.created_on <=> x.created_on }.each do |e| %>
|
<% @events_by_day[day].sort {|x,y| y.created_on <=> x.created_on }.each do |e| %>
|
||||||
<li><p>
|
<li><p>
|
||||||
<% if e.is_a? Issue %>
|
<% if e.is_a? Issue %>
|
||||||
<%= e.created_on.strftime("%H:%M") %> <%= link_to "#{e.tracker.name} ##{e.id}", :controller => 'issues', :action => 'show', :id => e %> (<%= e.status.name %>): <%= e.subject %><br />
|
<%= e.created_on.strftime("%H:%M") %> <%= link_to "#{e.tracker.name} ##{e.id}", :controller => 'issues', :action => 'show', :id => e %> (<%= e.status.name %>): <%=h e.subject %><br />
|
||||||
<i><%= e.author.name %></i>
|
<i><%= e.author.name %></i>
|
||||||
<% elsif e.is_a? News %>
|
<% elsif e.is_a? News %>
|
||||||
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_news)%>: <%= link_to e.title, :controller => 'news', :action => 'show', :id => e %><br />
|
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_news)%>: <%= link_to h(e.title), :controller => 'news', :action => 'show', :id => e %><br />
|
||||||
<% unless e.summary.empty? %><%= e.summary %><br /><% end %>
|
<% unless e.summary.empty? %><%=h e.summary %><br /><% end %>
|
||||||
<i><%= e.author.name %></i>
|
<i><%= e.author.name %></i>
|
||||||
<% elsif (e.is_a? Attachment) and (e.container.is_a? Version) %>
|
<% elsif (e.is_a? Attachment) and (e.container.is_a? Version) %>
|
||||||
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%> (<%= e.container.name %>): <%= link_to e.filename, :controller => 'projects', :action => 'list_files', :id => @project %><br />
|
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%> (<%=h e.container.name %>): <%= link_to e.filename, :controller => 'projects', :action => 'list_files', :id => @project %><br />
|
||||||
<i><%= e.author.name %></i>
|
<i><%= e.author.name %></i>
|
||||||
<% elsif (e.is_a? Attachment) and (e.container.is_a? Document) %>
|
<% elsif (e.is_a? Attachment) and (e.container.is_a? Document) %>
|
||||||
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%>: <%= e.filename %> (<%= link_to e.container.title, :controller => 'documents', :action => 'show', :id => e.container %>)<br />
|
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%>: <%= e.filename %> (<%= link_to h(e.container.title), :controller => 'documents', :action => 'show', :id => e.container %>)<br />
|
||||||
<i><%= e.author.name %></i>
|
<i><%= e.author.name %></i>
|
||||||
<% elsif e.is_a? Document %>
|
<% elsif e.is_a? Document %>
|
||||||
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_document)%>: <%= link_to e.title, :controller => 'documents', :action => 'show', :id => e %><br />
|
<%= e.created_on.strftime("%H:%M") %> <%=l(:label_document)%>: <%= link_to h(e.title), :controller => 'documents', :action => 'show', :id => e %><br />
|
||||||
<% end %>
|
<% end %>
|
||||||
</p></li>
|
</p></li>
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ while day <= @date_to
|
||||||
elsif day == i.due_date
|
elsif day == i.due_date
|
||||||
image_tag('arrow_to')
|
image_tag('arrow_to')
|
||||||
end %>
|
end %>
|
||||||
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>: <%= i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small><br />
|
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>: <%=h i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small><br />
|
||||||
<% end %>
|
<% end %>
|
||||||
</td>
|
</td>
|
||||||
<%= '</tr><tr height="100">' if day.cwday >= 7 and day!=@date_to %>
|
<%= '</tr><tr height="100">' if day.cwday >= 7 and day!=@date_to %>
|
||||||
|
|
|
@ -23,6 +23,6 @@
|
||||||
<ul>
|
<ul>
|
||||||
<% ver_id = issue.fixed_version_id
|
<% ver_id = issue.fixed_version_id
|
||||||
end %>
|
end %>
|
||||||
<li><%= link_to issue.long_id, :controller => 'issues', :action => 'show', :id => issue %> [<%= issue.tracker.name %>]: <%= issue.subject %></li>
|
<li><%= link_to issue.long_id, :controller => 'issues', :action => 'show', :id => issue %> [<%= issue.tracker.name %>]: <%=h issue.subject %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
|
@ -1,10 +1,9 @@
|
||||||
<% pdf=IfpdfHelper::IFPDF.new
|
<% pdf=IfpdfHelper::IFPDF.new
|
||||||
pdf.AliasNbPages
|
pdf.AliasNbPages
|
||||||
pdf.footer_date = format_date(Date.today)
|
pdf.footer_date = format_date(Date.today)
|
||||||
pdf.AddPage
|
|
||||||
@issues.each {|i|
|
@issues.each {|i|
|
||||||
render :partial => 'issues/pdf', :locals => { :pdf => pdf, :issue => i }
|
|
||||||
pdf.AddPage
|
pdf.AddPage
|
||||||
|
render :partial => 'issues/pdf', :locals => { :pdf => pdf, :issue => i }
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
|
|
||||||
|
|
|
@ -103,7 +103,7 @@ top = headers_heigth + 8
|
||||||
@issues.each do |i| %>
|
@issues.each do |i| %>
|
||||||
<div style="position: absolute;line-height:1em;height:16px;top:<%= top %>px;left:4px;width:<%= subject_width - 5 %>px;overflow:hidden;">
|
<div style="position: absolute;line-height:1em;height:16px;top:<%= top %>px;left:4px;width:<%= subject_width - 5 %>px;overflow:hidden;">
|
||||||
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>:
|
<small><%= link_to "#{i.tracker.name} ##{i.id}", :controller => 'issues', :action => 'show', :id => i %>:
|
||||||
<%= i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small>
|
<%=h i.subject.sub(/^(.{30}[^\s]*\s).*$/, '\1 (...)') %></small>
|
||||||
</div>
|
</div>
|
||||||
<% top = top + 20
|
<% top = top + 20
|
||||||
end %>
|
end %>
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
<% for project in @projects %>
|
<% for project in @projects %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to project.name, :action => 'show', :id => project %>
|
<td><%= link_to project.name, :action => 'show', :id => project %>
|
||||||
<td><%= project.description %>
|
<td><%=h project.description %>
|
||||||
<td align="center"><%= format_date(project.created_on) %>
|
<td align="center"><%= format_date(project.created_on) %>
|
||||||
</tr>
|
</tr>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -8,16 +8,6 @@
|
||||||
|
|
||||||
<% documents = @documents.group_by {|d| d.category } %>
|
<% documents = @documents.group_by {|d| d.category } %>
|
||||||
<% documents.each do |category, docs| %>
|
<% documents.each do |category, docs| %>
|
||||||
<h3><%= category.name %></h3>
|
<h3><%= category.name %></h3>
|
||||||
<ul>
|
<%= render :partial => 'documents/document', :collection => docs %>
|
||||||
<% docs.each do |d| %>
|
|
||||||
<li>
|
|
||||||
<b><%= link_to d.title, :controller => 'documents', :action => 'show', :id => d %></b>
|
|
||||||
<br />
|
|
||||||
<%= truncate d.description, 250 %><br />
|
|
||||||
<em><%= format_time(d.created_on) %></em><br />
|
|
||||||
</li>
|
|
||||||
|
|
||||||
<% end %>
|
|
||||||
</ul>
|
|
||||||
<% end %>
|
<% end %>
|
|
@ -69,7 +69,7 @@
|
||||||
<td align="center"><%= link_to issue.long_id, :controller => 'issues', :action => 'show', :id => issue %></td>
|
<td align="center"><%= link_to issue.long_id, :controller => 'issues', :action => 'show', :id => issue %></td>
|
||||||
<td align="center" style="font-weight:bold;color:#<%= issue.status.html_color %>;"><%= issue.status.name %></font></td>
|
<td align="center" style="font-weight:bold;color:#<%= issue.status.html_color %>;"><%= issue.status.name %></font></td>
|
||||||
<td align="center"><%= issue.tracker.name %></td>
|
<td align="center"><%= issue.tracker.name %></td>
|
||||||
<td><%= link_to issue.subject, :controller => 'issues', :action => 'show', :id => issue %></td>
|
<td><%= link_to h(issue.subject), :controller => 'issues', :action => 'show', :id => issue %></td>
|
||||||
<td align="center"><%= issue.author.display_name %></td>
|
<td align="center"><%= issue.author.display_name %></td>
|
||||||
<td align="center"><%= format_time(issue.created_on) %></td>
|
<td align="center"><%= format_time(issue.created_on) %></td>
|
||||||
<td align="center"><%= format_time(issue.updated_on) %></td>
|
<td align="center"><%= format_time(issue.updated_on) %></td>
|
||||||
|
|
|
@ -5,16 +5,5 @@
|
||||||
<h2><%=l(:label_news_plural)%></h2>
|
<h2><%=l(:label_news_plural)%></h2>
|
||||||
|
|
||||||
<% if @news.empty? %><p><i><%= l(:label_no_data) %></i></p><% end %>
|
<% if @news.empty? %><p><i><%= l(:label_no_data) %></i></p><% end %>
|
||||||
|
<%= render :partial => 'news/news', :collection => @news %>
|
||||||
<ul>
|
|
||||||
<% for news in @news %>
|
|
||||||
<li><%= link_to news.title, :controller => 'news', :action => 'show', :id => news %><br />
|
|
||||||
<% unless news.summary.empty? %><%= news.summary %><br /><% end %>
|
|
||||||
<em><%= news.author.name %>, <%= format_time(news.created_on) %></em><br />
|
|
||||||
<%= news.comments_count %> <%= lwr(:label_comment, news.comments_count).downcase %><br />
|
|
||||||
</li>
|
|
||||||
<% end %>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
|
|
||||||
<%= pagination_links_full @news_pages %>
|
<%= pagination_links_full @news_pages %>
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
<h2><%=l(:label_overview)%></h2>
|
<h2><%=l(:label_overview)%></h2>
|
||||||
|
|
||||||
<div class="splitcontentleft">
|
<div class="splitcontentleft">
|
||||||
<%= simple_format(auto_link(@project.description)) %>
|
<%= simple_format(auto_link(h @project.description)) %>
|
||||||
<ul>
|
<ul>
|
||||||
<% unless @project.homepage.empty? %><li><%=l(:field_homepage)%>: <%= auto_link @project.homepage %></li><% end %>
|
<% unless @project.homepage.empty? %><li><%=l(:field_homepage)%>: <%= auto_link @project.homepage %></li><% end %>
|
||||||
<li><%=l(:field_created_on)%>: <%= format_date(@project.created_on) %></li>
|
<li><%=l(:field_created_on)%>: <%= format_date(@project.created_on) %></li>
|
||||||
<% for custom_value in @custom_values %>
|
<% for custom_value in @custom_values %>
|
||||||
<% if !custom_value.value.empty? %>
|
<% if !custom_value.value.empty? %>
|
||||||
<li><%= custom_value.custom_field.name%>: <%= show_value(custom_value) %></li>
|
<li><%= custom_value.custom_field.name%>: <%=h show_value(custom_value) %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
<% end %>
|
<% end %>
|
||||||
<center><small>[ <%= link_to l(:label_issue_view_all), :controller => 'projects', :action => 'list_issues', :id => @project, :set_filter => 1 %> ]</small></center>
|
<center><small><%= link_to l(:label_issue_view_all), :controller => 'projects', :action => 'list_issues', :id => @project, :set_filter => 1 %></small></center>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -55,13 +55,8 @@
|
||||||
|
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<h3><%=l(:label_news_latest)%></h3>
|
<h3><%=l(:label_news_latest)%></h3>
|
||||||
<% for news in @news %>
|
<%= render :partial => 'news/news', :collection => @news %>
|
||||||
<p><b><%= news.title %></b> <small>(<%= link_to_user news.author %> <%= format_time(news.created_on) %>)</small><br />
|
<center><small><%= link_to l(:label_news_view_all), :controller => 'projects', :action => 'list_news', :id => @project %></small></center>
|
||||||
<%= news.summary %>
|
|
||||||
<small>[<%= link_to l(:label_read), :controller => 'news', :action => 'show', :id => news %>]</small></p>
|
|
||||||
<hr />
|
|
||||||
<% end %>
|
|
||||||
<center><small>[ <%= link_to l(:label_news_view_all), :controller => 'projects', :action => 'list_news', :id => @project %> ]</small></center>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
<% for @custom_value in @custom_values %>
|
<% for @custom_value in @custom_values %>
|
||||||
<p><%= custom_field_tag_with_label @custom_value %></p>
|
<p><%= custom_field_tag_with_label @custom_value %></p>
|
||||||
<% end %>
|
<% end if @custom_values%>
|
||||||
|
|
||||||
<p><%= f.check_box :admin %></p>
|
<p><%= f.check_box :admin %></p>
|
||||||
<p><%= f.check_box :mail_notification %></p>
|
<p><%= f.check_box :mail_notification %></p>
|
||||||
|
|
|
@ -4,14 +4,7 @@
|
||||||
<% if $RDM_WELCOME_TEXT %><p><%= $RDM_WELCOME_TEXT %></p><br /><% end %>
|
<% if $RDM_WELCOME_TEXT %><p><%= $RDM_WELCOME_TEXT %></p><br /><% end %>
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<h3><%=l(:label_news_latest)%></h3>
|
<h3><%=l(:label_news_latest)%></h3>
|
||||||
<% for news in @news %>
|
<%= render :partial => 'news/news', :collection => @news %>
|
||||||
<p>
|
|
||||||
<b><%= news.title %></b> (<%= link_to_user news.author %> <%= format_time(news.created_on) %> - <%= news.project.name %>)<br />
|
|
||||||
<% unless news.summary.empty? %><%= news.summary %><br /><% end %>
|
|
||||||
[<%= link_to l(:label_read), :controller => 'news', :action => 'show', :id => news %>]
|
|
||||||
</p>
|
|
||||||
<hr />
|
|
||||||
<% end %>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -22,7 +15,7 @@
|
||||||
<% for project in @projects %>
|
<% for project in @projects %>
|
||||||
<li>
|
<li>
|
||||||
<%= link_to project.name, :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>)<br />
|
<%= link_to project.name, :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>)<br />
|
||||||
<%= project.description %>
|
<%=h project.description %>
|
||||||
</li>
|
</li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
@ -473,6 +473,9 @@ float: right;
|
||||||
font-size: 0.8em;
|
font-size: 0.8em;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.contextual select {
|
||||||
|
font-size: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/***** CSS FORM ******/
|
/***** CSS FORM ******/
|
||||||
|
|
Loading…
Reference in New Issue