kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed: potential security leak on my page calendar (#4691). 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3351 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-01-30 11:23:17 +00:00
parent 2261ec7b95
commit 7ef20cc169
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/my/blocks/_calendar.rhtml
View File

@ -1,7 +1,7 @@
<h3><%= l(:label_calendar) %></h3>
<% calendar = Redmine::Helpers::Calendar.new(Date.today, current_language, :week)
calendar.events = Issue.find :all,
calendar.events = Issue.visible.find :all,
:conditions => ["#{Issue.table_name}.project_id in (#{@user.projects.collect{|m| m.id}.join(',')}) AND ((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?))", calendar.startdt, calendar.enddt, calendar.startdt, calendar.enddt],
:include => [:project, :tracker, :priority, :assigned_to] unless @user.projects.empty? %>