From fea3a1baf13a2bb77cbede5ed40cb5a8f4936cf5 Mon Sep 17 00:00:00 2001 From: Toshi MARUYAMA Date: Tue, 2 Aug 2011 12:47:28 +0000 Subject: [PATCH] HTML escape at app/helpers/application_helper.rb. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6350 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/helpers/application_helper.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 3b9a0f8eb..a8e6f5ca9 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -106,7 +106,7 @@ module ApplicationHelper text = options.delete(:text) || format_revision(revision) rev = revision.respond_to?(:identifier) ? revision.identifier : revision - link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev}, + link_to(h(text), {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev}, :title => l(:label_revision_id, format_revision(revision))) end @@ -422,7 +422,7 @@ module ApplicationHelper def html_title(*args) if args.empty? title = [] - title << @project.name if @project + title << h(@project.name) if @project title += @html_title if @html_title title << Setting.app_title title.select {|t| !t.blank? }.join(' - ') @@ -573,7 +573,7 @@ module ApplicationHelper wiki_page_id = page.present? ? Wiki.titleize(page) : nil url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor) end - link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new'))) + link_to(h(title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new'))) else # project or wiki doesn't exist all @@ -627,7 +627,7 @@ module ApplicationHelper if prefix.nil? && sep == 'r' # project.changesets.visible raises an SQL error because of a double join on repositories if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier)) - link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision}, + link = link_to(h("#{project_prefix}r#{identifier}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision}, :class => 'changeset', :title => truncate_single_line(changeset.comments, :length => 100)) end @@ -677,7 +677,7 @@ module ApplicationHelper if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"])) link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier}, :class => 'changeset', - :title => truncate_single_line(changeset.comments, :length => 100) + :title => truncate_single_line(h(changeset.comments), :length => 100) end when 'source', 'export' if project && project.repository && User.current.allowed_to?(:browse_repository, project) @@ -843,7 +843,7 @@ module ApplicationHelper options[:class] << ' disabled' url = '#' end - link_to name, url, options + link_to h(name), url, options end def calendar_for(field_id)