HTML escape at app/helpers/application_helper.rb.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6350 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-02 12:47:28 +00:00 · 2011-08-02 12:47:28 +00:00 · fea3a1baf1
parent dc1258df48
commit fea3a1baf1
1 changed files with 6 additions and 6 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -106,7 +106,7 @@ module ApplicationHelper
    text = options.delete(:text) || format_revision(revision)
    rev = revision.respond_to?(:identifier) ? revision.identifier : revision
-    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
+    link_to(h(text), {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
            :title => l(:label_revision_id, format_revision(revision)))
  end
@ -422,7 +422,7 @@ module ApplicationHelper
  def html_title(*args)
    if args.empty?
      title = []
-      title << @project.name if @project
+      title << h(@project.name) if @project
      title += @html_title if @html_title
      title << Setting.app_title
      title.select {|t| !t.blank? }.join(' - ')
@ -573,7 +573,7 @@ module ApplicationHelper
              wiki_page_id = page.present? ? Wiki.titleize(page) : nil
              url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
            end
-          link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
+          link_to(h(title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
        else
          # project or wiki doesn't exist
          all
@ -627,7 +627,7 @@ module ApplicationHelper
        if prefix.nil? && sep == 'r'
          # project.changesets.visible raises an SQL error because of a double join on repositories
          if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier))
-            link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
+            link = link_to(h("#{project_prefix}r#{identifier}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                      :class => 'changeset',
                                      :title => truncate_single_line(changeset.comments, :length => 100))
          end
@ -677,7 +677,7 @@ module ApplicationHelper
            if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"]))
              link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier},
                                           :class => 'changeset',
-                                           :title => truncate_single_line(changeset.comments, :length => 100)
+                                           :title => truncate_single_line(h(changeset.comments), :length => 100)
            end
          when 'source', 'export'
            if project && project.repository && User.current.allowed_to?(:browse_repository, project)
@ -843,7 +843,7 @@ module ApplicationHelper
      options[:class] << ' disabled'
      url = '#'
    end
-    link_to name, url, options
+    link_to h(name), url, options
  end
  def calendar_for(field_id)