[#547] Security audit
This commit is contained in:
parent
bf13b0f409
commit
2c46411678
|
@ -107,7 +107,7 @@ module ApplicationHelper
|
||||||
text = options.delete(:text) || format_revision(revision)
|
text = options.delete(:text) || format_revision(revision)
|
||||||
rev = revision.respond_to?(:identifier) ? revision.identifier : revision
|
rev = revision.respond_to?(:identifier) ? revision.identifier : revision
|
||||||
|
|
||||||
link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
|
link_to(h(text), {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
|
||||||
:title => l(:label_revision_id, format_revision(revision)))
|
:title => l(:label_revision_id, format_revision(revision)))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -410,7 +410,7 @@ module ApplicationHelper
|
||||||
def html_title(*args)
|
def html_title(*args)
|
||||||
if args.empty?
|
if args.empty?
|
||||||
title = []
|
title = []
|
||||||
title << @project.name if @project
|
title << h(@project.name) if @project
|
||||||
title += @html_title if @html_title
|
title += @html_title if @html_title
|
||||||
title << Setting.app_title
|
title << Setting.app_title
|
||||||
title.select {|t| !t.blank? }.join(' - ')
|
title.select {|t| !t.blank? }.join(' - ')
|
||||||
|
@ -561,7 +561,7 @@ module ApplicationHelper
|
||||||
wiki_page_id = page.present? ? Wiki.titleize(page) : nil
|
wiki_page_id = page.present? ? Wiki.titleize(page) : nil
|
||||||
url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
|
url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
|
||||||
end
|
end
|
||||||
link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
|
link_to(h(title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
|
||||||
else
|
else
|
||||||
# project or wiki doesn't exist
|
# project or wiki doesn't exist
|
||||||
all
|
all
|
||||||
|
@ -615,7 +615,7 @@ module ApplicationHelper
|
||||||
if prefix.nil? && sep == 'r'
|
if prefix.nil? && sep == 'r'
|
||||||
# project.changesets.visible raises an SQL error because of a double join on repositories
|
# project.changesets.visible raises an SQL error because of a double join on repositories
|
||||||
if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier))
|
if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier))
|
||||||
link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
|
link = link_to(h("#{project_prefix}r#{identifier}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
|
||||||
:class => 'changeset',
|
:class => 'changeset',
|
||||||
:title => truncate_single_line(changeset.comments, :length => 100))
|
:title => truncate_single_line(changeset.comments, :length => 100))
|
||||||
end
|
end
|
||||||
|
@ -665,7 +665,7 @@ module ApplicationHelper
|
||||||
if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"]))
|
if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"]))
|
||||||
link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier},
|
link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier},
|
||||||
:class => 'changeset',
|
:class => 'changeset',
|
||||||
:title => truncate_single_line(changeset.comments, :length => 100)
|
:title => truncate_single_line(h(changeset.comments), :length => 100)
|
||||||
end
|
end
|
||||||
when 'source', 'export'
|
when 'source', 'export'
|
||||||
if project && project.repository && User.current.allowed_to?(:browse_repository, project)
|
if project && project.repository && User.current.allowed_to?(:browse_repository, project)
|
||||||
|
@ -831,7 +831,7 @@ module ApplicationHelper
|
||||||
options[:class] << ' disabled'
|
options[:class] << ' disabled'
|
||||||
url = '#'
|
url = '#'
|
||||||
end
|
end
|
||||||
link_to name, url, options
|
link_to h(name), url, options
|
||||||
end
|
end
|
||||||
|
|
||||||
def calendar_for(field_id)
|
def calendar_for(field_id)
|
||||||
|
|
|
@ -45,6 +45,6 @@ module CalendarsHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def link_to_month(link_name, year, month, options={})
|
def link_to_month(link_name, year, month, options={})
|
||||||
link_to_content_update(link_name, params.merge(:year => year, :month => month))
|
link_to_content_update(h(link_name), params.merge(:year => year, :month => month))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -53,7 +53,7 @@ module CustomFieldsHelper
|
||||||
|
|
||||||
# Return custom field label tag
|
# Return custom field label tag
|
||||||
def custom_field_label_tag(name, custom_value)
|
def custom_field_label_tag(name, custom_value)
|
||||||
content_tag "label", custom_value.custom_field.name +
|
content_tag "label", h(custom_value.custom_field.name) +
|
||||||
(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
|
(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
|
||||||
:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
|
:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
|
||||||
:class => (custom_value.errors.empty? ? nil : "error" )
|
:class => (custom_value.errors.empty? ? nil : "error" )
|
||||||
|
|
|
@ -44,11 +44,11 @@ module IssuesHelper
|
||||||
|
|
||||||
link_to_issue(issue) + "<br /><br />" +
|
link_to_issue(issue) + "<br /><br />" +
|
||||||
"<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
|
"<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
|
||||||
"<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
|
"<strong>#{@cached_label_status}</strong>: #{h(issue.status.name)}<br />" +
|
||||||
"<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
|
"<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
|
||||||
"<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
|
"<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
|
||||||
"<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
|
"<strong>#{@cached_label_assigned_to}</strong>: #{h(issue.assigned_to)}<br />" +
|
||||||
"<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
|
"<strong>#{@cached_label_priority}</strong>: #{h(issue.priority.name)}"
|
||||||
end
|
end
|
||||||
|
|
||||||
def render_issue_subject_with_tree(issue)
|
def render_issue_subject_with_tree(issue)
|
||||||
|
@ -114,7 +114,7 @@ module IssuesHelper
|
||||||
# links to #index on issues/show
|
# links to #index on issues/show
|
||||||
url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
|
url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
|
||||||
|
|
||||||
content_tag('h3', title) +
|
content_tag('h3', h(title)) +
|
||||||
queries.collect {|query|
|
queries.collect {|query|
|
||||||
link_to(h(query.name), url_params.merge(:query_id => query))
|
link_to(h(query.name), url_params.merge(:query_id => query))
|
||||||
}.join('<br />')
|
}.join('<br />')
|
||||||
|
|
|
@ -20,7 +20,7 @@ module QueriesHelper
|
||||||
def column_header(column)
|
def column_header(column)
|
||||||
column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
|
column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
|
||||||
:default_order => column.default_order) :
|
:default_order => column.default_order) :
|
||||||
content_tag('th', column.caption)
|
content_tag('th', h(column.caption))
|
||||||
end
|
end
|
||||||
|
|
||||||
def column_content(column, issue)
|
def column_content(column, issue)
|
||||||
|
@ -41,7 +41,7 @@ module QueriesHelper
|
||||||
if column.name == :done_ratio
|
if column.name == :done_ratio
|
||||||
progress_bar(value, :width => '80px')
|
progress_bar(value, :width => '80px')
|
||||||
else
|
else
|
||||||
value.to_s
|
h(value.to_s)
|
||||||
end
|
end
|
||||||
when 'User'
|
when 'User'
|
||||||
link_to_user value
|
link_to_user value
|
||||||
|
|
|
@ -27,6 +27,6 @@ module ReportsHelper
|
||||||
|
|
||||||
def aggregate_link(data, criteria, *args)
|
def aggregate_link(data, criteria, *args)
|
||||||
a = aggregate data, criteria
|
a = aggregate data, criteria
|
||||||
a > 0 ? link_to(a, *args) : '-'
|
a > 0 ? link_to(h(a), *args) : '-'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -83,7 +83,7 @@ module RepositoriesHelper
|
||||||
if s = tree[file][:s]
|
if s = tree[file][:s]
|
||||||
style << ' folder'
|
style << ' folder'
|
||||||
path_param = to_path_param(@repository.relative_path(file))
|
path_param = to_path_param(@repository.relative_path(file))
|
||||||
text = link_to(text, :controller => 'repositories',
|
text = link_to(h(text), :controller => 'repositories',
|
||||||
:action => 'show',
|
:action => 'show',
|
||||||
:id => @project,
|
:id => @project,
|
||||||
:path => path_param,
|
:path => path_param,
|
||||||
|
@ -93,18 +93,18 @@ module RepositoriesHelper
|
||||||
elsif c = tree[file][:c]
|
elsif c = tree[file][:c]
|
||||||
style << " change-#{c.action}"
|
style << " change-#{c.action}"
|
||||||
path_param = to_path_param(@repository.relative_path(c.path))
|
path_param = to_path_param(@repository.relative_path(c.path))
|
||||||
text = link_to(text, :controller => 'repositories',
|
text = link_to(h(text), :controller => 'repositories',
|
||||||
:action => 'entry',
|
:action => 'entry',
|
||||||
:id => @project,
|
:id => @project,
|
||||||
:path => path_param,
|
:path => path_param,
|
||||||
:rev => @changeset.identifier) unless c.action == 'D'
|
:rev => @changeset.identifier) unless c.action == 'D'
|
||||||
text << " - #{c.revision}" unless c.revision.blank?
|
text << " - #{h(c.revision)}" unless c.revision.blank?
|
||||||
text << ' (' + link_to('diff', :controller => 'repositories',
|
text << ' (' + link_to('diff', :controller => 'repositories',
|
||||||
:action => 'diff',
|
:action => 'diff',
|
||||||
:id => @project,
|
:id => @project,
|
||||||
:path => path_param,
|
:path => path_param,
|
||||||
:rev => @changeset.identifier) + ') ' if c.action == 'M'
|
:rev => @changeset.identifier) + ') ' if c.action == 'M'
|
||||||
text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
|
text << ' ' + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank?
|
||||||
output << "<li class='#{style}'>#{text}</li>"
|
output << "<li class='#{style}'>#{text}</li>"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -53,7 +53,7 @@ module SearchHelper
|
||||||
c = results_by_type[t]
|
c = results_by_type[t]
|
||||||
next if c == 0
|
next if c == 0
|
||||||
text = "#{type_label(t)} (#{c})"
|
text = "#{type_label(t)} (#{c})"
|
||||||
links << link_to(text, :q => params[:q], :titles_only => params[:title_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
|
links << link_to(h(text), :q => params[:q], :titles_only => params[:title_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
|
||||||
end
|
end
|
||||||
('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
|
('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
|
||||||
end
|
end
|
||||||
|
|
|
@ -218,7 +218,7 @@ module SortHelper
|
||||||
# Add project_id to url_options
|
# Add project_id to url_options
|
||||||
url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)
|
url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)
|
||||||
|
|
||||||
link_to_content_update(caption, url_options, :class => css)
|
link_to_content_update(h(caption), url_options, :class => css)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns a table header <th> tag with a sort link for the named column
|
# Returns a table header <th> tag with a sort link for the named column
|
||||||
|
|
|
@ -125,7 +125,7 @@ module TimelogHelper
|
||||||
elsif k = @available_criterias[criteria][:klass]
|
elsif k = @available_criterias[criteria][:klass]
|
||||||
obj = k.find_by_id(value.to_i)
|
obj = k.find_by_id(value.to_i)
|
||||||
if obj.is_a?(Issue)
|
if obj.is_a?(Issue)
|
||||||
obj.visible? ? "#{obj.tracker} ##{obj.id}: #{obj.subject}" : "##{obj.id}"
|
obj.visible? ? h("#{obj.tracker} ##{obj.id}: #{obj.subject}") : h("##{obj.id}")
|
||||||
else
|
else
|
||||||
obj
|
obj
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
<%= content_tag('span', h(e.project), :class => 'project') if @project.nil? || @project != e.project %>
|
<%= content_tag('span', h(e.project), :class => 'project') if @project.nil? || @project != e.project %>
|
||||||
<%= link_to format_activity_title(e.event_title), e.event_url %></dt>
|
<%= link_to format_activity_title(e.event_title), e.event_url %></dt>
|
||||||
<dd><span class="description"><%= format_activity_description(e.event_description) %></span>
|
<dd><span class="description"><%= format_activity_description(e.event_description) %></span>
|
||||||
<span class="author"><%= e.event_author if e.respond_to?(:event_author) %></span></dd>
|
<span class="author"><%= link_to_user(e.event_author) if e.respond_to?(:event_author) %></span></dd>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
</dl>
|
</dl>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
:title => l(:button_delete) %>
|
:title => l(:button_delete) %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% if options[:author] %>
|
<% if options[:author] %>
|
||||||
<span class="author"><%= attachment.author %>, <%= format_time(attachment.created_on) %></span>
|
<span class="author"><%= h(attachment.author) %>, <%= format_time(attachment.created_on) %></span>
|
||||||
<% end %>
|
<% end %>
|
||||||
</p>
|
</p>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<div class="attachments">
|
<div class="attachments">
|
||||||
<p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
|
<p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
|
||||||
<span class="author"><%= @attachment.author %>, <%= format_time(@attachment.created_on) %></span></p>
|
<span class="author"><%= link_to_user(@attachment.author) %>, <%= format_time(@attachment.created_on) %></span></p>
|
||||||
<p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
|
<p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
|
||||||
<span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
|
<span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
<%= render :partial => 'common/diff', :locals => {:diff => @diff, :diff_type => @diff_type} %>
|
<%= render :partial => 'common/diff', :locals => {:diff => @diff, :diff_type => @diff_type} %>
|
||||||
|
|
||||||
<% html_title @attachment.filename %>
|
<% html_title h(@attachment.filename) %>
|
||||||
|
|
||||||
<% content_for :header_tags do -%>
|
<% content_for :header_tags do -%>
|
||||||
<%= stylesheet_link_tag "scm" -%>
|
<%= stylesheet_link_tag "scm" -%>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<div class="attachments">
|
<div class="attachments">
|
||||||
<p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
|
<p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
|
||||||
<span class="author"><%= @attachment.author %>, <%= format_time(@attachment.created_on) %></span></p>
|
<span class="author"><%= link_to_user(@attachment.author) %>, <%= format_time(@attachment.created_on) %></span></p>
|
||||||
<p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
|
<p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
|
||||||
<span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
|
<span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
<%= render :partial => 'common/file', :locals => {:content => @content, :filename => @attachment.filename} %>
|
<%= render :partial => 'common/file', :locals => {:content => @content, :filename => @attachment.filename} %>
|
||||||
|
|
||||||
<% html_title @attachment.filename %>
|
<% html_title h(@attachment.filename) %>
|
||||||
|
|
||||||
<% content_for :header_tags do -%>
|
<% content_for :header_tags do -%>
|
||||||
<%= stylesheet_link_tag "scm" -%>
|
<%= stylesheet_link_tag "scm" -%>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<h2><%=l(:label_auth_source)%> (<%= @auth_source.auth_method_name %>)</h2>
|
<h2><%=l(:label_auth_source)%> (<%= h(@auth_source.auth_method_name) %>)</h2>
|
||||||
|
|
||||||
<% form_tag({:action => 'update', :id => @auth_source}, :class => "tabular") do %>
|
<% form_tag({:action => 'update', :id => @auth_source}, :class => "tabular") do %>
|
||||||
<%= render :partial => 'form' %>
|
<%= render :partial => 'form' %>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<h2><%=l(:label_auth_source_new)%> (<%= @auth_source.auth_method_name %>)</h2>
|
<h2><%=l(:label_auth_source_new)%> (<%= h(@auth_source.auth_method_name) %>)</h2>
|
||||||
|
|
||||||
<% form_tag({:action => 'create'}, :class => "tabular") do %>
|
<% form_tag({:action => 'create'}, :class => "tabular") do %>
|
||||||
<%= render :partial => 'form' %>
|
<%= render :partial => 'form' %>
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
<% @topics.each do |topic| %>
|
<% @topics.each do |topic| %>
|
||||||
<tr class="message <%= cycle 'odd', 'even' %> <%= topic.sticky? ? 'sticky' : '' %> <%= topic.locked? ? 'locked' : '' %>">
|
<tr class="message <%= cycle 'odd', 'even' %> <%= topic.sticky? ? 'sticky' : '' %> <%= topic.locked? ? 'locked' : '' %>">
|
||||||
<td class="subject"><%= link_to h(topic.subject), { :controller => 'messages', :action => 'show', :board_id => @board, :id => topic } %></td>
|
<td class="subject"><%= link_to h(topic.subject), { :controller => 'messages', :action => 'show', :board_id => @board, :id => topic } %></td>
|
||||||
<td class="author" align="center"><%= topic.author %></td>
|
<td class="author" align="center"><%= link_to_user(topic.author) %></td>
|
||||||
<td class="created_on" align="center"><%= format_time(topic.created_on) %></td>
|
<td class="created_on" align="center"><%= format_time(topic.created_on) %></td>
|
||||||
<td class="replies" align="center"><%= topic.replies_count %></td>
|
<td class="replies" align="center"><%= topic.replies_count %></td>
|
||||||
<td class="last_message">
|
<td class="last_message">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<% if diff.diff_type == 'sbs' -%>
|
<% if diff.diff_type == 'sbs' -%>
|
||||||
<table class="filecontent">
|
<table class="filecontent">
|
||||||
<thead>
|
<thead>
|
||||||
<tr><th colspan="4" class="filename"><%=to_utf8_for_attachments table_file.file_name %></th></tr>
|
<tr><th colspan="4" class="filename"><%= h(to_utf8_for_attachments(table_file.file_name)) %></th></tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<% table_file.each_line do |spacing, line| -%>
|
<% table_file.each_line do |spacing, line| -%>
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
<% else -%>
|
<% else -%>
|
||||||
<table class="filecontent">
|
<table class="filecontent">
|
||||||
<thead>
|
<thead>
|
||||||
<tr><th colspan="3" class="filename"><%=to_utf8_for_attachments table_file.file_name %></th></tr>
|
<tr><th colspan="3" class="filename"><%= h(to_utf8_for_attachments(table_file.file_name)) %></th></tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<% table_file.each_line do |spacing, line| %>
|
<% table_file.each_line do |spacing, line| %>
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
<p id="errorExplanation"><%=h @message %></p>
|
<p id="errorExplanation"><%=h @message %></p>
|
||||||
<p><a href="javascript:history.back()">Back</a></p>
|
<p><a href="javascript:history.back()">Back</a></p>
|
||||||
|
|
||||||
<% html_title @status %>
|
<% html_title h(@status) %>
|
||||||
|
|
|
@ -82,7 +82,7 @@ when "IssueCustomField" %>
|
||||||
|
|
||||||
<fieldset><legend><%=l(:label_tracker_plural)%></legend>
|
<fieldset><legend><%=l(:label_tracker_plural)%></legend>
|
||||||
<% for tracker in @trackers %>
|
<% for tracker in @trackers %>
|
||||||
<%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%= tracker.name %>
|
<%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%= h(tracker.name) %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<%= hidden_field_tag "custom_field[tracker_ids][]", '' %>
|
<%= hidden_field_tag "custom_field[tracker_ids][]", '' %>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% (@custom_fields_by_type[tab[:name]] || []).sort.each do |custom_field| -%>
|
<% (@custom_fields_by_type[tab[:name]] || []).sort.each do |custom_field| -%>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to custom_field.name, :action => 'edit', :id => custom_field %></td>
|
<td><%= link_to h(custom_field.name), :action => 'edit', :id => custom_field %></td>
|
||||||
<td align="center"><%= l(Redmine::CustomFieldFormat.label_for(custom_field.field_format)) %></td>
|
<td align="center"><%= l(Redmine::CustomFieldFormat.label_for(custom_field.field_format)) %></td>
|
||||||
<td align="center"><%= checked_image custom_field.is_required? %></td>
|
<td align="center"><%= checked_image custom_field.is_required? %></td>
|
||||||
<% if tab[:name] == 'IssueCustomField' %>
|
<% if tab[:name] == 'IssueCustomField' %>
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title @document.title -%>
|
<% html_title h(@document.title) -%>
|
||||||
|
|
||||||
<% content_for :header_tags do %>
|
<% content_for :header_tags do %>
|
||||||
<%= stylesheet_link_tag 'scm' %>
|
<%= stylesheet_link_tag 'scm' %>
|
||||||
|
|
|
@ -101,7 +101,7 @@ height = (show_weeks ? header_heigth : header_heigth + g_height)
|
||||||
width = ((month_f >> 1) - month_f) * zoom - 1
|
width = ((month_f >> 1) - month_f) * zoom - 1
|
||||||
%>
|
%>
|
||||||
<div style="left:<%= left %>px;width:<%= width %>px;height:<%= height %>px;" class="gantt_hdr">
|
<div style="left:<%= left %>px;width:<%= width %>px;height:<%= height %>px;" class="gantt_hdr">
|
||||||
<%= link_to "#{month_f.year}-#{month_f.month}", @gantt.params.merge(:year => month_f.year, :month => month_f.month), :title => "#{month_name(month_f.month)} #{month_f.year}"%>
|
<%= link_to h("#{month_f.year}-#{month_f.month}"), @gantt.params.merge(:year => month_f.year, :month => month_f.month), :title => "#{month_name(month_f.month)} #{month_f.year}"%>
|
||||||
</div>
|
</div>
|
||||||
<%
|
<%
|
||||||
left = left + width + 1
|
left = left + width + 1
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for status in @issue_statuses %>
|
<% for status in @issue_statuses %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to status.name, :action => 'edit', :id => status %></td>
|
<td><%= link_to h(status.name), :action => 'edit', :id => status %></td>
|
||||||
<% if Issue.use_status_for_done_ratio? %>
|
<% if Issue.use_status_for_done_ratio? %>
|
||||||
<td align="center"><%= h status.default_done_ratio %></td>
|
<td align="center"><%= h status.default_done_ratio %></td>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<% if @issue.new_record? || @allowed_statuses.any? %>
|
<% if @issue.new_record? || @allowed_statuses.any? %>
|
||||||
<p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p>
|
<p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p>
|
||||||
<% else %>
|
<% else %>
|
||||||
<p><label><%= l(:field_status) %></label> <%= @issue.status.name %></p>
|
<p><label><%= l(:field_status) %></label> <%= h(@issue.status.name) %></p>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p>
|
<p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p>
|
||||||
|
|
|
@ -9,10 +9,10 @@
|
||||||
</tr></thead>
|
</tr></thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for issue in issues %>
|
<% for issue in issues %>
|
||||||
<tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %>">
|
<tr id="issue-<%= h(issue.id) %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %>">
|
||||||
<td class="id">
|
<td class="id">
|
||||||
<%= check_box_tag("ids[]", issue.id, false, :style => 'display:none;') %>
|
<%= check_box_tag("ids[]", issue.id, false, :style => 'display:none;') %>
|
||||||
<%= link_to issue.id, :controller => 'issues', :action => 'show', :id => issue %>
|
<%= link_to(h(issue.id), :controller => 'issues', :action => 'show', :id => issue) %>
|
||||||
</td>
|
</td>
|
||||||
<td class="project"><%= link_to_project(issue.project) %></td>
|
<td class="project"><%= link_to_project(issue.project) %></td>
|
||||||
<td class="tracker"><%=h issue.tracker %></td>
|
<td class="tracker"><%=h issue.tracker %></td>
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
<%= h(relation.other_issue(@issue).project) + ' - ' if Setting.cross_project_issue_relations? %>
|
<%= h(relation.other_issue(@issue).project) + ' - ' if Setting.cross_project_issue_relations? %>
|
||||||
<%= link_to_issue(relation.other_issue(@issue), :truncate => 60) %>
|
<%= link_to_issue(relation.other_issue(@issue), :truncate => 60) %>
|
||||||
</td>
|
</td>
|
||||||
<td><%= relation.other_issue(@issue).status.name %></td>
|
<td><%= h(relation.other_issue(@issue).status.name) %></td>
|
||||||
<td><%= format_date(relation.other_issue(@issue).start_date) %></td>
|
<td><%= format_date(relation.other_issue(@issue).start_date) %></td>
|
||||||
<td><%= format_date(relation.other_issue(@issue).due_date) %></td>
|
<td><%= format_date(relation.other_issue(@issue).due_date) %></td>
|
||||||
<td><%= link_to_remote(image_tag('delete.png'), { :url => {:controller => 'issue_relations', :action => 'destroy', :issue_id => @issue, :id => relation},
|
<td><%= link_to_remote(image_tag('delete.png'), { :url => {:controller => 'issue_relations', :action => 'destroy', :issue_id => @issue, :id => relation},
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%= @query.new_record? ? l(:label_issue_plural) : h(@query.name) %></h2>
|
<h2><%= @query.new_record? ? l(:label_issue_plural) : h(@query.name) %></h2>
|
||||||
<% html_title(@query.new_record? ? l(:label_issue_plural) : @query.name) %>
|
<% html_title(@query.new_record? ? l(:label_issue_plural) : h(@query.name)) %>
|
||||||
|
|
||||||
<% form_tag({ :controller => 'queries', :action => 'new' }, :id => 'query_form') do %>
|
<% form_tag({ :controller => 'queries', :action => 'new' }, :id => 'query_form') do %>
|
||||||
<%= hidden_field_tag('project_id', @project.to_param) if @project %>
|
<%= hidden_field_tag('project_id', @project.to_param) if @project %>
|
||||||
|
|
|
@ -113,7 +113,7 @@
|
||||||
<%= f.link_to 'PDF' %>
|
<%= f.link_to 'PDF' %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title "#{@issue.tracker.name} ##{@issue.id}: #{@issue.subject}" %>
|
<% html_title h("#{@issue.tracker.name} ##{@issue.id}: #{@issue.subject}") %>
|
||||||
|
|
||||||
<% content_for :sidebar do %>
|
<% content_for :sidebar do %>
|
||||||
<%= render :partial => 'issues/sidebar' %>
|
<%= render :partial => 'issues/sidebar' %>
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
<p><%= l(:notice_account_activated) %></p>
|
<p><%= l(:notice_account_activated) %></p>
|
||||||
<p><%= l(:label_login) %>: <%= link_to @login_url, @login_url %></p>
|
<p><%= l(:label_login) %>: <%= link_to h(@login_url), @login_url %></p>
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
<p><%= l(:mail_body_account_activation_request, h(@user.login)) %></p>
|
<p><%= l(:mail_body_account_activation_request, h(@user.login)) %></p>
|
||||||
<p><%= link_to @url, @url %></p>
|
<p><%= link_to h(@url), @url %></p>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<%= link_to @added_to, @added_to_url %><br />
|
<%= link_to h(@added_to), @added_to_url %><br />
|
||||||
|
|
||||||
<ul><% @attachments.each do |attachment | %>
|
<ul><% @attachments.each do |attachment | %>
|
||||||
<li><%=h attachment.filename %></li>
|
<li><%=h attachment.filename %></li>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<% @issues.each do |issue| -%>
|
<% @issues.each do |issue| -%>
|
||||||
<li><%=h issue.project %> - <%=link_to("#{issue.tracker} ##{issue.id}", :controller => 'issues', :action => 'show', :id => issue, :only_path => false)%>: <%=h issue.subject %></li>
|
<li><%=h issue.project %> - <%=link_to(h("#{issue.tracker} ##{issue.id}"), :controller => 'issues', :action => 'show', :id => issue, :only_path => false)%>: <%=h issue.subject %></li>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
<em><%=h @wiki_content.comments %></em></p>
|
<em><%=h @wiki_content.comments %></em></p>
|
||||||
|
|
||||||
<p><%= l(:label_view_diff) %>:<br />
|
<p><%= l(:label_view_diff) %>:<br />
|
||||||
<%= link_to @wiki_diff_url, @wiki_diff_url %></p>
|
<%= link_to h(@wiki_diff_url), @wiki_diff_url %></p>
|
||||||
|
|
|
@ -63,7 +63,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title @news.title -%>
|
<% html_title h(@news.title) -%>
|
||||||
|
|
||||||
<% content_for :header_tags do %>
|
<% content_for :header_tags do %>
|
||||||
<%= stylesheet_link_tag 'scm' %>
|
<%= stylesheet_link_tag 'scm' %>
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
<% @trackers.each do |tracker| %>
|
<% @trackers.each do |tracker| %>
|
||||||
<label class="floating">
|
<label class="floating">
|
||||||
<%= check_box_tag 'project[tracker_ids][]', tracker.id, @project.trackers.include?(tracker) %>
|
<%= check_box_tag 'project[tracker_ids][]', tracker.id, @project.trackers.include?(tracker) %>
|
||||||
<%= tracker %>
|
<%= h(tracker) %>
|
||||||
</label>
|
</label>
|
||||||
<% end %>
|
<% end %>
|
||||||
<%= hidden_field_tag 'project[tracker_ids][]', '' %>
|
<%= hidden_field_tag 'project[tracker_ids][]', '' %>
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
<% @issue_custom_fields.each do |custom_field| %>
|
<% @issue_custom_fields.each do |custom_field| %>
|
||||||
<label class="floating">
|
<label class="floating">
|
||||||
<%= check_box_tag 'project[issue_custom_field_ids][]', custom_field.id, (@project.all_issue_custom_fields.include? custom_field), (custom_field.is_for_all? ? {:disabled => "disabled"} : {}) %>
|
<%= check_box_tag 'project[issue_custom_field_ids][]', custom_field.id, (@project.all_issue_custom_fields.include? custom_field), (custom_field.is_for_all? ? {:disabled => "disabled"} : {}) %>
|
||||||
<%= custom_field.name %>
|
<%= h(custom_field.name) %>
|
||||||
</label>
|
</label>
|
||||||
<% end %>
|
<% end %>
|
||||||
<%= hidden_field_tag 'project[issue_custom_field_ids][]', '' %>
|
<%= hidden_field_tag 'project[issue_custom_field_ids][]', '' %>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
<% members = @members.group_by {|m| m.role } %>
|
<% members = @members.group_by {|m| m.role } %>
|
||||||
<% members.keys.sort{|x,y| x.position <=> y.position}.each do |role| %>
|
<% members.keys.sort{|x,y| x.position <=> y.position}.each do |role| %>
|
||||||
<h3><%= role.name %></h3>
|
<h3><%= h(role.name) %></h3>
|
||||||
<ul>
|
<ul>
|
||||||
<% members[role].each do |m| %>
|
<% members[role].each do |m| %>
|
||||||
<li><%= link_to_user m.user %> (<%= format_date m.created_on %>)</li>
|
<li><%= link_to_user m.user %> (<%= format_date m.created_on %>)</li>
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
<% @project.visible_custom_field_values.each do |custom_value| %>
|
<% @project.visible_custom_field_values.each do |custom_value| %>
|
||||||
<% if !custom_value.value.blank? %>
|
<% if !custom_value.value.blank? %>
|
||||||
<li><%= custom_value.custom_field.name%>: <%=h show_value(custom_value) %></li>
|
<li><%= h(custom_value.custom_field.name) %>: <%=h show_value(custom_value) %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
<h3><%=l(:label_issue_tracking)%></h3>
|
<h3><%=l(:label_issue_tracking)%></h3>
|
||||||
<ul>
|
<ul>
|
||||||
<% for tracker in @trackers %>
|
<% for tracker in @trackers %>
|
||||||
<li><%= link_to tracker.name, :controller => 'issues', :action => 'index', :project_id => @project,
|
<li><%= link_to h(tracker.name), :controller => 'issues', :action => 'index', :project_id => @project,
|
||||||
:set_filter => 1,
|
:set_filter => 1,
|
||||||
"tracker_id" => tracker.id %>:
|
"tracker_id" => tracker.id %>:
|
||||||
<%= l(:label_x_open_issues_abbr_on_total, :count => @open_issues_by_tracker[tracker].to_i,
|
<%= l(:label_x_open_issues_abbr_on_total, :count => @open_issues_by_tracker[tracker].to_i,
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
<% @queries.each do |query| %>
|
<% @queries.each do |query| %>
|
||||||
<tr class="<%= cycle('odd', 'even') %>">
|
<tr class="<%= cycle('odd', 'even') %>">
|
||||||
<td>
|
<td>
|
||||||
<%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %>
|
<%= link_to h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %>
|
||||||
</td>
|
</td>
|
||||||
<td align="right">
|
<td align="right">
|
||||||
<small>
|
<small>
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<thead><tr>
|
<thead><tr>
|
||||||
<th style="width:25%"></th>
|
<th style="width:25%"></th>
|
||||||
<% for status in @statuses %>
|
<% for status in @statuses %>
|
||||||
<th style="width:<%= col_width %>%"><%= status.name %></th>
|
<th style="width:<%= col_width %>%"><%= h(status.name) %></th>
|
||||||
<% end %>
|
<% end %>
|
||||||
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_open_issues_plural)%></strong></th>
|
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_open_issues_plural)%></strong></th>
|
||||||
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_closed_issues_plural)%></strong></th>
|
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_closed_issues_plural)%></strong></th>
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for row in rows %>
|
<% for row in rows %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
|
<td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
|
||||||
:set_filter => 1,
|
:set_filter => 1,
|
||||||
:subproject_id => '!*',
|
:subproject_id => '!*',
|
||||||
"#{field_name}" => row.id %></td>
|
"#{field_name}" => row.id %></td>
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for row in rows %>
|
<% for row in rows %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
|
<td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
|
||||||
:set_filter => 1,
|
:set_filter => 1,
|
||||||
:subproject_id => '!*',
|
:subproject_id => '!*',
|
||||||
"#{field_name}" => row.id %></td>
|
"#{field_name}" => row.id %></td>
|
||||||
|
|
|
@ -25,4 +25,4 @@ dirs.each do |dir|
|
||||||
%>
|
%>
|
||||||
<%= "@ #{h rev_text}" unless rev_text.blank? %>
|
<%= "@ #{h rev_text}" unless rev_text.blank? %>
|
||||||
|
|
||||||
<% html_title(with_leading_slash(path)) -%>
|
<% html_title(h(with_leading_slash(path))) -%>
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
depth = params[:depth].to_i %>
|
depth = params[:depth].to_i %>
|
||||||
<% ent_path = replace_invalid_utf8(entry.path) %>
|
<% ent_path = replace_invalid_utf8(entry.path) %>
|
||||||
<% ent_name = replace_invalid_utf8(entry.name) %>
|
<% ent_name = replace_invalid_utf8(entry.name) %>
|
||||||
<tr id="<%= tr_id %>" class="<%= h params[:parent_id] %> entry <%= entry.kind %>">
|
<tr id="<%= tr_id %>" class="<%= h params[:parent_id] %> entry <%= h(entry.kind) %>">
|
||||||
<td style="padding-left: <%=18 * depth%>px;" class="filename">
|
<td style="padding-left: <%=18 * depth%>px;" class="filename">
|
||||||
<% if entry.is_dir? %>
|
<% if entry.is_dir? %>
|
||||||
<span class="expander" onclick="<%= remote_function :url => {:action => 'show', :id => @project, :path => to_path_param(ent_path), :rev => @rev, :depth => (depth + 1), :parent_id => tr_id},
|
<span class="expander" onclick="<%= remote_function :url => {:action => 'show', :id => @project, :path => to_path_param(ent_path), :rev => @rev, :depth => (depth + 1), :parent_id => tr_id},
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
<% changeset = @project.repository.find_changeset_by_name(entry.lastrev.identifier) if entry.lastrev && entry.lastrev.identifier %>
|
<% changeset = @project.repository.find_changeset_by_name(entry.lastrev.identifier) if entry.lastrev && entry.lastrev.identifier %>
|
||||||
<td class="revision"><%= link_to_revision(changeset, @project) if changeset %></td>
|
<td class="revision"><%= link_to_revision(changeset, @project) if changeset %></td>
|
||||||
<td class="age"><%= distance_of_time_in_words(entry.lastrev.time, Time.now) if entry.lastrev && entry.lastrev.time %></td>
|
<td class="age"><%= distance_of_time_in_words(entry.lastrev.time, Time.now) if entry.lastrev && entry.lastrev.time %></td>
|
||||||
<td class="author"><%= changeset.nil? ? h(replace_invalid_utf8(entry.lastrev.author.to_s.split('<').first)) : changeset.author if entry.lastrev %></td>
|
<td class="author"><%= changeset.nil? ? h(replace_invalid_utf8(entry.lastrev.author.to_s.split('<').first)) : h(changeset.author) if entry.lastrev %></td>
|
||||||
<td class="comments"><%=h truncate(Changeset.to_utf8(changeset.comments, changeset.repository.repo_log_encoding), :length => 50) unless changeset.nil? %></td>
|
<td class="comments"><%=h truncate(Changeset.to_utf8(changeset.comments, changeset.repository.repo_log_encoding), :length => 50) unless changeset.nil? %></td>
|
||||||
</tr>
|
</tr>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
<%= f.link_to 'Diff', :url => params, :caption => 'Unified diff' %>
|
<%= f.link_to 'Diff', :url => params, :caption => 'Unified diff' %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title(with_leading_slash(@path), 'Diff') -%>
|
<% html_title(h(with_leading_slash(@path)), 'Diff') -%>
|
||||||
|
|
||||||
<% content_for :header_tags do %>
|
<% content_for :header_tags do %>
|
||||||
<%= stylesheet_link_tag "scm" %>
|
<%= stylesheet_link_tag "scm" %>
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
<h2><%= l(:label_revision) %> <%= format_revision(@changeset) %></h2>
|
<h2><%= l(:label_revision) %> <%= format_revision(@changeset) %></h2>
|
||||||
|
|
||||||
<p><% if @changeset.scmid %>ID: <%= @changeset.scmid %><br /><% end %>
|
<p><% if @changeset.scmid %>ID: <%= h(@changeset.scmid) %><br /><% end %>
|
||||||
<span class="author"><%= authoring(@changeset.committed_on, @changeset.author) %></span></p>
|
<span class="author"><%= authoring(@changeset.committed_on, @changeset.author) %></span></p>
|
||||||
|
|
||||||
<%= textilizable @changeset.comments %>
|
<%= textilizable @changeset.comments %>
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for role in @roles %>
|
<% for role in @roles %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(role.name, :action => 'edit', :id => role)) %></td>
|
<td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(h(role.name), :action => 'edit', :id => role)) %></td>
|
||||||
<td align="center" style="width:15%;">
|
<td align="center" style="width:15%;">
|
||||||
<% unless role.builtin? %>
|
<% unless role.builtin? %>
|
||||||
<%= reorder_links('role', {:action => 'edit', :id => role}) %>
|
<%= reorder_links('role', {:action => 'edit', :id => role}) %>
|
||||||
|
|
|
@ -31,9 +31,9 @@
|
||||||
<% @results.each do |e| %>
|
<% @results.each do |e| %>
|
||||||
<dt class="<%= e.event_type %>">
|
<dt class="<%= e.event_type %>">
|
||||||
<%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %>
|
<%= content_tag('span', h(e.project), :class => 'project') unless @project == e.project %>
|
||||||
<%= link_to highlight_tokens(truncate(e.event_title, :length => 255), @tokens), e.event_url %>
|
<%= link_to highlight_tokens(truncate(h(e.event_title), :length => 255), @tokens), e.event_url %>
|
||||||
</dt>
|
</dt>
|
||||||
<dd><span class="description"><%= highlight_tokens(e.event_description, @tokens) %></span>
|
<dd><span class="description"><%= highlight_tokens(h(e.event_description), @tokens) %></span>
|
||||||
<span class="author"><%= format_time(e.event_datetime) %></span></dd>
|
<span class="author"><%= format_time(e.event_datetime) %></span></dd>
|
||||||
<% end %>
|
<% end %>
|
||||||
</dl>
|
</dl>
|
||||||
|
|
|
@ -15,9 +15,9 @@
|
||||||
<% entries.each do |entry| -%>
|
<% entries.each do |entry| -%>
|
||||||
<tr class="time-entry <%= cycle("odd", "even") %>">
|
<tr class="time-entry <%= cycle("odd", "even") %>">
|
||||||
<td class="spent_on"><%= format_date(entry.spent_on) %></td>
|
<td class="spent_on"><%= format_date(entry.spent_on) %></td>
|
||||||
<td class="user"><%=h entry.user %></td>
|
<td class="user"><%= link_to_user(entry.user) %></td>
|
||||||
<td class="activity"><%=h entry.activity %></td>
|
<td class="activity"><%=h entry.activity %></td>
|
||||||
<td class="project"><%=h entry.project %></td>
|
<td class="project"><%= link_to_project(entry.project) %></td>
|
||||||
<td class="subject">
|
<td class="subject">
|
||||||
<% if entry.issue -%>
|
<% if entry.issue -%>
|
||||||
<%= entry.issue.visible? ? link_to_issue(entry.issue, :truncate => 50) : "##{entry.issue.id}" -%>
|
<%= entry.issue.visible? ? link_to_issue(entry.issue, :truncate => 50) : "##{entry.issue.id}" -%>
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
<tbody>
|
<tbody>
|
||||||
<% for tracker in @trackers %>
|
<% for tracker in @trackers %>
|
||||||
<tr class="<%= cycle("odd", "even") %>">
|
<tr class="<%= cycle("odd", "even") %>">
|
||||||
<td><%= link_to tracker.name, :action => 'edit', :id => tracker %></td>
|
<td><%= link_to h(tracker.name), :action => 'edit', :id => tracker %></td>
|
||||||
<td align="center"><% unless tracker.workflows.count > 0 %><span class="icon icon-warning"><%= l(:text_tracker_no_workflow) %> (<%= link_to l(:button_edit), {:controller => 'workflows', :action => 'edit', :tracker_id => tracker} %>)</span><% end %></td>
|
<td align="center"><% unless tracker.workflows.count > 0 %><span class="icon icon-warning"><%= l(:text_tracker_no_workflow) %> (<%= link_to l(:button_edit), {:controller => 'workflows', :action => 'edit', :tracker_id => tracker} %>)</span><% end %></td>
|
||||||
<td align="center" style="width:15%;"><%= reorder_links('tracker', {:action => 'edit', :id => tracker}) %></td>
|
<td align="center" style="width:15%;"><%= reorder_links('tracker', {:action => 'edit', :id => tracker}) %></td>
|
||||||
<td class="buttons">
|
<td class="buttons">
|
||||||
|
|
|
@ -7,4 +7,4 @@
|
||||||
|
|
||||||
<%= render_tabs user_settings_tabs %>
|
<%= render_tabs user_settings_tabs %>
|
||||||
|
|
||||||
<% html_title(l(:label_user), @user.login, l(:label_administration)) -%>
|
<% html_title(l(:label_user), h(@user.login), l(:label_administration)) -%>
|
||||||
|
|
|
@ -70,4 +70,4 @@
|
||||||
<%= call_hook :view_account_right_bottom, :user => @user %>
|
<%= call_hook :view_account_right_bottom, :user => @user %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<% html_title @user.name %>
|
<% html_title h(@user.name) %>
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<% counts.each do |count| %>
|
<% counts.each do |count| %>
|
||||||
<tr>
|
<tr>
|
||||||
<td width="130px" align="right" >
|
<td width="130px" align="right" >
|
||||||
<%= link_to count[:group], {:controller => 'issues',
|
<%= link_to h(count[:group]), {:controller => 'issues',
|
||||||
:action => 'index',
|
:action => 'index',
|
||||||
:project_id => version.project,
|
:project_id => version.project,
|
||||||
:set_filter => 1,
|
:set_filter => 1,
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<% else %>
|
<% else %>
|
||||||
<div id="roadmap">
|
<div id="roadmap">
|
||||||
<% @versions.each do |version| %>
|
<% @versions.each do |version| %>
|
||||||
<h3 class="version"><%= tag 'a', :name => version.name %><%= link_to_version version %></h3>
|
<h3 class="version"><%= tag 'a', :name => h(version.name) %><%= link_to_version version %></h3>
|
||||||
<%= render :partial => 'versions/overview', :locals => {:version => version} %>
|
<%= render :partial => 'versions/overview', :locals => {:version => version} %>
|
||||||
<%= render(:partial => "wiki/content", :locals => {:content => version.wiki_page.content}) if version.wiki_page %>
|
<%= render(:partial => "wiki/content", :locals => {:content => version.wiki_page.content}) if version.wiki_page %>
|
||||||
|
|
||||||
|
|
|
@ -46,4 +46,4 @@
|
||||||
|
|
||||||
<%= call_hook :view_versions_show_bottom, :version => @version %>
|
<%= call_hook :view_versions_show_bottom, :version => @version %>
|
||||||
|
|
||||||
<% html_title @version.name %>
|
<% html_title h(@version.name) %>
|
||||||
|
|
|
@ -3,11 +3,11 @@
|
||||||
<%= link_to(l(:label_history), {:action => 'history', :id => @page.title}, :class => 'icon icon-history') %>
|
<%= link_to(l(:label_history), {:action => 'history', :id => @page.title}, :class => 'icon icon-history') %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%= @page.pretty_title %></h2>
|
<h2><%= h(@page.pretty_title) %></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<%= l(:label_version) %> <%= link_to @annotate.content.version, :action => 'show', :id => @page.title, :version => @annotate.content.version %>
|
<%= l(:label_version) %> <%= link_to h(@annotate.content.version), :action => 'show', :id => @page.title, :version => @annotate.content.version %>
|
||||||
<em>(<%= @annotate.content.author ? @annotate.content.author.name : "anonyme" %>, <%= format_time(@annotate.content.updated_on) %>)</em>
|
<em>(<%= h(@annotate.content.author ? @annotate.content.author.name : "anonyme") %>, <%= format_time(@annotate.content.updated_on) %>)</em>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<% colors = Hash.new {|k,v| k[v] = (k.size % 12) } %>
|
<% colors = Hash.new {|k,v| k[v] = (k.size % 12) } %>
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
<h3><%= format_date(date) %></h3>
|
<h3><%= format_date(date) %></h3>
|
||||||
<ul>
|
<ul>
|
||||||
<% @pages_by_date[date].each do |page| %>
|
<% @pages_by_date[date].each do |page| %>
|
||||||
<li><%= link_to page.pretty_title, :action => 'show', :id => page.title, :project_id => page.project %></li>
|
<li><%= link_to h(page.pretty_title), :action => 'show', :id => page.title, :project_id => page.project %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
|
@ -2,14 +2,14 @@
|
||||||
<%= link_to(l(:label_history), {:action => 'history', :id => @page.title}, :class => 'icon icon-history') %>
|
<%= link_to(l(:label_history), {:action => 'history', :id => @page.title}, :class => 'icon icon-history') %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2><%= @page.pretty_title %></h2>
|
<h2><%= h(@page.pretty_title) %></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<%= l(:label_version) %> <%= link_to @diff.content_from.version, :action => 'show', :id => @page.title, :project_id => @page.project, :version => @diff.content_from.version %>
|
<%= l(:label_version) %> <%= link_to @diff.content_from.version, :action => 'show', :id => @page.title, :project_id => @page.project, :version => @diff.content_from.version %>
|
||||||
<em>(<%= @diff.content_from.author ? @diff.content_from.author.name : "anonyme" %>, <%= format_time(@diff.content_from.updated_on) %>)</em>
|
<em>(<%= @diff.content_from.author ? link_to_user(@diff.content_from.author) : "anonyme" %>, <%= format_time(@diff.content_from.updated_on) %>)</em>
|
||||||
→
|
→
|
||||||
<%= l(:label_version) %> <%= link_to @diff.content_to.version, :action => 'show', :id => @page.title, :project_id => @page.project, :version => @diff.content_to.version %>/<%= @page.content.version %>
|
<%= l(:label_version) %> <%= link_to @diff.content_to.version, :action => 'show', :id => @page.title, :project_id => @page.project, :version => @diff.content_to.version %>/<%= @page.content.version %>
|
||||||
<em>(<%= @diff.content_to.author ? @diff.content_to.author.name : "anonyme" %>, <%= format_time(@diff.content_to.updated_on) %>)</em>
|
<em>(<%= @diff.content_to.author ? link_to_user(@diff.content_to.author) : "anonyme" %>, <%= format_time(@diff.content_to.updated_on) %>)</em>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<div class="text-diff">
|
<div class="text-diff">
|
||||||
|
|
|
@ -26,4 +26,4 @@
|
||||||
<%= robot_exclusion_tag %>
|
<%= robot_exclusion_tag %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title @page.pretty_title %>
|
<% html_title h(@page.pretty_title) %>
|
||||||
|
|
|
@ -20,13 +20,13 @@ h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor { display
|
||||||
<strong><%= l(:label_index_by_title) %></strong>
|
<strong><%= l(:label_index_by_title) %></strong>
|
||||||
<ul>
|
<ul>
|
||||||
<% @pages.each do |page| %>
|
<% @pages.each do |page| %>
|
||||||
<li><a href="#<%= page.title %>"><%= page.pretty_title %></a></li>
|
<li><a href="#<%= h(page.title) %>"><%= h(page.pretty_title) %></a></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<% @pages.each do |page| %>
|
<% @pages.each do |page| %>
|
||||||
<hr />
|
<hr />
|
||||||
<a name="<%= page.title %>" />
|
<a name="<%= h(page.title) %>" />
|
||||||
<%= textilizable page.content ,:text, :wiki_links => :anchor %>
|
<%= textilizable page.content ,:text, :wiki_links => :anchor %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<h2><%= @page.pretty_title %></h2>
|
<h2><%= h(@page.pretty_title) %></h2>
|
||||||
|
|
||||||
<h3><%= l(:label_history) %></h3>
|
<h3><%= l(:label_history) %></h3>
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
<% line_num = 1 %>
|
<% line_num = 1 %>
|
||||||
<% @versions.each do |ver| %>
|
<% @versions.each do |ver| %>
|
||||||
<tr class="wiki-page-version <%= cycle("odd", "even") %>">
|
<tr class="wiki-page-version <%= cycle("odd", "even") %>">
|
||||||
<td class="id"><%= link_to ver.version, :action => 'show', :id => @page.title, :project_id => @page.project, :version => ver.version %></td>
|
<td class="id"><%= link_to h(ver.version), :action => 'show', :id => @page.title, :project_id => @page.project, :version => ver.version %></td>
|
||||||
<td class="checkbox"><%= radio_button_tag('version', ver.version, (line_num==1), :id => "cb-#{line_num}", :onclick => "$('cbto-#{line_num+1}').checked=true;") if show_diff && (line_num < @versions.size) %></td>
|
<td class="checkbox"><%= radio_button_tag('version', ver.version, (line_num==1), :id => "cb-#{line_num}", :onclick => "$('cbto-#{line_num+1}').checked=true;") if show_diff && (line_num < @versions.size) %></td>
|
||||||
<td class="checkbox"><%= radio_button_tag('version_from', ver.version, (line_num==2), :id => "cbto-#{line_num}") if show_diff && (line_num > 1) %></td>
|
<td class="checkbox"><%= radio_button_tag('version_from', ver.version, (line_num==2), :id => "cbto-#{line_num}") if show_diff && (line_num > 1) %></td>
|
||||||
<td class="updated_on"><%= format_time(ver.created_at) %></td>
|
<td class="updated_on"><%= format_time(ver.created_at) %></td>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<h2><%= l(:button_rename) %>: <%= @original_title %></h2>
|
<h2><%= l(:button_rename) %>: <%= h(@original_title) %></h2>
|
||||||
|
|
||||||
<%= error_messages_for 'page' %>
|
<%= error_messages_for 'page' %>
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
<%= link_to((l(:label_next) + ' »'), :action => 'show', :id => @page.title, :project_id => @page.project, :version => (@content.version + 1)) + " - " if @content.version < @page.content.version %>
|
<%= link_to((l(:label_next) + ' »'), :action => 'show', :id => @page.title, :project_id => @page.project, :version => (@content.version + 1)) + " - " if @content.version < @page.content.version %>
|
||||||
<%= link_to(l(:label_current_version), :action => 'show', :id => @page.title, :project_id => @page.project) %>
|
<%= link_to(l(:label_current_version), :action => 'show', :id => @page.title, :project_id => @page.project) %>
|
||||||
<br />
|
<br />
|
||||||
<em><%= @content.author ? @content.author.name : "anonyme" %>, <%= format_time(@content.updated_on) %> </em><br />
|
<em><%= @content.author ? link_to_user(@content.author) : "anonyme" %>, <%= format_time(@content.updated_on) %> </em><br />
|
||||||
<%=h @content.comments %>
|
<%=h @content.comments %>
|
||||||
</p>
|
</p>
|
||||||
<hr />
|
<hr />
|
||||||
|
@ -61,4 +61,4 @@
|
||||||
<%= render :partial => 'wiki/sidebar' %>
|
<%= render :partial => 'wiki/sidebar' %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% html_title @page.pretty_title %>
|
<% html_title h(@page.pretty_title) %>
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<h2><%=l(:label_confirmation)%></h2>
|
<h2><%=l(:label_confirmation)%></h2>
|
||||||
|
|
||||||
<div class="box"><center>
|
<div class="box"><center>
|
||||||
<p><strong><%= @project.name %></strong><br /><%=l(:text_wiki_destroy_confirmation)%></p>
|
<p><strong><%= h(@project.name) %></strong><br /><%=l(:text_wiki_destroy_confirmation)%></p>
|
||||||
|
|
||||||
<% form_tag({:controller => 'wikis', :action => 'destroy', :id => @project}) do %>
|
<% form_tag({:controller => 'wikis', :action => 'destroy', :id => @project}) do %>
|
||||||
<%= hidden_field_tag "confirm", 1 %>
|
<%= hidden_field_tag "confirm", 1 %>
|
||||||
|
|
Loading…
Reference in New Issue