From e48f0f04e7c9985ead31afd93dc48067e072bc23 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 23 Dec 2008 00:19:15 +0000
Subject: [PATCH] Escape query names (#2379).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2169 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/issues/_sidebar.rhtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml
index 9b7643ba..bbc00f09 100644
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -20,7 +20,7 @@
 <h3><%= l(:label_query_plural) %></h3>
 
 <% sidebar_queries.each do |query| -%>
-<%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %><br />
+<%= link_to(h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query) %><br />
 <% end -%>
 <%= call_hook(:view_issues_sidebar_queries_bottom) %>
 <% end -%>