meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 15:01:14 +00:00
Code Issues Releases Wiki Activity

Ensure that values of multi-value fields are HTML-escaped in issue history (#27186).

Browse Source 
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16985 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2017-10-15 11:09:43 +00:00
parent 56c8ee0440
commit 94f7cfbf99
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/helpers/application_helper.rb
View File

@ -177,7 +177,8 @@ module ApplicationHelper
end end
case object.class.name case object.class.name
when 'Array' when 'Array'
object.map {|o| format_object(o, html)}.join(', ').html_safe formatted_objects = object.map {|o| format_object(o, html)}
html ? safe_join(formatted_objects, ', ') : formatted_objects.join(', ')
when 'Time' when 'Time'
format_time(object) format_time(object)
when 'Date' when 'Date'