Download as
Browse Code »

Commit 82b30ccdc648b3dc24804a03a993d5098b7bf1e5

Authored by Victor Costa
1 parent 8cc32f38
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

rails3: fix html escape in json

Showing 4 changed files with 3 additions and 4 deletions   Show diff stats
app/helpers/cms_helper.rb
  Diff comments   View file @82b30cc
@@ -11,7 +11,7 @@ module CmsHelper @@ -11,7 +11,7 @@ module CmsHelper
11 11
12 def add_upload_file_field(name, locals) 12 def add_upload_file_field(name, locals)
13 button_to_function :add, name, nil do |page| 13 button_to_function :add, name, nil do |page|
14 - page.insert_html :bottom, :uploaded_files, :partial => 'upload_file', :locals => locals, :object => UploadedFile.new 14 + page.insert_html :bottom, :uploaded_files, CGI::escapeHTML(render(:partial => 'upload_file', :locals => locals, :object => UploadedFile.new))
15 end 15 end
16 end 16 end
17 17
app/helpers/comment_helper.rb
  Diff comments   View file @82b30cc
@@ -25,7 +25,7 @@ module CommentHelper @@ -25,7 +25,7 @@ module CommentHelper
25 def comment_actions(comment) 25 def comment_actions(comment)
26 url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id) 26 url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
27 links = links_for_comment_actions(comment) 27 links = links_for_comment_actions(comment)
28 - content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty? 28 + content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{j links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
29 end 29 end
30 30
31 private 31 private
config/application.rb
  Diff comments   View file @82b30cc
@@ -65,7 +65,7 @@ module Noosfero @@ -65,7 +65,7 @@ module Noosfero
65 config.filter_parameters += [:password] 65 config.filter_parameters += [:password]
66 66
67 # Enable escaping HTML in JSON. 67 # Enable escaping HTML in JSON.
68 - config.active_support.escape_html_entities_in_json = true 68 + ActiveSupport::JSON::Encoding.escape_html_entities_in_json = true
69 69
70 # Use SQL instead of Active Record's schema dumper when creating the database. 70 # Use SQL instead of Active Record's schema dumper when creating the database.
71 # This is necessary if your schema can't be completely dumped by the schema dumper, 71 # This is necessary if your schema can't be completely dumped by the schema dumper,
vendor/plugins/access_control/lib/acts_as_accessor.rb
  Diff comments   View file @82b30cc
@@ -2,7 +2,6 @@ class ActiveRecord::Base @@ -2,7 +2,6 @@ class ActiveRecord::Base
2 def self.acts_as_accessor 2 def self.acts_as_accessor
3 has_many :role_assignments, :as => :accessor, :dependent => :destroy 3 has_many :role_assignments, :as => :accessor, :dependent => :destroy
4 4
5 - public  
6 def has_permission?(permission, resource = nil) 5 def has_permission?(permission, resource = nil)
7 return true if resource == self 6 return true if resource == self
8 role_assignments.includes([:resource,:role]).any? {|ra| ra.has_permission?(permission, resource)} 7 role_assignments.includes([:resource,:role]).any? {|ra| ra.has_permission?(permission, resource)}