Commit 605725ff76305f9abf1ccebe091489f25409591b
1 parent
6672bb97
Exists in
new_security
Fixing tests
4 failures, 0 errors Signed-off-by: Alexandre Barbosa <alexandreab@live.com> Signed-off-by: Arthur Jahn <stutrzbecher@gmail.com> Signed-off-by: David Carlos <ddavidcarlos1392@gmail.com>
Showing
8 changed files
with
12 additions
and
12 deletions
Show diff stats
app/helpers/application_helper.rb
| ... | ... | @@ -567,15 +567,15 @@ module ApplicationHelper |
| 567 | 567 | links = links_for_balloon(profile) |
| 568 | 568 | content_tag('div', content_tag(tag, |
| 569 | 569 | (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? |
| 570 | - popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") + | |
| 570 | + popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "").html_safe + | |
| 571 | 571 | link_to( |
| 572 | 572 | content_tag( 'span', profile_image( profile, size ), :class => img_class ) + |
| 573 | 573 | content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) + |
| 574 | 574 | extra_info_tag + profile_sex_icon( profile ), |
| 575 | - profile.url, | |
| 575 | + url, | |
| 576 | 576 | :class => 'profile_link url', |
| 577 | 577 | :help => _('Click on this icon to go to the <b>%s</b>\'s home page') % profile.name, |
| 578 | - :title => profile.name ), | |
| 578 | + :title => profile.name ).html_safe, | |
| 579 | 579 | :class => 'vcard'), :class => 'common-profile-list-block') |
| 580 | 580 | end |
| 581 | 581 | |
| ... | ... | @@ -835,7 +835,7 @@ module ApplicationHelper |
| 835 | 835 | end |
| 836 | 836 | else |
| 837 | 837 | if profile.active_fields.include?(name) |
| 838 | - result = content_tag('div', field_html + profile_field_privacy_selector(profile, name), :class => 'field-with-privacy-selector-R1') | |
| 838 | + result = content_tag('div', field_html + profile_field_privacy_selector(profile, name), :class => 'field-with-privacy-selector') | |
| 839 | 839 | end |
| 840 | 840 | end |
| 841 | 841 | |
| ... | ... | @@ -1392,7 +1392,7 @@ module ApplicationHelper |
| 1392 | 1392 | html = @plugins.pipeline(:parse_content, html, source).first |
| 1393 | 1393 | end |
| 1394 | 1394 | |
| 1395 | - html.html_safe && html | |
| 1395 | + html && html.html_safe | |
| 1396 | 1396 | end |
| 1397 | 1397 | |
| 1398 | 1398 | def convert_macro(html, source) | ... | ... |
app/helpers/box_organizer_helper.rb
app/helpers/boxes_helper.rb
| ... | ... | @@ -282,7 +282,7 @@ module BoxesHelper |
| 282 | 282 | buttons << modal_inline_icon(:embed, _('Embed code'), {}, "#embed-code-box-#{block.id}") << html |
| 283 | 283 | end |
| 284 | 284 | |
| 285 | - content_tag('div', buttons.join("\n") + tag('br', :style => 'clear: left'), :class => 'button-bar') | |
| 285 | + content_tag('div', buttons.join("\n").html_safe + tag('br', :style => 'clear: left'), :class => 'button-bar') | |
| 286 | 286 | end |
| 287 | 287 | |
| 288 | 288 | def current_blocks | ... | ... |
app/helpers/language_helper.rb
| ... | ... | @@ -40,7 +40,7 @@ module LanguageHelper |
| 40 | 40 | else |
| 41 | 41 | link_to(name, params.merge(:lang => code), :rel => 'nofollow') |
| 42 | 42 | end |
| 43 | - end.join(separator) | |
| 43 | + end.join(separator).html_safe | |
| 44 | 44 | content_tag('div', languages, :id => 'language-chooser', :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.')) |
| 45 | 45 | end |
| 46 | 46 | end | ... | ... |
app/models/blog_archives_block.rb
| ... | ... | @@ -36,7 +36,7 @@ class BlogArchivesBlock < Block |
| 36 | 36 | results << content_tag('li', content_tag('strong', "#{year.to_i} (#{count})")) |
| 37 | 37 | results << "<ul class='#{year.to_i}-archive'>" |
| 38 | 38 | posts.except(:order).where('EXTRACT(YEAR FROM published_at)=?', year.to_i).group('EXTRACT(MONTH FROM published_at)').count.sort_by {|month, count| -month.to_i}.each do |month, count| |
| 39 | - results << content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", owner_blog.url.merge(year: year.to_i, month: month.to_i))) | |
| 39 | + results << content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", url_for(owner_blog.url.merge(year: year.to_i, month: month.to_i)).html_safe)) | |
| 40 | 40 | end |
| 41 | 41 | results << "</ul>" |
| 42 | 42 | end | ... | ... |
app/views/profile/index.html.erb
app/views/profile_editor/_organization.html.erb
| ... | ... | @@ -41,7 +41,7 @@ |
| 41 | 41 | <div id="profile-identifier-formitem"> |
| 42 | 42 | <%= required labelled_form_field( _('Address'), |
| 43 | 43 | content_tag('code', |
| 44 | - url_for(profile.url).gsub(/#{profile.identifier}$/, '') + | |
| 44 | + url_for(profile.url).gsub(/#{profile.identifier}$/, '').html_safe + | |
| 45 | 45 | text_field(:profile_data, :identifier, :onchange => "warn_value_change()", :size => 25) |
| 46 | 46 | ) + |
| 47 | 47 | content_tag('div', | ... | ... |
test/functional/profile_controller_test.rb
| ... | ... | @@ -512,7 +512,7 @@ class ProfileControllerTest < ActionController::TestCase |
| 512 | 512 | should 'show description of orgarnization' do |
| 513 | 513 | login_as(@profile.identifier) |
| 514 | 514 | ent = fast_create(Enterprise) |
| 515 | - ent.description = 'Enterprise\'s description' | |
| 515 | + ent.description = "<span>Enterprise's description</span>" | |
| 516 | 516 | ent.save |
| 517 | 517 | get :index, :profile => ent.identifier |
| 518 | 518 | assert_tag :tag => 'div', :attributes => { :class => 'public-profile-description' }, :content => /Enterprise\'s description/ | ... | ... |