Download as
Browse Code »

Commit 82b30ccdc648b3dc24804a03a993d5098b7bf1e5

Authored by Victor Costa
1 parent 8cc32f38
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

rails3: fix html escape in json

Showing 4 changed files with 3 additions and 4 deletions   Show diff stats
app/helpers/cms_helper.rb
  Diff comments   View file @82b30cc
... ... @@ -11,7 +11,7 @@ module CmsHelper
11 11  
12 12 def add_upload_file_field(name, locals)
13 13 button_to_function :add, name, nil do |page|
14   - page.insert_html :bottom, :uploaded_files, :partial => 'upload_file', :locals => locals, :object => UploadedFile.new
  14 + page.insert_html :bottom, :uploaded_files, CGI::escapeHTML(render(:partial => 'upload_file', :locals => locals, :object => UploadedFile.new))
15 15 end
16 16 end
17 17  
... ...
app/helpers/comment_helper.rb
  Diff comments   View file @82b30cc
... ... @@ -25,7 +25,7 @@ module CommentHelper
25 25 def comment_actions(comment)
26 26 url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
27 27 links = links_for_comment_actions(comment)
28   - content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
  28 + content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{j links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
29 29 end
30 30  
31 31 private
... ...
config/application.rb
  Diff comments   View file @82b30cc
... ... @@ -65,7 +65,7 @@ module Noosfero
65 65 config.filter_parameters += [:password]
66 66  
67 67 # Enable escaping HTML in JSON.
68   - config.active_support.escape_html_entities_in_json = true
  68 + ActiveSupport::JSON::Encoding.escape_html_entities_in_json = true
69 69  
70 70 # Use SQL instead of Active Record's schema dumper when creating the database.
71 71 # This is necessary if your schema can't be completely dumped by the schema dumper,
... ...
vendor/plugins/access_control/lib/acts_as_accessor.rb
  Diff comments   View file @82b30cc
... ... @@ -2,7 +2,6 @@ class ActiveRecord::Base
2 2 def self.acts_as_accessor
3 3 has_many :role_assignments, :as => :accessor, :dependent => :destroy
4 4  
5   - public
6 5 def has_permission?(permission, resource = nil)
7 6 return true if resource == self
8 7 role_assignments.includes([:resource,:role]).any? {|ra| ra.has_permission?(permission, resource)}
... ...