diff --git a/app/helpers/cms_helper.rb b/app/helpers/cms_helper.rb
index a858c32..023dfbc 100644
--- a/app/helpers/cms_helper.rb
+++ b/app/helpers/cms_helper.rb
@@ -11,7 +11,7 @@ module CmsHelper
 
   def add_upload_file_field(name, locals)
     button_to_function :add, name, nil do |page|
-      page.insert_html :bottom, :uploaded_files, :partial => 'upload_file', :locals => locals, :object => UploadedFile.new
+      page.insert_html :bottom, :uploaded_files, CGI::escapeHTML(render(:partial => 'upload_file', :locals => locals, :object => UploadedFile.new))
     end
   end
 
diff --git a/app/helpers/comment_helper.rb b/app/helpers/comment_helper.rb
index e6095a7..089c096 100644
--- a/app/helpers/comment_helper.rb
+++ b/app/helpers/comment_helper.rb
@@ -25,7 +25,7 @@ module CommentHelper
   def comment_actions(comment)
     url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
     links = links_for_comment_actions(comment)
-    content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
+    content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{j links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
   end
 
   private
diff --git a/config/application.rb b/config/application.rb
index 57d0f37..edee240 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -65,7 +65,7 @@ module Noosfero
     config.filter_parameters += [:password]
 
     # Enable escaping HTML in JSON.
-    config.active_support.escape_html_entities_in_json = true
+    ActiveSupport::JSON::Encoding.escape_html_entities_in_json = true
 
     # Use SQL instead of Active Record's schema dumper when creating the database.
     # This is necessary if your schema can't be completely dumped by the schema dumper,
diff --git a/vendor/plugins/access_control/lib/acts_as_accessor.rb b/vendor/plugins/access_control/lib/acts_as_accessor.rb
index 451a198..e6b5667 100644
--- a/vendor/plugins/access_control/lib/acts_as_accessor.rb
+++ b/vendor/plugins/access_control/lib/acts_as_accessor.rb
@@ -2,7 +2,6 @@ class ActiveRecord::Base
   def self.acts_as_accessor
     has_many :role_assignments, :as => :accessor, :dependent => :destroy
 
-    public
     def has_permission?(permission, resource = nil)
       return true if resource == self
       role_assignments.includes([:resource,:role]).any? {|ra| ra.has_permission?(permission, resource)}
--
libgit2 0.21.2