Download as
Browse Code »

Commit d9a2d31d85b076c23529315ccfea83b5d97b2ae1

Authored by Braulio Bhavamitra
2 parents 0dd4a244 76f856ad
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge branch 'product-qualifier-fix' into 'master' 

Fixes Edit Product page

'Add new qualifiers' in edit product was broken in rails 3 for two reasons: lack of escaping html characters and the qualifiers list wasn't accessible through mass assignment.

I came across this while working on another issue but I decided to extract the commits and submit to the master branch so we don't have to wait the other merge request.

See merge request !401
Showing 3 changed files with 3 additions and 3 deletions   Show diff stats
app/helpers/content_viewer_helper.rb
  Diff comments   View file @d9a2d31
@@ -45,7 +45,7 @@ module ContentViewerHelper @@ -45,7 +45,7 @@ module ContentViewerHelper
45 { article.environment.locales[translation.language] => { :href => url_for(translation.url) } } 45 { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
46 end 46 end
47 content_tag(:div, link_to(_('Translations'), '#', 47 content_tag(:div, link_to(_('Translations'), '#',
48 - :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false", 48 + :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
49 :class => 'article-translations-menu simplemenu-trigger up'), 49 :class => 'article-translations-menu simplemenu-trigger up'),
50 :class => 'article-translations') 50 :class => 'article-translations')
51 end 51 end
app/models/product.rb
  Diff comments   View file @d9a2d31
@@ -11,7 +11,7 @@ class Product < ActiveRecord::Base @@ -11,7 +11,7 @@ class Product < ActiveRecord::Base
11 11
12 SEARCH_DISPLAYS = %w[map full] 12 SEARCH_DISPLAYS = %w[map full]
13 13
14 - attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs 14 + attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
15 15
16 def self.default_search_display 16 def self.default_search_display
17 'full' 17 'full'
app/views/manage_products/_edit_info.html.erb
  Diff comments   View file @d9a2d31
@@ -47,7 +47,7 @@ @@ -47,7 +47,7 @@
47 <%= button_to_function( 47 <%= button_to_function(
48 :add, 48 :add,
49 _('Add new qualifier'), 49 _('Add new qualifier'),
50 - "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')" 50 + "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
51 ) %> 51 ) %>
52 <%= hidden_field_tag "product[qualifiers_list][nil]" %> 52 <%= hidden_field_tag "product[qualifiers_list][nil]" %>
53 <% end %> 53 <% end %>