From: Jean-Philippe Lang Date: Thu, 18 Feb 2010 19:13:38 +0000 (+0000) Subject: Escaping in html email templates (#4874). X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=026fbb99a6380054545c14c16590e96a9e77995c;p=redminele%2Fredmine.git Escaping in html email templates (#4874). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3452 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/views/mailer/_issue_text_html.rhtml b/app/views/mailer/_issue_text_html.rhtml index d0f24781..3b1812d9 100644 --- a/app/views/mailer/_issue_text_html.rhtml +++ b/app/views/mailer/_issue_text_html.rhtml @@ -1,14 +1,14 @@ -

<%= link_to "#{issue.tracker.name} ##{issue.id}: #{issue.subject}", issue_url %>

+

<%= link_to(h("#{issue.tracker.name} ##{issue.id}: #{issue.subject}"), issue_url) %>

diff --git a/app/views/mailer/account_activation_request.text.html.rhtml b/app/views/mailer/account_activation_request.text.html.rhtml index 145ecfc8..b19cf321 100644 --- a/app/views/mailer/account_activation_request.text.html.rhtml +++ b/app/views/mailer/account_activation_request.text.html.rhtml @@ -1,2 +1,2 @@ -

<%= l(:mail_body_account_activation_request, @user.login) %>

+

<%= l(:mail_body_account_activation_request, h(@user.login)) %>

<%= link_to @url, @url %>

diff --git a/app/views/mailer/account_information.text.html.rhtml b/app/views/mailer/account_information.text.html.rhtml index 3b6ab6a9..94c3297e 100644 --- a/app/views/mailer/account_information.text.html.rhtml +++ b/app/views/mailer/account_information.text.html.rhtml @@ -1,10 +1,10 @@ <% if @user.auth_source %> -

<%= l(:mail_body_account_information_external, @user.auth_source.name) %>

+

<%= l(:mail_body_account_information_external, h(@user.auth_source.name)) %>

<% else %>

<%= l(:mail_body_account_information) %>:

<% end %> diff --git a/app/views/mailer/attachments_added.text.html.rhtml b/app/views/mailer/attachments_added.text.html.rhtml index d2355b1c..369834b6 100644 --- a/app/views/mailer/attachments_added.text.html.rhtml +++ b/app/views/mailer/attachments_added.text.html.rhtml @@ -1,5 +1,5 @@ <%= link_to @added_to, @added_to_url %>
diff --git a/app/views/mailer/document_added.text.html.rhtml b/app/views/mailer/document_added.text.html.rhtml index dc1f659a..8606dd78 100644 --- a/app/views/mailer/document_added.text.html.rhtml +++ b/app/views/mailer/document_added.text.html.rhtml @@ -1,3 +1,3 @@ -<%= link_to @document.title, @document_url %> (<%= @document.category.name %>)
+<%= link_to(h(@document.title), @document_url) %> (<%=h @document.category.name %>)

<%= textilizable(@document, :description, :only_path => false) %> diff --git a/app/views/mailer/issue_add.text.html.rhtml b/app/views/mailer/issue_add.text.html.rhtml index ef1d0dec..bc62306c 100644 --- a/app/views/mailer/issue_add.text.html.rhtml +++ b/app/views/mailer/issue_add.text.html.rhtml @@ -1,3 +1,3 @@ -<%= l(:text_issue_added, :id => "##{@issue.id}", :author => @issue.author) %> +<%= l(:text_issue_added, :id => "##{@issue.id}", :author => h(@issue.author)) %>
<%= render :partial => "issue_text_html", :locals => { :issue => @issue, :issue_url => @issue_url } %> diff --git a/app/views/mailer/issue_edit.text.html.rhtml b/app/views/mailer/issue_edit.text.html.rhtml index b4a1f953..05c67208 100644 --- a/app/views/mailer/issue_edit.text.html.rhtml +++ b/app/views/mailer/issue_edit.text.html.rhtml @@ -1,4 +1,4 @@ -<%= l(:text_issue_updated, :id => "##{@issue.id}", :author => @journal.user) %> +<%= l(:text_issue_updated, :id => "##{@issue.id}", :author => h(@journal.user)) %>