Menu
▾
▴
[nventory-devel] SF.net SVN: nventory:[291] trunk/server/app/views/layouts/application.html. erb
|
From: <jh...@us...> - 2011-03-29 18:30:58
|
Revision: 291
http://nventory.svn.sourceforge.net/nventory/?rev=291&view=rev
Author: jhtran
Date: 2011-03-29 18:30:52 +0000 (Tue, 29 Mar 2011)
Log Message:
-----------
escaped the account name to prevent xss
Modified Paths:
--------------
trunk/server/app/views/layouts/application.html.erb
Modified: trunk/server/app/views/layouts/application.html.erb
===================================================================
--- trunk/server/app/views/layouts/application.html.erb 2011-03-23 17:34:52 UTC (rev 290)
+++ trunk/server/app/views/layouts/application.html.erb 2011-03-29 18:30:52 UTC (rev 291)
@@ -22,7 +22,7 @@
<p id="account_links">
<%- if logged_in_account -%>
- <%= "Welcome back, #{link_to logged_in_account.name, account_path(logged_in_account)}! | #{link_to "Help", HELP_URL} | " %>
+ <%= "Welcome back, #{link_to h(logged_in_account.name), account_path(logged_in_account)}! | #{link_to "Help", HELP_URL} | " %>
<%= session[:sso] ? link_to("Logout (SSO)", sso_obj.logout_url) : link_to("Logout", :controller => 'login', :action => 'logout') %>
<%- else -%>
<%= (SSO_AUTH_SERVER && SSO_LOGIN_URL) ? " | #{link_to "Login (SSO)", SSO_LOGIN_URL}" : " | #{link_to("Login", :controller => 'login', :action => 'login')}" %>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|