Escape the parent id parameter.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3309 e93f8b46-1217-0410-a6f0-8f06a7374b81
pull/351/head
Eric Davis 15 years ago
parent 0a05cc2a37
commit 667a7256a7
  1. 2
      app/views/repositories/_dir_list_content.rhtml

@ -1,7 +1,7 @@
<% @entries.each do |entry| %>
<% tr_id = Digest::MD5.hexdigest(entry.path)
depth = params[:depth].to_i %>
<tr id="<%= tr_id %>" class="<%= params[:parent_id] %> entry <%= entry.kind %>">
<tr id="<%= tr_id %>" class="<%= h params[:parent_id] %> entry <%= entry.kind %>">
<td style="padding-left: <%=18 * depth%>px;" class="filename">
<% if entry.is_dir? %>
<span class="expander" onclick="<%= remote_function :url => {:action => 'show', :id => @project, :path => to_path_param(entry.path), :rev => @rev, :depth => (depth + 1), :parent_id => tr_id},

Loading…
Cancel
Save