Escape query names (#2379).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)
diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml

index 9b7643b..bbc00f0 100644 (file)
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -20,7 +20,7 @@
  <h3><%= l(:label_query_plural) %></h3>
  
  <% sidebar_queries.each do |query| -%>
-<%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %><br />
+<%= link_to(h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query) %><br />
  <% end -%>
  <%= call_hook(:view_issues_sidebar_queries_bottom) %>
  <% end -%>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 23 Dec 2008 00:19:15 +0000 (00:19 +0000)