noosfero | 4 new commits pushed to repository
Bráulio Bhavamitra
gitlab at gitlab.com
Thu Jan 22 14:43:38 BRST 2015
Bráulio Bhavamitra pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>
Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/90a82728e2205a914e5c79f375e85479128a4c1a">90a82728</a> by Larissa Reis
Escapes html for add new qualifier button in edit products' page
Escapes html so the javascript doesn't break for Add new qualifier button
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/4b3b5d071823d498f044a558b5a39909e0dac5cd">4b3b5d07</a> by Larissa Reis
Allows mass assignment for qualifiers_list
Sets qualifiers_list as attr_accessible so users can add qualifiers.
This fixes the edit product page and probably others for rails3.
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/76f856ad49aa96224aaa646d49351c98be74f12a">76f856ad</a> by Larissa Reis
Escapes html in translations link
Escapes html so the javascript doesn't break
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/d9a2d31d85b076c23529315ccfea83b5d97b2ae1">d9a2d31d</a> by Bráulio Bhavamitra
Merge branch 'product-qualifier-fix' into 'master'
Fixes Edit Product page
'Add new qualifiers' in edit product was broken in rails 3 for two reasons: lack of escaping html characters and the qualifiers list wasn't accessible through mass assignment.
I came across this while working on another issue but I decided to extract the commits and submit to the master branch so we don't have to wait the other merge request.
See merge request !401
- - - - -
Changes:
=====================================
app/helpers/content_viewer_helper.rb
=====================================
--- a/app/helpers/content_viewer_helper.rb
+++ b/app/helpers/content_viewer_helper.rb
@@ -45,7 +45,7 @@ module ContentViewerHelper
{ article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
end
content_tag(:div, link_to(_('Translations'), '#',
- :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+ :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
:class => 'article-translations-menu simplemenu-trigger up'),
:class => 'article-translations')
end
=====================================
app/models/product.rb
=====================================
--- a/app/models/product.rb
+++ b/app/models/product.rb
@@ -11,7 +11,7 @@ class Product < ActiveRecord::Base
SEARCH_DISPLAYS = %w[map full]
- attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs
+ attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
def self.default_search_display
'full'
=====================================
app/views/manage_products/_edit_info.html.erb
=====================================
--- a/app/views/manage_products/_edit_info.html.erb
+++ b/app/views/manage_products/_edit_info.html.erb
@@ -47,7 +47,7 @@
<%= button_to_function(
:add,
_('Add new qualifier'),
- "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')"
+ "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
) %>
<%= hidden_field_tag "product[qualifiers_list][nil]" %>
<% end %>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150122/3cdd4379/attachment-0001.html>
More information about the Noosfero-dev
mailing list