Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-09-22 05:50:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix XSS vunerability. Thanks Mesut Timur for spotting this!

Browse source
This commit is contained in:
Reinier Balt 2011-03-11 15:14:45 +01:00
parent 13b5ac98df
commit 11edf64d43
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/todos_controller.rb
View file

@ -417,7 +417,7 @@ class TodosController < ApplicationController
# /todos/tag/[tag_name] shows all the actions tagged with tag_name # /todos/tag/[tag_name] shows all the actions tagged with tag_name
def tag def tag
@source_view = params['_source_view'] || 'tag' @source_view = params['_source_view'] || 'tag'
@tag_name = params[:name] @tag_name = sanitize(params[:name])
@page_title = "TRACKS::Tagged with \'#{@tag_name}\'" @page_title = "TRACKS::Tagged with \'#{@tag_name}\'"
# mobile tags are routed with :name ending on .m. So we need to chomp it # mobile tags are routed with :name ending on .m. So we need to chomp it