Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-03-10 06:32:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix XSS vunerability. Thanks Mesut Timur for spotting this!

Browse source
This commit is contained in:
Reinier Balt 2011-03-11 15:14:45 +01:00
parent b52a812dff
commit 15a2eb6f08
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/todos_controller.rb
View file

@ -517,7 +517,7 @@ class TodosController < ApplicationController
def tag def tag
init_data_for_sidebar unless mobile? init_data_for_sidebar unless mobile?
@source_view = params['_source_view'] || 'tag' @source_view = params['_source_view'] || 'tag'
@tag_name = params[:name] @tag_name = sanitize(params[:name]) # sanitize to prevent XSS vunerability!
@page_title = t('todos.tagged_page_title', :tag_name => @tag_name) @page_title = t('todos.tagged_page_title', :tag_name => @tag_name)
# mobile tags are routed with :name ending on .m. So we need to chomp it # mobile tags are routed with :name ending on .m. So we need to chomp it
@ -1334,4 +1334,4 @@ class TodosController < ApplicationController
end end
end end