Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-16 15:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix reflected XSS vulnerability on the stats page

Browse source
This commit is contained in:
Jyri-Petteri Paloposki 2024-07-25 14:53:04 +03:00
parent 0fc66953c0
commit c23ca0574e
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/views/stats/show_selection_from_chart.html.erb
View file

@ -4,8 +4,8 @@
unless @further
-%>
<%= raw t('stats.click_to_show_actions_from_week',
:link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id]}_end", :index => params[:index])),
:week => params[:index])
:link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id].to_i}_end", :index => params[:index].to_i)),
:week => params[:index].to_i)
-%>
<%
end