[Rt-commit] rt branch, 4.2/allowed-components, updated. rt-4.0.0rc6-169-g120dcd8

[Alex Vandiver]

The branch, 4.2/allowed-components has been updated
       via  120dcd884ab0341476829d91ebd1aca7f0b977e0 (commit)
      from  890312ab81ec750520fa5be142a36ca7814ff5b4 (commit)

Summary of changes:
 .../html/Dashboards/Elements/ShowPortlet/component |    2 +-
 share/html/Elements/MyRT                           |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit 120dcd884ab0341476829d91ebd1aca7f0b977e0
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Nov 29 15:03:11 2011 -0500

    Ensure that portlet names are HTML-escaped

diff --git a/share/html/Dashboards/Elements/ShowPortlet/component b/share/html/Dashboards/Elements/ShowPortlet/component
index 0142ac7..b6a6df6 100644
--- a/share/html/Dashboards/Elements/ShowPortlet/component
+++ b/share/html/Dashboards/Elements/ShowPortlet/component
@@ -58,7 +58,7 @@ my $full_path = $Portlet->{path};
 my $allowed = grep { $_ eq $path } @{RT->Config->Get('HomepageComponents')};
 </%init>
 % if (!$allowed) {
-%     $m->out(loc("Invalid portlet [_1]", $path));
+%     $m->out( $m->interp->apply_escapes( loc("Invalid portlet [_1]", $path), "h" ) );
 % } else {
 %     $m->comp($full_path);
 % }
diff --git a/share/html/Elements/MyRT b/share/html/Elements/MyRT
index 5523fe7..fc1f3d5 100644
--- a/share/html/Elements/MyRT
+++ b/share/html/Elements/MyRT
@@ -90,7 +90,7 @@ my $show_cb = sub {
     my $name = $entry->{'name'};
     if ( $type eq 'component' ) {
         if (!$allowed_components{$name}) {
-            $m->out(loc("Invalid portlet [_1]", $name));
+            $m->out( $m->interp->apply_escapes( loc("Invalid portlet [_1]", $name), "h" ) );
         }
         else {
             $m->comp( $name, %{ $entry->{arguments} || {} } );

-----------------------------------------------------------------------