From 91633ac4419d839661e35ae8f2efe5c9089cfb67 Mon Sep 17 00:00:00 2001 From: User Date: Wed, 29 Dec 2010 17:06:40 +0100 Subject: use sanitize instead of only html_escape! --- app/views/search/index.html.erb | 4 ++-- config/environment.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/views/search/index.html.erb b/app/views/search/index.html.erb index 9824b8f..ada6c61 100644 --- a/app/views/search/index.html.erb +++ b/app/views/search/index.html.erb @@ -1,5 +1,5 @@ <% if params[:search_term] %> -

Suchergebnisse für Suchbegriff: <%=h params[:search_term] %>

+

Suchergebnisse für Suchbegriff: <%=h sanitize(params[:search_term]) %>

<% end %> <%= @@ -8,4 +8,4 @@ :collection => @results, :as => :node ) -%> \ No newline at end of file +%> diff --git a/config/environment.rb b/config/environment.rb index cdc6b28..6257591 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,7 +1,7 @@ # Be sure to restart your server when you modify this file # Specifies gem version of Rails to use when vendor/rails is not present -RAILS_GEM_VERSION = '2.3.5' unless defined? RAILS_GEM_VERSION +RAILS_GEM_VERSION = '2.3.8' unless defined? RAILS_GEM_VERSION # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') @@ -59,4 +59,4 @@ end require 'awesome_patch' ExceptionNotifier.exception_recipients = %w(hukl@berlin.ccc.de) -ExceptionNotifier.sender_address = %("CCCMS Error" ) \ No newline at end of file +ExceptionNotifier.sender_address = %("CCCMS Error" ) -- cgit v1.3