Project

General

Profile

Download (3.26 KB)

Defect #38728 ยป 0001-Correctly-escape-issue-text-in-Gantt-PNG-export-for-.patch

Holger Just, 2023-06-15 17:30

View differences:

lib/redmine/helpers/gantt.rb
420 420 
            gc.stroke('transparent')
421 421 
            gc.strokewidth(1)
422 422 
            gc.draw('text %d,%d %s' % [
423 
              left.round + 8, 14, Redmine::Utils::Shell.shell_quote("#{month_f.year}-#{month_f.month}")
423 
              left.round + 8, 14, magick_text("#{month_f.year}-#{month_f.month}")
424 424 
            ])
425 425 
            left = left + width
426 426 
            month_f = month_f >> 1
......
456 456 
              gc.stroke('transparent')
457 457 
              gc.strokewidth(1)
458 458 
              gc.draw('text %d,%d %s' % [
459 
                left.round + 2, header_height + 14, Redmine::Utils::Shell.shell_quote(week_f.cweek.to_s)
459 
                left.round + 2, header_height + 14, magick_text(week_f.cweek.to_s)
460 460 
              ])
461 461 
              left = left + width
462 462 
              week_f = week_f + 7
......
822 822 
        params[:image].stroke('transparent')
823 823 
        params[:image].strokewidth(1)
824 824 
        params[:image].draw('text %d,%d %s' % [
825 
          params[:indent], params[:top] + 2, Redmine::Utils::Shell.shell_quote(subject)
825 
          params[:indent], params[:top] + 2, magick_text(subject)
826 826 
        ])
827 827 
      end
828 828 

  		




  ......




  1072
  1072
  
    
          params[:image].draw('text %d,%d %s' % [

  		




  1073
  1073
  
    
            params[:subject_width] + (coords[:bar_end] || 0) + 5,

  		




  1074
  1074
  
    
            params[:top] + 1,

  		




  1075
  
  
    
            Redmine::Utils::Shell.shell_quote(label)

  		




  
  1075
  
    
            magick_text(label)

  		




  1076
  1076
  
    
          ])

  		




  1077
  1077
  
    
        end

  		




  1078
  1078
  
    
      end

  		




  
  1079
  
    

  		




  
  1080
  
    
      # Escape the passed string as a text argument in a draw rule for

  		




  
  1081
  
    
      # mini_magick. Note that the returned string is not shell-safe on its own.

  		




  
  1082
  
    
      def magick_text(str)

  		




  
  1083
  
    
        "'#{str.to_s.gsub(/['\\]/, '\\\\\0')}'"

  		




  
  1084
  
    
      end

  		




  1079
  1085
  
    
    end

  		




  1080
  1086
  
    
  end

  		




  1081
  1087
  
    
end

  		












  

    
      test/unit/lib/redmine/helpers/gantt_test.rb
    
  





  574
  574
  
    

  		




  575
  575
  
    
    assert_equal versions.sort, Redmine::Helpers::Gantt.sort_versions!(versions.dup)

  		




  576
  576
  
    
  end

  		




  
  577
  
    

  		




  
  578
  
    
  def test_magick_text

  		




  
  579
  
    
    create_gantt

  		




  
  580
  
    
    assert_equal "'foo\\'bar\\\\baz'", @gantt.send(:magick_text, "foo'bar\\baz")

  		




  
  581
  
    
  end

  		




  577
  582
  
    
end

  		















  
    (1-1/1)