Defect #13861

setting_multiselect function returns HTML escaped code

Added by Nils Linde over 9 years ago. Updated over 9 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Resolution: Affected version:1.0.1


I installed a Redmine through Debian package and it accoured, that many settings inside "Settings" section are unavilable - they were HTML inputs code, but with special chars escaped. As I don't know ruby very much, I used workaround, to deal with that bug:

  1. Open file \usr\share\redmine\app\helpers\settings_helper.rb
  2. Prepend require 'cgi'
  3. Search for def setting_multiselect() (line 39 in my case) and encase last part inside CGI.unescapeHTML() function like this:
  def setting_multiselect(setting, choices, options={})
    setting_values = Setting.send(setting)
    setting_values = [] unless setting_values.is_a?(Array)

    CGI.unescapeHTML(setting_label(setting, options) +
      hidden_field_tag("settings[#{setting}][]", '') +
      choices.collect do |choice|
        text, value = (choice.is_a?(Array) ? choice : [choice, choice]) 
          check_box_tag("settings[#{setting}][]", value, Setting.send(setting).include?(value)) + text.to_s,
          :class => 'block'

I dunno why that function outputs html escaped string, but my workaround currently works, but I'm sure, there is deeper problem. Sorry, I currently have no resources to write down problem reproduction guide.

Debian Linux 2.6.32-5-amd64 x86_64 GNU/Linux
mysql Ver 14.14 Distrib 5.1.66, for debian-linux-gnu (x86_64) using readline 6.1
ruby 1.8.7 (2010-08-16 patchlevel 302) [x86_64-linux]
Rails 2.3.5


#1 Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from New to Closed

1.0.1 is too old.
Please use recent version.

Also available in: Atom PDF