Actions
Defect #6061
closed
html encoding of setting_multiselect
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
UI
Target version:
-
Start date:
2010-08-06
Due date:
% Done:
0%
Estimated time:
Resolution:
Invalid
Affected version:
Description
using rails 2.3.8, ruby 1.8.7, was seeing a few of the setting_multiselect calls -- specifically in /app/views/_repositories.rhtml -- rendering as encoded html. e.g. as
<label>...
instead of
<label>...
this was preventing setup of a new redmine installation.
diff --git a/app/helpers/settings_helper.rb b/app/helpers/settings_helper.rb
index e57b75f..8e33a3a 100644
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -40,6 +40,7 @@ module SettingsHelper
setting_values = Setting.send(setting)
setting_values = [] unless setting_values.is_a?(Array)
+ CGI::unescapeHTML(
setting_label(setting, options) +
hidden_field_tag("settings[#{setting}][]", '') +
choices.collect do |choice|
@@ -48,7 +49,7 @@ module SettingsHelper
check_box_tag("settings[#{setting}][]", value, Setting.send(setting).include?(value)) + text.to_s,
:class => 'block'
)
- end.join
+ end.join)
end
wasn't obvious to me why some of the calls were encoding and others were not -- choices was coming in as a string array in all cases, but the patch above fixed all cases (because an exta CGI::unescapeHTML is innocuous).
i did not track into whether this is something about newer rails .join or check_box_tag or something else, but i thought i'd list it as a workaround for people at HEAD as a quickie workaround.
Updated by
Actions