HTML-escaping of error and info messages
This commit is contained in:
parent
757e58b94f
commit
7be6cbecba
3 changed files with 19 additions and 4 deletions
|
@ -106,6 +106,21 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
|
||||
def rescue_action_in_public(exception)
|
||||
render_text <<-EOL
|
||||
<html>
|
||||
<body>
|
||||
<p>There was a controller specific error processing your request.</p>
|
||||
<!-- \n#{exception}\n#{exception.backtrace.join("\n")}\n -->
|
||||
</body>
|
||||
</html>
|
||||
EOL
|
||||
end
|
||||
|
||||
def local_request?
|
||||
false
|
||||
end
|
||||
|
||||
def return_to_last_remembered
|
||||
# Forget the redirect location
|
||||
redirect_target, @session[:return_to] = @session[:return_to], nil
|
||||
|
|
|
@ -205,9 +205,9 @@ class WikiController < ApplicationController
|
|||
# the application itself (for application errors, it's better not to rescue the error at all)
|
||||
rescue => e
|
||||
logger.error e
|
||||
flash[:error] = e.message
|
||||
if in_a_web?
|
||||
redirect_to :web => @web_name, :action => 'edit',
|
||||
:action_suffix => "#{@page_name}?msg=#{e.message}"
|
||||
redirect_to :web => @web_name, :action => 'edit', :id => @page_name
|
||||
else
|
||||
raise e
|
||||
end
|
||||
|
|
|
@ -61,11 +61,11 @@ PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|||
</h1>
|
||||
|
||||
<% if @error or @flash[:error] %> <div id="error">
|
||||
<hr/><p><%= (@error || @flash[:error]) %></p><hr/></div>
|
||||
<hr/><p><%= h(@error || @flash[:error]) %></p><hr/></div>
|
||||
<% end %>
|
||||
|
||||
<% if @flash[:info] %> <div id="info">
|
||||
<hr/><p><%= @flash[:info].to_s %></p><hr/></div>
|
||||
<hr/><p><%= h @flash[:info] %></p><hr/></div>
|
||||
<% end %>
|
||||
|
||||
<%= render 'navigation' unless @web.nil? || @hide_navigation %>
|
||||
|
|
Loading…
Reference in a new issue