From 7be6cbecba4a98ee6d56fac91e5f79e91d09c652 Mon Sep 17 00:00:00 2001
From: Alexey Verkhovsky <averkhov@thoughtworks.com>
Date: Mon, 9 May 2005 04:31:02 +0000
Subject: [PATCH] HTML-escaping of error and info messages

---
 app/controllers/application.rb     | 15 +++++++++++++++
 app/controllers/wiki_controller.rb |  4 ++--
 app/views/layouts/default.rhtml    |  4 ++--
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index fb0da1db..a97ff566 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -106,6 +106,21 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def rescue_action_in_public(exception)
+    render_text <<-EOL
+      <html>
+        <body>
+          <p>There was a controller specific error processing your request.</p>
+          <!-- \n#{exception}\n#{exception.backtrace.join("\n")}\n  -->
+        </body>
+      </html>
+    EOL
+  end
+  
+  def local_request?
+    false
+  end
+
   def return_to_last_remembered
     # Forget the redirect location
     redirect_target, @session[:return_to] = @session[:return_to], nil
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index f83846d2..bec7b0b9 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -205,9 +205,9 @@ class WikiController < ApplicationController
       # the application itself (for application errors, it's better not to rescue the error at all)
       rescue => e
         logger.error e
+        flash[:error] = e.message
         if in_a_web?
-          redirect_to :web => @web_name, :action => 'edit',
-              :action_suffix => "#{@page_name}?msg=#{e.message}"
+          redirect_to :web => @web_name, :action => 'edit', :id => @page_name
         else
           raise e
         end
diff --git a/app/views/layouts/default.rhtml b/app/views/layouts/default.rhtml
index 57055369..83b47cf7 100644
--- a/app/views/layouts/default.rhtml
+++ b/app/views/layouts/default.rhtml
@@ -61,11 +61,11 @@ PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   </h1>
 
 <% if @error or @flash[:error] %> <div id="error">
-    <hr/><p><%= (@error || @flash[:error]) %></p><hr/></div>
+    <hr/><p><%= h(@error || @flash[:error]) %></p><hr/></div>
 <% end %>
 
 <% if @flash[:info] %> <div id="info">
-    <hr/><p><%= @flash[:info].to_s %></p><hr/></div>
+    <hr/><p><%= h @flash[:info] %></p><hr/></div>
 <% end %>
 
 <%= render 'navigation' unless @web.nil? || @hide_navigation %>