scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-11-11 01:44:34 +08:00
Code Issues Projects Releases Packages Wiki Activity

sanitizes the report name on repors index page [fixes SCI-2600]

Browse source
This commit is contained in:
zmagod 2018-07-10 10:58:39 +02:00
parent 0e9571c499
commit a7e47faa61
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/datatables/report_datatable.rb
View file

@ -1,6 +1,8 @@
# frozen_string_literal: true
class ReportDatatable < CustomDatatable
include InputSanitizeHelper
TABLE_COLUMNS = %w(
Views::Datatables::DatatablesReport.project_name
Views::Datatables::DatatablesReport.name
@ -31,10 +33,10 @@ class ReportDatatable < CustomDatatable
records.map do |record|
{
'0' => record.id,
'1' => record.project_name,
'2' => record.name,
'3' => record.created_by,
'4' => record.last_modified_by,
'1' => sanitize_input(record.project_name),
'2' => sanitize_input(record.name),
'3' => sanitize_input(record.created_by),
'4' => sanitize_input(record.last_modified_by),
'5' => I18n.l(record.created_at, format: :full),
'6' => I18n.l(record.updated_at, format: :full),
'edit' => edit_project_report_path(record.project_id, record.id)