Revision 2f3839eb
Added by Joseph Magen almost 11 years ago
- ID 2f3839eb9928bd04876c2e1bfe509cd9ed120991
app/views/bookmarks/_list.html.erb | ||
---|---|---|
<% if bookmarks.any? -%>
|
||
<ul class='dropdown-menu'>
|
||
<% bookmarks.each do |bookmark| -%>
|
||
<li><%= link_to_if_authorized bookmark.name, eval("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
<li><%= link_to_if_authorized bookmark.name, send("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
<% end -%>
|
||
</ul>
|
||
<% end -%>
|
Also available in: Unified diff
fixes #2631 - fix remote code execution via controller name (CVE-2013-2121)
(cherry picked from commit ef4b97d177c58c9532730d53dca0517bc869a0ce)
Conflicts:
app/views/common/_puppetclasses_or_envs_changed.html.erb