Revision 2f3839eb
Added by Joseph Magen almost 11 years ago
- ID 2f3839eb9928bd04876c2e1bfe509cd9ed120991
| app/views/bookmarks/_list.html.erb | ||
|---|---|---|
|
<% if bookmarks.any? -%>
|
||
|
<ul class='dropdown-menu'>
|
||
|
<% bookmarks.each do |bookmark| -%>
|
||
|
<li><%= link_to_if_authorized bookmark.name, eval("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
|
<li><%= link_to_if_authorized bookmark.name, send("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
|
<% end -%>
|
||
|
</ul>
|
||
|
<% end -%>
|
||
Also available in: Unified diff
fixes #2631 - fix remote code execution via controller name (CVE-2013-2121)
(cherry picked from commit ef4b97d177c58c9532730d53dca0517bc869a0ce)
Conflicts:
app/views/common/_puppetclasses_or_envs_changed.html.erb