Revision 2f3839eb
Added by Joseph Magen almost 11 years ago
- ID 2f3839eb9928bd04876c2e1bfe509cd9ed120991
| app/views/common/_searchbar.erb | ||
|---|---|---|
|
<%= form_tag eval("#{controller_name}_path"), :method => "get", :class=>"form-inline form-search row-fluid" do %>
|
||
|
<%= form_tag send("#{controller_name}_path"), :method => "get", :class=>"form-inline form-search row-fluid" do %>
|
||
|
<div class="btn-toolbar btn-toolbar-condensed">
|
||
|
<div class="btn-group span12">
|
||
|
<div class="span9">
|
||
| ... | ... | |
|
<ul class="dropdown-menu pull-right">
|
||
|
<% bookmarks = Bookmark.my_bookmarks.controller(controller_name) %>
|
||
|
<% bookmarks.each do |bookmark| -%>
|
||
|
<li><%= link_to_if_authorized bookmark.name, eval("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
|
<li><%= link_to_if_authorized bookmark.name, send("hash_for_#{bookmark.controller}_path").merge(:search => bookmark.query) %></li>
|
||
|
<% end -%>
|
||
|
<li class="divider"></li>
|
||
|
<li><%= link_to_function _('Bookmark this search'), "$('#bookmarks-modal').modal();",
|
||
Also available in: Unified diff
fixes #2631 - fix remote code execution via controller name (CVE-2013-2121)
(cherry picked from commit ef4b97d177c58c9532730d53dca0517bc869a0ce)
Conflicts:
app/views/common/_puppetclasses_or_envs_changed.html.erb