From 7aacc1a919a7e20f4392f25ef6f10b544f7fb9dd Mon Sep 17 00:00:00 2001 From: Carsten Otto Date: Sat, 18 Mar 2017 20:42:04 +0100 Subject: [PATCH 1/2] do not replace HTML special characters for non-HTML output fixes #2051 --- app/views/todos/create.js.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/todos/create.js.erb b/app/views/todos/create.js.erb index 4e36a99d8..3566af257 100644 --- a/app/views/todos/create.js.erb +++ b/app/views/todos/create.js.erb @@ -27,9 +27,9 @@ function clear_form(next_steps) { $('#todo-form-new-action').clearForm(); $('#todo-form-new-action').clearDeps(); - TracksForm.set_context_name('<%=escape_javascript @initial_context_name%>'); - TracksForm.set_project_name_and_default_project_name('<%=escape_javascript @initial_project_name%>'); - TracksForm.set_tag_list_and_default_tag_list('<%=escape_javascript @initial_tags%>'); + TracksForm.set_context_name('<%=escape_javascript raw @initial_context_name%>'); + TracksForm.set_project_name_and_default_project_name('<%= escape_javascript raw @initial_project_name %>'); + TracksForm.set_tag_list_and_default_tag_list('<%=escape_javascript raw @initial_tags%>'); $('#todo-form-new-action input:text:first').focus(); $('#new_todo_starred_link .todo_star').removeClass('starred'); $('#new_todo_starred').val('false'); From e12981c8275aaf454972e2188d8f3b37b07ccf26 Mon Sep 17 00:00:00 2001 From: Carsten Otto Date: Sat, 18 Mar 2017 20:27:13 +0100 Subject: [PATCH 2/2] extract method --- app/controllers/todos_controller.rb | 116 ++++++++++++++-------------- 1 file changed, 60 insertions(+), 56 deletions(-) diff --git a/app/controllers/todos_controller.rb b/app/controllers/todos_controller.rb index 824371578..6f9c3f4b7 100644 --- a/app/controllers/todos_controller.rb +++ b/app/controllers/todos_controller.rb @@ -95,68 +95,72 @@ def create if is_multiple create_multiple else - p = Todos::TodoCreateParamsHelper.new(params, current_user) - p.parse_dates unless mobile? - tag_list = p.tag_list + create_single + end + end - @todo = current_user.todos.build - @todo.assign_attributes(p.attributes) - p.add_errors(@todo) + def create_single + p = Todos::TodoCreateParamsHelper.new(params, current_user) + p.parse_dates unless mobile? + tag_list = p.tag_list - if @todo.errors.empty? - @todo.add_predecessor_list(p.predecessor_list) - @saved = @todo.save - @todo.tag_with(tag_list) if @saved && tag_list.present? - @todo.block! if @todo.uncompleted_predecessors? - else - @saved = false - end + @todo = current_user.todos.build + @todo.assign_attributes(p.attributes) + p.add_errors(@todo) - @todo_was_created_deferred = @todo.deferred? - @todo_was_created_blocked = @todo.pending? - @not_done_todos = [@todo] if p.new_project_created || p.new_context_created - @new_project_created = p.new_project_created - @new_context_created = p.new_context_created + if @todo.errors.empty? + @todo.add_predecessor_list(p.predecessor_list) + @saved = @todo.save + @todo.tag_with(tag_list) if @saved && tag_list.present? + @todo.block! if @todo.uncompleted_predecessors? + else + @saved = false + end - respond_to do |format| - format.html do - redirect_to :action => "index" - end - format.m do - @return_path=cookies[:mobile_url] ? cookies[:mobile_url] : mobile_path - if @saved - onsite_redirect_to @return_path - else - @projects = current_user.projects - @contexts = current_user.contexts - render :action => "new" - end + @todo_was_created_deferred = @todo.deferred? + @todo_was_created_blocked = @todo.pending? + @not_done_todos = [@todo] if p.new_project_created || p.new_context_created + @new_project_created = p.new_project_created + @new_context_created = p.new_context_created + + respond_to do |format| + format.html do + redirect_to :action => "index" + end + format.m do + @return_path=cookies[:mobile_url] ? cookies[:mobile_url] : mobile_path + if @saved + onsite_redirect_to @return_path + else + @projects = current_user.projects + @contexts = current_user.contexts + render :action => "new" end - format.js do - if @saved - determine_down_count - @contexts = current_user.contexts - @projects = current_user.projects - @context = @todo.context - @project = @todo.project - @initial_context_name = params['default_context_name'] - @initial_project_name = params['default_project_name'] - @initial_tags = params['initial_tag_list'] - @status_message = t('todos.added_new_next_action') - @status_message += ' ' + t('todos.to_tickler') if @todo.deferred? - @status_message += ' ' + t('todos.in_pending_state') if @todo.pending? - @status_message += ' ' + t('todos.in_hidden_state') if @todo.hidden? - @status_message = t('todos.added_new_project') + ' / ' + @status_message if @new_project_created - @status_message = t('todos.added_new_context') + ' / ' + @status_message if @new_context_created - end - render :action => 'create' + end + format.js do + if @saved + determine_down_count + @contexts = current_user.contexts + @projects = current_user.projects + @context = @todo.context + @project = @todo.project + @initial_context_name = params['default_context_name'] + @initial_project_name = params['default_project_name'] + @initial_tags = params['initial_tag_list'] + @status_message = t('todos.added_new_next_action') + @status_message += ' ' + t('todos.to_tickler') if @todo.deferred? + @status_message += ' ' + t('todos.in_pending_state') if @todo.pending? + @status_message += ' ' + t('todos.in_hidden_state') if @todo.hidden? + @status_message = t('todos.added_new_project') + ' / ' + @status_message if @new_project_created + @status_message = t('todos.added_new_context') + ' / ' + @status_message if @new_context_created end - format.xml do - if @saved - head :created, :location => todo_url(@todo) - else - render_failure @todo.errors.to_xml.html_safe, 409 - end + render :action => 'create' + end + format.xml do + if @saved + head :created, :location => todo_url(@todo) + else + render_failure @todo.errors.to_xml.html_safe, 409 end end end