diff options
author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2009-06-08 13:18:50 +0200 |
---|---|---|
committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2009-06-08 13:18:50 +0200 |
commit | 4d9d211e41d983dbaed50524cc0a91666d3bf728 (patch) | |
tree | d1f7443f8c51c40b298fd3557ebcfbafdef1e8c6 /poll.rb | |
parent | 0d2ffbf45a1879dd781912645b6a3bcf9329da8d (diff) |
better approach to edit participant
Diffstat (limited to '')
-rw-r--r-- | poll.rb | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -49,7 +49,7 @@ class Poll ret += "<tr class='participantrow'>\n" ret += "<td class='name' #{$cgi["edit"] == participant ? "id='active'":""}>" ret += participant - ret += " <sup><a href='?edit=#{CGI.escape(participant)}'>edit</a></sup>" unless config + ret += " <sup><a href=\"?edit=#{CGI.escapeHTML(CGI.escape(participant))}\">edit</a></sup>" unless config ret += "</td>\n" @head.sort.each{|columntitle,columndescription| klasse = poll[columntitle] @@ -119,6 +119,7 @@ class Poll participant = $cgi["edit"] @head.each_key{|k| checked[k] = @data[participant][k]} else + participant = "" @head.each_key{|k| checked[k] = NOVAL} end ret = "<tr id='add_participant'>\n" @@ -126,7 +127,7 @@ class Poll <input size='16' type='text' name='add_participant' - value='#{participant}' + value=\"#{CGI.escapeHTML(participant)}\" title='To change a line, add a new person with the same name!' /> </td>\n" @head.sort.each{|columntitle,columndescription| |