Commit ddae9442 authored by jplang's avatar jplang

Fixed: potential security leak on my page calendar (#4691).

git-svn-id: e93f8b46-1217-0410-a6f0-8f06a7374b81
parent ee611f21
<h3><%= l(:label_calendar) %></h3>
<% calendar =, current_language, :week) = Issue.find :all, = Issue.visible.find :all,
:conditions => ["#{Issue.table_name}.project_id in (#{@user.projects.collect{|m|}.join(',')}) AND ((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?))", calendar.startdt, calendar.enddt, calendar.startdt, calendar.enddt],
:include => [:project, :tracker, :priority, :assigned_to] unless @user.projects.empty? %>
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment