0004b-Validate-back-url-in-user-removal-confirmation-.patch - Redmine

Patch #43640 » 0004b-Validate-back-url-in-user-removal-confirmation-.patch

         @users = User.not_in_group(@group).where(:id => (params[:user_id] || params[:user_ids])).to_a
         @group.users << @users
         respond_to do |format|
           format.html {redirect_back_or_default edit_group_path(@group, :tab => 'users')}
           format.html do
             flash[:notice] = l(:notice_successful_update)
             redirect_back_or_default edit_group_path(@group, :tab => 'users')
           end
           format.js
           format.api do
             if @users.any?

     <%= title l(:label_confirmation) %>
     <%= form_tag(group_users_path(@group, :user_ids => @users.map(&:id)), method: :delete) do %>
       <%= back_url_hidden_field_tag %>
       <div class="warning">
         <p><%= simple_format l :text_users_remove_from_group_confirmation, group: "<strong>#{@group.name}</strong>".html_safe %></p>
-...
       <p>
         <%= submit_tag l(:button_delete) %>
         <%= link_to l(:button_cancel), @back_url || users_path %>
         <%= cancel_button_tag(users_path) %>
       </p>
     <% end %>

(16-16/16)