Skip to content

Commit

Permalink
Merge pull request #343 from range-of-motion/312-fix-potential-xss-vu…
Browse files Browse the repository at this point in the history 
…lnerabilities-on-several-pages

Fix potential XSS vulnerabilities on several pages
  • Loading branch information
@range-of-motion
range-of-motion committed Dec 21, 2021
2 parents e65ea2b + 38e01f2 commit eea1bf6
Show file tree
Hide file tree
Showing 17 changed files with 21 additions and 21 deletions.
2 changes: 1 addition & 1 deletion resources/views/budgets/create.blade.php
View file
Expand Up @@ -16,7 +16,7 @@
<label>{{ __('models.tag') }}</label>
<select name="tag_id">
@foreach ($tags as $tag)
<option value="{{ $tag->id }}">{{ $tag->name }}</option>
<option value="{{ $tag->id }}" v-pre>{{ $tag->name }}</option>
@endforeach
</select>
@include('partials.validation_error', ['payload' => 'tag_id'])
Expand Down
2 changes: 1 addition & 1 deletion resources/views/budgets/index.blade.php
View file
Expand Up @@ -18,7 +18,7 @@
@endif
@foreach ($budgets as $budget)
<div class="box__section">
<div>{{ $budget->tag->name }}</div>
<div v-pre>{{ $budget->tag->name }}</div>
<progress class="mt-2 mb-1" value="{{ $budget->spent }}" min="0" max="{{ $budget->amount }}"></progress>
<div style="font-size: 14px; font-weight: 600;">{!! $currency !!} {{ $budget->formatted_spent }} {{ __('general.of') }} {!! $currency !!} {{ $budget->formatted_amount }}</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/earnings/show.blade.php
View file
Expand Up @@ -4,7 +4,7 @@

@section('body')
<div class="wrapper my-3">
<h2>{{ $earning->description }}</h2>
<h2 v-pre>{{ $earning->description }}</h2>
@include('partials.attachments', ['payload' => $earning])
</div>
@endsection
2 changes: 1 addition & 1 deletion resources/views/imports/complete.blade.php
View file
Expand Up @@ -40,7 +40,7 @@
<select name="rows[{{ $index }}][tag_id]">
<option value="">-</option>
@foreach ($tags as $tag)
<option value="{{ $tag->id }}">{{ $tag->name }}</option>
<option value="{{ $tag->id }}" v-pre>{{ $tag->name }}</option>
@endforeach
</select>
@include('partials.validation_error', ['payload' => 'rows.' . $index . '.tag_id'])
Expand Down
2 changes: 1 addition & 1 deletion resources/views/imports/index.blade.php
View file
Expand Up @@ -21,7 +21,7 @@
</div>
@foreach ($imports as $import)
<div class="box__section row">
<div class="row__column">{{ $import->name }}</div>
<div class="row__column" v-pre>{{ $import->name }}</div>
<div class="row__column">{{ $import->status < 2 ? $import->status + 1 . ' / 3' : 'Completed' }}</div>
<div class="row__column row__column--compact text-right" style="width: 100px;">
@if ($import->status < 2)
Expand Down
2 changes: 1 addition & 1 deletion resources/views/layout.blade.php
View file
Expand Up @@ -91,7 +91,7 @@
<ul slot="menu" v-cloak>
@foreach (Auth::user()->spaces as $space)
<li>
<a href="/spaces/{{ $space->id }}">{{ $space->name }}</a>
<a href="/spaces/{{ $space->id }}" v-pre>{{ $space->name }}</a>
</li>
@endforeach
</ul>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/partials/tag.blade.php
View file
@@ -1 +1 @@
<span style="border-radius: 5px; background: #{{ $payload->color }}; color: #FFF; padding: 5px 10px; font-size: 14px; font-weight: 600;"><i class="fas fa-tag fa-xs"></i> {{ $payload->name }}</span>
<span style="border-radius: 5px; background: #{{ $payload->color }}; color: #FFF; padding: 5px 10px; font-size: 14px; font-weight: 600;" v-pre><i class="fas fa-tag fa-xs"></i> {{ $payload->name }}</span>
2 changes: 1 addition & 1 deletion resources/views/recurrings/index.blade.php
View file
Expand Up @@ -18,7 +18,7 @@
<div class="box__section row">
<div class="row__column">
<div class="color-dark">
<a href="/recurrings/{{ $recurring->id }}">{{ $recurring->description }}</a>
<a href="/recurrings/{{ $recurring->id }}" v-pre>{{ $recurring->description }}</a>
</div>
<div class="row mt-1">
<div class="row__column row__column--compact" style="font-size: 14px; font-weight: 600;">{!! $currency !!} {{ \App\Helper::formatNumber($recurring->amount / 100) }}</div>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/recurrings/show.blade.php
View file
Expand Up @@ -2,7 +2,7 @@

@section('body')
<div class="wrapper my-3">
<h2>{{ $recurring->description }}</h2>
<h2 v-pre>{{ $recurring->description }}</h2>
<div class="row my-3">
<div class="row__column row__column--compact">
@if ($recurring->status)
Expand Down
2 changes: 1 addition & 1 deletion resources/views/settings/spaces/index.blade.php
View file
Expand Up @@ -11,7 +11,7 @@
<ul class="box__section">
@foreach ($spaces as $space)
<li class="row row--middle">
<div class="row__column">{{ $space->name }} &middot; {{ ucfirst($space->pivot->role) }}</div>
<div class="row__column" v-pre>{{ $space->name }} &middot; {{ ucfirst($space->pivot->role) }}</div>
<div class="row__column row__column--compact">
@can('edit', $space)
<a class="button button--secondary button--small" href="/spaces/{{ $space->id }}/edit">{{ __('pages.settings') }}</a>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/space_invites/show.blade.php
View file
Expand Up @@ -10,7 +10,7 @@
@endif
<div class="box mt-3">
<div class="box__section">
<h3 class="color-dark mb-1">{{ __('general.invited_to') }} "{{ $invite->space->name }}"</h3>
<h3 class="color-dark mb-1" v-pre>{{ __('general.invited_to') }} "{{ $invite->space->name }}"</h3>
<div>{{ __('general.sent_by') }} {{ $invite->inviter->name }}.</div>
<div class="row row--middle mt-2">
<form method="POST" action="{{ route('space_invites.accept', ['space' => $invite->space->id, 'invite' => $invite->id]) }}">
Expand Down
6 changes: 3 additions & 3 deletions resources/views/spaces/edit.blade.php
View file
Expand Up @@ -40,7 +40,7 @@
<div class="row__column row__column--double">
@foreach ($space->users as $i => $user)
<div class="{{ $i > 0 ? 'mt-2' : null }}">
<div class="color-dark mb-1">{{ $user->name }}</div>
<div class="color-dark mb-1" v-pre>{{ $user->name }}</div>
<div class="fs-sm">{{ ucfirst($user->pivot->role) }}</div>
</div>
@endforeach
Expand All @@ -58,8 +58,8 @@
@endif
@foreach ($space->invites as $i => $invite)
<div class="{{ $i > 0 ? 'mt-2' : '' }}">
<div class="color-dark mb-1">{{ $invite->invitee->name }}</div>
<div class="fs-sm">{{ __('general.invited_by') }} {{ $invite->inviter->name }} &middot; {{ $invite->status }}</div>
<div class="color-dark mb-1" v-pre>{{ $invite->invitee->name }}</div>
<div class="fs-sm" v-pre>{{ __('general.invited_by') }} {{ $invite->inviter->name }} &middot; {{ $invite->status }}</div>
</div>
@endforeach
</div>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/spendings/create.blade.php
View file
Expand Up @@ -14,7 +14,7 @@
<select name="tag_id">
<option value="">-</option>
@foreach ($tags as $tag)
<option value="{{ $tag->id }}">{{ $tag->name }}</option>
<option value="{{ $tag->id }}" v-pre>{{ $tag->name }}</option>
@endforeach
</select>
@include('partials.validation_error', ['payload' => 'tag_id'])
Expand Down
2 changes: 1 addition & 1 deletion resources/views/spendings/edit.blade.php
View file
Expand Up @@ -15,7 +15,7 @@
<select name="tag_id">
<option value="">-</option>
@foreach ($tags as $tag)
<option value="{{ $tag->id }}" {{ $tag->id === $spending->tag_id ? 'selected' : '' }}>{{ $tag->name }}</option>
<option value="{{ $tag->id }}" {{ $tag->id === $spending->tag_id ? 'selected' : '' }} v-pre>{{ $tag->name }}</option>
@endforeach
</select>
@include('partials.validation_error', ['payload' => 'tag_id'])
Expand Down
2 changes: 1 addition & 1 deletion resources/views/spendings/show.blade.php
View file
Expand Up @@ -4,7 +4,7 @@

@section('body')
<div class="wrapper my-3">
<h2>{{ $spending->description }}</h2>
<h2 v-pre>{{ $spending->description }}</h2>
@include('partials.attachments', ['payload' => $spending])
</div>
@endsection
2 changes: 1 addition & 1 deletion resources/views/tags/index.blade.php
View file
Expand Up @@ -24,7 +24,7 @@
<div class="row__column row__column--compact row__column--middle mr-2">
<div style="width: 15px; height: 15px; border-radius: 2px; background: #{{ $tag->color }};"></div>
</div>
<div class="row__column row__column--middle">{{ $tag->name }}</div>
<div class="row__column row__column--middle" v-pre>{{ $tag->name }}</div>
<div class="row__column row__column--middle">{{ $tag->spendings->count() }}</div>
<div class="row__column row__column--middle row row--right">
<div class="row__column row__column--compact">
Expand Down
6 changes: 3 additions & 3 deletions resources/views/transactions/index.blade.php
View file
Expand Up @@ -22,7 +22,7 @@
<span>Filter by Tag</span>
@foreach ($tags as $tag)
<div class="mt-1 ml-1">
<a href="/transactions?filterBy=tag-{{ $tag->id }}">{{ $tag->name }}</a>
<a href="/transactions?filterBy=tag-{{ $tag->id }}" v-pre>{{ $tag->name }}</a>
</div>
@endforeach
</div>
Expand All @@ -36,7 +36,7 @@
@foreach ($transactions as $transaction)
<div class="box__section row row--responsive">
<div class="row__column row__column--middle row row--middle">
<div>{{ $transaction->description }}</div>
<div v-pre>{{ $transaction->description }}</div>
<a href="/{{ get_class($transaction) === 'App\Models\Earning' ? 'earnings' : 'spendings' }}/{{ $transaction->id }}">
<i class="fas fa-info-circle fa-xs c-light ml-1"></i>
</a>
Expand All @@ -57,7 +57,7 @@
<div class="row__column row__column--compact row__column--middle mr-05" style="font-size: 12px;">
<i class="fas fa-tag" style="color: #{{ $transaction->tag->color }};"></i>
</div>
<div class="row__column row__column--compact row__column--middle">{{ $transaction->tag->name }}</div>
<div class="row__column row__column--compact row__column--middle" v-pre>{{ $transaction->tag->name }}</div>
</div>
@endif
</div>
Expand Down

0 comments on commit eea1bf6

Please sign in to comment.