Fix xss admin auth

src/Admin/Controllers/Auth/LoginController.php

@@ -130,8 +130,9 @@ public function putSetting()
         if ($data['password']) {
             $dataUpdate['password'] = bcrypt($data['password']);
         }
+        $dataUpdate = sc_clean($dataUpdate, [], true);
         $user->update($dataUpdate);
-//
+
         return redirect()->route('admin.home')->with('success', sc_language_render('action.edit_success'));
     }
 

src/Admin/Controllers/Auth/PermissionController.php

@@ -188,7 +188,7 @@ public function postCreate()
             'slug' => $data['slug'],
             'http_uri' => implode(',', ($data['http_uri'] ?? [])),
         ];
-
+        $dataInsert = sc_clean($dataInsert, [], true);
         $permission = AdminPermission::createPermission($dataInsert);
 
         return redirect()->route('admin_permission.index')->with('success', sc_language_render('action.create_success'));
@@ -243,8 +243,8 @@ public function postEdit($id)
             'slug' => $data['slug'],
             'http_uri' => implode(',', ($data['http_uri'] ?? [])),
         ];
+        $dataUpdate = sc_clean($dataUpdate, [], true);
         $permission->update($dataUpdate);
-//
         return redirect()->route('admin_permission.index')->with('success', sc_language_render('action.edit_success'));
     }
 

src/Admin/Controllers/Auth/RoleController.php

@@ -155,7 +155,7 @@ public function postCreate()
             'name' => $data['name'],
             'slug' => $data['slug'],
         ];
-
+        $dataInsert = sc_clean($dataInsert, [], true);
         $role = AdminRole::createRole($dataInsert);
         $permission = $data['permission'] ?? [];
         $administrators = $data['administrators'] ?? [];
@@ -219,6 +219,7 @@ public function postEdit($id)
             'name' => $data['name'],
             'slug' => $data['slug'],
         ];
+        $dataUpdate = sc_clean($dataUpdate, [], true);
         $role->update($dataUpdate);
         $permission = $data['permission'] ?? [];
         $administrators = $data['administrators'] ?? [];
@@ -232,7 +233,6 @@ public function postEdit($id)
         if ($administrators) {
             $role->administrators()->attach($administrators);
         }
-//
         return redirect()->route('admin_role.index')->with('success', sc_language_render('action.edit_success'));
     }
 

src/Admin/Controllers/Auth/UsersController.php

@@ -190,7 +190,7 @@ public function postCreate()
             'email'    => strtolower($data['email']),
             'password' => bcrypt($data['password']),
         ];
-
+        $dataInsert = sc_clean($dataInsert, [], true);
         $user = AdminUser::createUser($dataInsert);
 
         $roles = $data['roles'] ?? [];
@@ -278,6 +278,7 @@ public function postEdit($id)
         if ($data['password']) {
             $dataUpdate['password'] = bcrypt($data['password']);
         }
+        $dataUpdate = sc_clean($dataUpdate, [], true);
         AdminUser::updateInfo($dataUpdate, $id);
 
         if (!in_array($user->id, SC_GUARD_ADMIN)) {

src/Config/s-cart.php

@@ -1,7 +1,7 @@
 <?php
 return [
     'core'             => '6.8',
-    'core-sub-version' => '6.8.12',
+    'core-sub-version' => '6.8.13',
     'homepage'         => 'https://s-cart.org',
     'name'             => 'S-Cart',
     'github'           => 'https://github.com/s-cart/s-cart',