Skip to content

Commit

Permalink
Fix xss admin
Browse files Browse the repository at this point in the history
  • Loading branch information
@vncore
vncore committed Jan 29, 2022
1 parent 32e18d0 commit 48e720c
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 6 deletions.
6 changes: 4 additions & 2 deletions app/Plugins/Cms/Content/Admin/CmsCategoryController.php
View file
Expand Up @@ -182,6 +182,7 @@ public function postCreate()
'sort' => (int) $data['sort'],
'store_id' => session('adminStoreId'),
];
$dataInsert = sc_clean($dataInsert, [], true);

$category = AdminCmsCategory::createCategoryAdmin($dataInsert);
$id = $category->id;
Expand All @@ -196,6 +197,7 @@ public function postCreate()
'description' => $data['descriptions'][$code]['description'],
];
}
$dataDes = sc_clean($dataDes, [], true);
AdminCmsCategory::insertDescriptionAdmin($dataDes);

sc_clear_cache('cache_cms_category');
Expand Down Expand Up @@ -273,7 +275,7 @@ public function postEdit($id)
'status' => empty($data['status']) ? 0 : 1,
'store_id' => session('adminStoreId'),
];

$dataUpdate = sc_clean($dataUpdate, [], true);
$category->update($dataUpdate);
$category->descriptions()->delete();
$dataDes = [];
Expand All @@ -286,7 +288,7 @@ public function postEdit($id)
'description' => $row['description'],
];
}

$dataDes = sc_clean($dataDes, [], true);
AdminCmsCategory::insertDescriptionAdmin($dataDes);

sc_clear_cache('cache_cms_category');
Expand Down
8 changes: 5 additions & 3 deletions app/Plugins/Cms/Content/Admin/CmsContentController.php
View file
Expand Up @@ -185,6 +185,7 @@ public function postCreate()
'sort' => (int) $data['sort'],
'store_id' => session('adminStoreId'),
];
$dataInsert = sc_clean($dataInsert, [], true);
$content = AdminCmsContent::createContentAdmin($dataInsert);
$id = $content->id;
$dataDes = [];
Expand All @@ -199,6 +200,7 @@ public function postCreate()
'content' => $data['descriptions'][$code]['content'],
];
}
$dataDes = sc_clean($dataDes, ['content'], true);
AdminCmsContent::insertDescriptionAdmin($dataDes);
sc_clear_cache('cache_cms_content');
return redirect()->route('admin_cms_content.index')
Expand Down Expand Up @@ -267,8 +269,7 @@ public function postEdit($id)
->withErrors($validator)
->withInput($data);
}
//Edit
$store = $data['store'] ?? [];
//Edit
$dataUpdate = [
'image' => $data['image'],
'alias' => $data['alias'],
Expand All @@ -277,7 +278,7 @@ public function postEdit($id)
'status' => empty($data['status']) ? 0 : 1,
'store_id' => session('adminStoreId'),
];

$dataUpdate = sc_clean($dataUpdate, [], true);
$content->update($dataUpdate);
$content->descriptions()->delete();
$dataDes = [];
Expand All @@ -291,6 +292,7 @@ public function postEdit($id)
'content' => $row['content'],
];
}
$dataDes = sc_clean($dataDes, ['content'], true);
AdminCmsContent::insertDescriptionAdmin($dataDes);
sc_clear_cache('cache_cms_content');
return redirect()->route('admin_cms_content.index')->with('success', sc_language_render($this->plugin->pathPlugin.'::Content.admin.edit_success'));
Expand Down
2 changes: 2 additions & 0 deletions app/Plugins/Total/Discount/Admin/AdminController.php
View file
Expand Up @@ -212,6 +212,7 @@ public function postCreate()
if(!empty($data['expires_at'])) {
$dataInsert['expires_at'] = $data['expires_at'];
}
$dataInsert = sc_clean($dataInsert, [], true);
$discount = AdminDiscount::createDiscountAdmin($dataInsert);

$shopStore = $data['shop_store'] ?? [session('adminStoreId')];
Expand Down Expand Up @@ -284,6 +285,7 @@ public function postEdit($id)
if(!empty($data['expires_at'])) {
$dataUpdate['expires_at'] = $data['expires_at'];
}
$dataUpdate = sc_clean($dataUpdate, [], true);
$discount->update($dataUpdate);

$shopStore = $data['shop_store'] ?? [session('adminStoreId')];
Expand Down
2 changes: 1 addition & 1 deletion config/s-cart.php
View file
@@ -1,7 +1,7 @@
<?php
return [
'version' => '6.8',
'sub-version' => '6.8.3',
'sub-version' => '6.8.4',
'type' => 'basic',
'homepage' => 'https://s-cart.org',
'title' => 'Free Open Source eCommerce for Business',
Expand Down

0 comments on commit 48e720c

Please sign in to comment.