From f7b483358ff114b56c753ee9c2964059a55a3bd2 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 15 Nov 2021 20:32:59 -0800 Subject: [PATCH] Escape custom field values in API response Signed-off-by: snipe --- app/Http/Transformers/AssetsTransformer.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/Http/Transformers/AssetsTransformer.php b/app/Http/Transformers/AssetsTransformer.php index c323241cf01b..0da314002f54 100644 --- a/app/Http/Transformers/AssetsTransformer.php +++ b/app/Http/Transformers/AssetsTransformer.php @@ -93,15 +93,15 @@ public function transformAsset(Asset $asset) $value = (Gate::allows('superadmin')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted')); $fields_array[$field->name] = [ - 'field' => $field->convertUnicodeDbSlug(), - 'value' => $value, + 'field' => e($field->convertUnicodeDbSlug()), + 'value' => e($value), 'field_format' => $field->format, ]; } else { $fields_array[$field->name] = [ - 'field' => $field->convertUnicodeDbSlug(), - 'value' => $asset->{$field->convertUnicodeDbSlug()}, + 'field' => e($field->convertUnicodeDbSlug()), + 'value' => e($asset->{$field->convertUnicodeDbSlug()}), 'field_format' => $field->format, ]; @@ -134,7 +134,7 @@ public function transformAsset(Asset $asset) 'id' => $component->id, 'pivot_id' => $component->pivot->id, - 'name' => $component->name, + 'name' => e($component->name), 'qty' => $component->pivot->assigned_qty, 'price_cost' => $component->purchase_cost, 'purchase_total' => $component->purchase_cost * $component->pivot->assigned_qty,