Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #10942 from snipe/fixes/xss_user_requested
Fixes potential XSS vuln in user requestable results
  • Loading branch information
snipe committed Apr 15, 2022
2 parents 7479f5f + 698c7f4 commit f211c11
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions app/Http/Controllers/Api/ProfileController.php
Expand Up @@ -30,11 +30,11 @@ public function requestedAssets()
// Make sure the asset and request still exist
if ($checkoutRequest && $checkoutRequest->itemRequested()) {
$results['rows'][] = [
'image' => $checkoutRequest->itemRequested()->present()->getImageUrl(),
'name' => $checkoutRequest->itemRequested()->present()->name(),
'type' => $checkoutRequest->itemType(),
'qty' => $checkoutRequest->quantity,
'location' => ($checkoutRequest->location()) ? $checkoutRequest->location()->name : null,
'image' => e($checkoutRequest->itemRequested()->present()->getImageUrl()),
'name' => e($checkoutRequest->itemRequested()->present()->name()),
'type' => e($checkoutRequest->itemType()),
'qty' => (int) $checkoutRequest->quantity,
'location' => ($checkoutRequest->location()) ? e($checkoutRequest->location()->name) : null,
'expected_checkin' => Helper::getFormattedDateObject($checkoutRequest->itemRequested()->expected_checkin, 'datetime'),
'request_date' => Helper::getFormattedDateObject($checkoutRequest->created_at, 'datetime'),
];
Expand Down

0 comments on commit f211c11

Please sign in to comment.