Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #10361 from snipe/fixes/xss_in_accessories_checkou…
…t_notes

Escape notes in transformCheckedOutAccessory
  • Loading branch information
snipe committed Nov 25, 2021
2 parents 3b68a6f + 00fad35 commit ff81e6d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/Http/Transformers/AccessoriesTransformer.php
Expand Up @@ -82,7 +82,7 @@ public function transformCheckedoutAccessory ($accessory, $accessory_users, $tot
'first_name'=> e($user->first_name),
'last_name'=> e($user->last_name),
'employee_number' => e($user->employee_num),
'checkout_notes' => $user->pivot->note,
'checkout_notes' => e($user->pivot->note),
'last_checkout' => Helper::getFormattedDateObject($user->pivot->created_at, 'datetime'),
'type' => 'user',
'available_actions' => ['checkin' => true]
Expand Down

0 comments on commit ff81e6d

Please sign in to comment.