diff --git a/app/Http/Controllers/AccessoriesController.php b/app/Http/Controllers/AccessoriesController.php index d4e89571e..ed25e7a88 100755 --- a/app/Http/Controllers/AccessoriesController.php +++ b/app/Http/Controllers/AccessoriesController.php @@ -26,6 +26,7 @@ use Slack; use Str; use View; use Auth; +use Request; /** * This class controls all actions related to accessories @@ -42,7 +43,7 @@ class AccessoriesController extends Controller * @since [v1.0] * @return View */ - public function getIndex() + public function getIndex(Request $request) { return View::make('accessories/index'); } @@ -54,7 +55,7 @@ class AccessoriesController extends Controller * @author [A. Gianotto] [] * @return View */ - public function getCreate() + public function getCreate(Request $request) { // Show the page $category_list = array('' => '') + DB::table('categories')->where('category_type', '=', 'accessory')->whereNull('deleted_at')->orderBy('name', 'ASC')->lists('name', 'id'); @@ -74,7 +75,7 @@ class AccessoriesController extends Controller * @author [A. Gianotto] [] * @return Redirect */ - public function postCreate() + public function postCreate(Request $request) { // create a new model instance @@ -120,7 +121,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return View */ - public function getEdit($accessoryId = null) + public function getEdit(Request $request, $accessoryId = null) { // Check if the accessory exists if (is_null($accessory = Accessory::find($accessoryId))) { @@ -148,7 +149,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return Redirect */ - public function postEdit($accessoryId = null) + public function postEdit(Request $request, $accessoryId = null) { // Check if the blog post exists if (is_null($accessory = Accessory::find($accessoryId))) { @@ -203,7 +204,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return Redirect */ - public function getDelete($accessoryId) + public function getDelete(Request $request, $accessoryId) { // Check if the blog post exists if (is_null($accessory = Accessory::find($accessoryId))) { @@ -237,7 +238,7 @@ class AccessoriesController extends Controller * @since [v1.0] * @return View */ - public function getView($accessoryID = null) + public function getView(Request $request, $accessoryID = null) { $accessory = Accessory::find($accessoryID); @@ -266,7 +267,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return View */ - public function getCheckout($accessoryId) + public function getCheckout(Request $request, $accessoryId) { // Check if the accessory exists if (is_null($accessory = Accessory::find($accessoryId))) { @@ -293,7 +294,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return Redirect */ - public function postCheckout($accessoryId) + public function postCheckout(Request $request, $accessoryId) { // Check if the accessory exists if (is_null($accessory = Accessory::find($accessoryId))) { @@ -399,7 +400,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return View **/ - public function getCheckin($accessoryUserId = null, $backto = null) + public function getCheckin(Request $request, $accessoryUserId = null, $backto = null) { // Check if the accessory exists if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) { @@ -425,7 +426,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return Redirect **/ - public function postCheckin($accessoryUserId = null, $backto = null) + public function postCheckin(Request $request, $accessoryUserId = null, $backto = null) { // Check if the accessory exists if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) { @@ -441,18 +442,18 @@ class AccessoriesController extends Controller } $logaction = new Actionlog(); - $logaction->checkedout_to = $accessory_user->assigned_to; - $return_to = $accessory_user->assigned_to; + $logaction->checkedout_to = e($accessory_user->assigned_to); + $return_to = e($accessory_user->assigned_to); $admin_user = Auth::user(); // Was the accessory updated? if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) { - $logaction->accessory_id = $accessory->id; + $logaction->accessory_id = e($accessory->id); $logaction->location_id = null; $logaction->asset_type = 'accessory'; - $logaction->user_id = $admin_user->id; + $logaction->user_id = e($admin_user->id); $logaction->note = e(Input::get('note')); $settings = Setting::getSettings(); @@ -461,8 +462,8 @@ class AccessoriesController extends Controller $slack_settings = [ - 'username' => $settings->botname, - 'channel' => $settings->slack_channel, + 'username' => e($settings->botname), + 'channel' => e($settings->slack_channel), 'link_names' => true ]; @@ -474,7 +475,7 @@ class AccessoriesController extends Controller 'fields' => [ [ 'title' => 'Checked In:', - 'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.$accessory->id.'/view'.'|'.$accessory->name.'> checked in by <'.config('app.url').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.' + 'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.e($accessory->id).'/view'.'|'.e($accessory->name).'> checked in by <'.config('app.url').'/admin/users/'.e($admin_user->id).'/view'.'|'.e($admin_user->fullName()).'>.' ], [ 'title' => 'Note:', @@ -498,11 +499,11 @@ class AccessoriesController extends Controller } $data['log_id'] = $logaction->id; - $data['first_name'] = $user->first_name; - $data['item_name'] = $accessory->name; - $data['checkin_date'] = $logaction->created_at; + $data['first_name'] = e($user->first_name); + $data['item_name'] = e($accessory->name); + $data['checkin_date'] = e($logaction->created_at); $data['item_tag'] = ''; - $data['note'] = $logaction->note; + $data['note'] = e($logaction->note); if (($accessory->checkin_email()=='1')) { @@ -550,13 +551,13 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return string JSON containing accessories and their associated atrributes. **/ - public function getDatatable() + public function getDatatable(Request $request) { $accessories = Accessory::select('accessories.*')->with('category', 'company') ->whereNull('accessories.deleted_at'); if (Input::has('search')) { - $accessories = $accessories->TextSearch(Input::get('search')); + $accessories = $accessories->TextSearch(e(Input::get('search'))); } if (Input::has('offset')) { @@ -574,7 +575,7 @@ class AccessoriesController extends Controller $allowed_columns = ['name','min_amt','order_number','purchase_date','purchase_cost','companyName','category']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; switch ($sort) { case 'category': @@ -600,11 +601,11 @@ class AccessoriesController extends Controller $rows[] = array( 'name' => ''. $accessory->name.'', 'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '', - 'qty' => $accessory->qty, - 'order_number' => $accessory->order_number, - 'min_amt' => $accessory->min_amt, - 'location' => ($accessory->location) ? $accessory->location->name: '', - 'purchase_date' => $accessory->purchase_date, + 'qty' => e($accessory->qty), + 'order_number' => e($accessory->order_number), + 'min_amt' => e($accessory->min_amt), + 'location' => ($accessory->location) ? e($accessory->location->name): '', + 'purchase_date' => e($accessory->purchase_date), 'purchase_cost' => number_format($accessory->purchase_cost, 2), 'numRemaining' => $accessory->numRemaining(), 'actions' => $actions, @@ -643,7 +644,7 @@ class AccessoriesController extends Controller * @param int $accessoryId * @return string JSON containing accessories and their associated atrributes. **/ - public function getDataView($accessoryID) + public function getDataView(Request $request, $accessoryID) { $accessory = Accessory::find($accessoryID); @@ -660,7 +661,7 @@ class AccessoriesController extends Controller $actions = 'Checkin'; $rows[] = array( - 'name' =>(string) link_to('/admin/users/'.$user->id.'/view', $user->fullName()), + 'name' =>(string) link_to('/admin/users/'.$user->id.'/view', e($user->fullName())), 'actions' => $actions ); } diff --git a/app/Http/Controllers/AssetMaintenancesController.php b/app/Http/Controllers/AssetMaintenancesController.php index ee8580126..2ebe3c500 100644 --- a/app/Http/Controllers/AssetMaintenancesController.php +++ b/app/Http/Controllers/AssetMaintenancesController.php @@ -75,7 +75,7 @@ class AssetMaintenancesController extends Controller $allowed_columns = ['id','title','asset_maintenance_time','asset_maintenance_type','cost','start_date','completion_date','notes']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; $maintenances->orderBy($sort, $order); @@ -428,7 +428,7 @@ class AssetMaintenancesController extends Controller ->with('success', Lang::get('admin/asset_maintenances/message.create.success')); } return Redirect::back() ->withInput()->withErrors($assetMaintenance->getErrors()); - + } diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php index dfc9bb1ff..9fbeb4ee8 100755 --- a/app/Http/Controllers/AssetModelsController.php +++ b/app/Http/Controllers/AssetModelsController.php @@ -441,7 +441,7 @@ class AssetModelsController extends Controller $allowed_columns = ['id','name','modelno']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; $models = $models->orderBy($sort, $order); @@ -491,7 +491,7 @@ class AssetModelsController extends Controller $assets = Asset::where('model_id', '=', $modelID)->withTrashed()->with('company'); if (Input::has('search')) { - $assets = $assets->TextSearch(Input::get('search')); + $assets = $assets->TextSearch(e(Input::get('search'))); } if (Input::has('offset')) { @@ -509,7 +509,7 @@ class AssetModelsController extends Controller $allowed_columns = ['name', 'serial','asset_tag']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; $assets = $assets->orderBy($sort, $order); diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 0beae8c3b..424676507 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -136,7 +136,7 @@ class AssetsController extends Controller $asset->name = e(Input::get('name')); $asset->serial = e(Input::get('serial')); - $asset->company_id = \App\Models\Company::getIdForCurrentUser(Input::get('company_id')); + $asset->company_id = \App\Models\Company::getIdForCurrentUser(e(Input::get('company_id'))); $asset->model_id = e(Input::get('model_id')); $asset->order_number = e(Input::get('order_number')); $asset->notes = e(Input::get('notes')); @@ -358,12 +358,11 @@ class AssetsController extends Controller $checkModel = config('app.url').'/api/models/'.e(Input::get('model_id')).'/check'; - //$asset->mac_address = ($checkModel == true) ? e(Input::get('mac_address')) : NULL; // Update the asset data $asset->name = e(Input::get('name')); $asset->serial = e(Input::get('serial')); - $asset->company_id = Company::getIdForCurrentUser(Input::get('company_id')); + $asset->company_id = Company::getIdForCurrentUser(e(Input::get('company_id'))); $asset->model_id = e(Input::get('model_id')); $asset->order_number = e(Input::get('order_number')); $asset->asset_tag = e(Input::get('asset_tag')); @@ -439,7 +438,7 @@ class AssetsController extends Controller public function getCheckout($assetId) { // Check if the asset exists - if (is_null($asset = Asset::find($assetId))) { + if (is_null($asset = Asset::find(e($assetId)))) { // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } elseif (!Company::isCurrentUserHasAccess($asset)) { @@ -582,8 +581,7 @@ class AssetsController extends Controller $logaction->note = e(Input::get('note')); $logaction->user_id = Auth::user()->id; $log = $logaction->logaction('checkin from'); - - $settings = Setting::getSettings(); + $settings = Setting::getSettings(); if ($settings->slack_endpoint) { @@ -601,7 +599,7 @@ class AssetsController extends Controller 'fields' => [ [ 'title' => 'Checked In:', - 'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.$asset->showAssetName().'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.Auth::user()->fullName().'>.' + 'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e($asset->showAssetName()).'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e(Auth::user()->fullName()).'>.' ], [ 'title' => 'Note:', @@ -1462,19 +1460,19 @@ class AssetsController extends Controller 'checkbox' =>'
', 'id' => $asset->id, 'image' => (($asset->image) && ($asset->image!='')) ? '' : ((($asset->model) && ($asset->model->image!='')) ? '' : ''), - 'name' => ''.$asset->name.'', - 'asset_tag' => ''.$asset->asset_tag.'', - 'serial' => $asset->serial, - 'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', $asset->model->name) : 'No model', - 'status_label' => ($asset->assigneduser) ? 'Deployed' : (($asset->assetstatus) ? $asset->assetstatus->name : ''), - 'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', $asset->assigneduser->fullName()) : '', - 'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', $asset->assigneduser->userloc->name) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', $asset->defaultLoc->name) : ''), - 'category' => (($asset->model) && ($asset->model->category)) ? $asset->model->category->name : '', + 'name' => ''.e($asset->name).'', + 'asset_tag' => ''.e($asset->asset_tag).'', + 'serial' => e($asset->serial), + 'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', e($asset->model->name)) : 'No model', + 'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''), + 'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', e($asset->assigneduser->fullName())) : '', + 'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', e($asset->assigneduser->userloc->name)) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', e($asset->defaultLoc->name)) : ''), + 'category' => (($asset->model) && ($asset->model->category)) ? e($asset->model->category->name) : '', 'eol' => ($asset->eol_date()) ? $asset->eol_date() : '', - 'notes' => $asset->notes, - 'order_number' => ($asset->order_number!='') ? ''.$asset->order_number.'' : '', - 'last_checkout' => ($asset->last_checkout!='') ? $asset->last_checkout : '', - 'expected_checkin' => ($asset->expected_checkin!='') ? $asset->expected_checkin : '', + 'notes' => e($asset->notes), + 'order_number' => ($asset->order_number!='') ? ''.e($asset->order_number).'' : '', + 'last_checkout' => ($asset->last_checkout!='') ? e($asset->last_checkout) : '', + 'expected_checkin' => ($asset->expected_checkin!='') ? e($asset->expected_checkin) : '', 'change' => ($inout) ? $inout : '', 'actions' => ($actions) ? $actions : '', 'companyName' => is_null($asset->company) ? '' : e($asset->company->name) diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php index 76bfe1fe0..5b3c385d7 100755 --- a/app/Http/Controllers/CategoriesController.php +++ b/app/Http/Controllers/CategoriesController.php @@ -218,7 +218,7 @@ class CategoriesController extends Controller $allowed_columns = ['id','name','category_type']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; $categories = $categories->orderBy($sort, $order); @@ -309,10 +309,10 @@ class CategoriesController extends Controller $rows[] = array( 'id' => $asset->id, - 'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->name), + 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->name)), //'model' => $asset->model->name, - 'asset_tag' => $asset->asset_tag, - 'serial' => $asset->serial, + 'asset_tag' => e($asset->asset_tag), + 'serial' => e($asset->serial), 'assigned_to' => ($asset->assigneduser) ? (string)link_to(config('app.url').'/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '', 'change' => $inout, 'actions' => $actions, diff --git a/app/Http/Controllers/ComponentsController.php b/app/Http/Controllers/ComponentsController.php index 3a48622ce..2aa5cd1bb 100644 --- a/app/Http/Controllers/ComponentsController.php +++ b/app/Http/Controllers/ComponentsController.php @@ -70,7 +70,7 @@ class ComponentsController extends Controller $component->location_id = e(Input::get('location_id')); $component->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $component->order_number = e(Input::get('order_number')); - $component->min_amt = e(Input::get('min_amt')); + $component->min_amt = e(Input::get('min_amt')); if (e(Input::get('purchase_date')) == '') { $component->purchase_date = null; @@ -397,13 +397,13 @@ class ComponentsController extends Controller $rows[] = array( 'checkbox' =>'
', 'id' => $component->id, - 'name' => (string)link_to('admin/components/'.$component->id.'/view', $component->name), + 'name' => (string)link_to('admin/components/'.$component->id.'/view', e($component->name)), 'location' => ($component->location) ? e($component->location->name) : '', - 'total_qty' => $component->total_qty, - 'min_amt' => $component->min_amt, - 'category' => ($component->category) ? $component->category->name : 'Missing category', - 'order_number' => $component->order_number, - 'purchase_date' => $component->purchase_date, + 'total_qty' => e($component->total_qty), + 'min_amt' => e($component->min_amt), + 'category' => ($component->category) ? e($component->category->name) : 'Missing category', + 'order_number' => e($component->order_number), + 'purchase_date' => e($component->purchase_date), 'purchase_cost' => ($component->purchase_cost!='') ? number_format($component->purchase_cost, 2): '' , 'numRemaining' => $component->numRemaining(), 'actions' => $actions, @@ -432,8 +432,8 @@ class ComponentsController extends Controller foreach ($component->assets as $component_assignment) { $rows[] = array( - 'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', $component_assignment->name), - 'qty' => $component_assignment->pivot->assigned_qty, + 'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', e($component_assignment->name)), + 'qty' => e($component_assignment->pivot->assigned_qty), 'created_at' => ($component_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $component_assignment->created_at->format('Y-m-d H:i:s'), ); } diff --git a/app/Http/Controllers/ConsumablesController.php b/app/Http/Controllers/ConsumablesController.php index 1a3d55268..f6ece0c75 100644 --- a/app/Http/Controllers/ConsumablesController.php +++ b/app/Http/Controllers/ConsumablesController.php @@ -68,7 +68,7 @@ class ConsumablesController extends Controller $consumable->location_id = e(Input::get('location_id')); $consumable->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $consumable->order_number = e(Input::get('order_number')); - $consumable->min_amt = e(Input::get('min_amt')); + $consumable->min_amt = e(Input::get('min_amt')); if (e(Input::get('purchase_date')) == '') { $consumable->purchase_date = null; @@ -79,7 +79,7 @@ class ConsumablesController extends Controller if (e(Input::get('purchase_cost')) == '0.00') { $consumable->purchase_cost = null; } else { - $consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost'))); + $consumable->purchase_cost = e(Input::get('purchase_cost')); } $consumable->qty = e(Input::get('qty')); @@ -157,7 +157,7 @@ class ConsumablesController extends Controller if (e(Input::get('purchase_cost')) == '0.00') { $consumable->purchase_cost = null; } else { - $consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost'))); + $consumable->purchase_cost = e(Input::get('purchase_cost')); } $consumable->qty = e(Input::get('qty')); @@ -357,7 +357,7 @@ class ConsumablesController extends Controller ->with('company', 'location', 'category', 'users'); if (Input::has('search')) { - $consumables = $consumables->TextSearch(Input::get('search')); + $consumables = $consumables->TextSearch(e(Input::get('search'))); } if (Input::has('offset')) { @@ -398,17 +398,17 @@ class ConsumablesController extends Controller foreach ($consumables as $consumable) { $actions = 'numRemaining() > 0 ) ? '' : ' disabled').'>'.Lang::get('general.checkout').''; - $company = $consumable->company; + $company = e($consumable->company); $rows[] = array( 'id' => $consumable->id, - 'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', $consumable->name), + 'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)), 'location' => ($consumable->location) ? e($consumable->location->name) : '', - 'min_amt' => $consumable->min_amt, - 'qty' => $consumable->qty, - 'category' => ($consumable->category) ? $consumable->category->name : 'Missing category', - 'order_number' => $consumable->order_number, - 'purchase_date' => $consumable->purchase_date, + 'min_amt' => e($consumable->min_amt), + 'qty' => e($consumable->qty), + 'category' => ($consumable->category) ? e($consumable->category->name) : 'Missing category', + 'order_number' => e($consumable->order_number), + 'purchase_date' => e($consumable->purchase_date), 'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' , 'numRemaining' => $consumable->numRemaining(), 'actions' => $actions, @@ -445,9 +445,9 @@ class ConsumablesController extends Controller foreach ($consumable->consumableAssigments as $consumable_assignment) { $rows[] = array( - 'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', $consumable_assignment->user->fullName()), + 'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', e($consumable_assignment->user->fullName())), 'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'), - 'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->fullName() : '', + 'admin' => ($consumable_assignment->admin) ? e($consumable_assignment->admin->fullName()) : '', ); } diff --git a/app/Http/Controllers/DepreciationsController.php b/app/Http/Controllers/DepreciationsController.php index ba59687c3..e0714d266 100755 --- a/app/Http/Controllers/DepreciationsController.php +++ b/app/Http/Controllers/DepreciationsController.php @@ -184,8 +184,8 @@ class DepreciationsController extends Controller $rows[] = array( 'id' => $depreciation->id, - 'name' => $depreciation->name, - 'months' => $depreciation->months, + 'name' => e($depreciation->name), + 'months' => e($depreciation->months), 'actions' => $actions ); } diff --git a/app/Http/Controllers/GroupsController.php b/app/Http/Controllers/GroupsController.php index 839ea572d..fb10a913f 100755 --- a/app/Http/Controllers/GroupsController.php +++ b/app/Http/Controllers/GroupsController.php @@ -165,7 +165,7 @@ class GroupsController extends Controller //$users = Company::scopeCompanyables($users); if (Input::has('search')) { - $groups = $users->TextSearch(Input::get('search')); + $groups = $users->TextSearch(e(Input::get('search'))); } $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/LicensesController.php b/app/Http/Controllers/LicensesController.php index 121fcf27f..693deaaa8 100755 --- a/app/Http/Controllers/LicensesController.php +++ b/app/Http/Controllers/LicensesController.php @@ -936,7 +936,7 @@ class LicensesController extends Controller $allowed_columns = ['id','name','purchase_cost','expiration_date','purchase_order','order_number','notes','purchase_date','serial']; $order = Input::get('order') === 'asc' ? 'asc' : 'desc'; - $sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; + $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at'; $licenses = $licenses->orderBy($sort, $order); @@ -954,14 +954,14 @@ class LicensesController extends Controller 'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")), 'totalSeats' => $license->totalSeatsByLicenseID(), 'remaining' => $license->remaincount(), - 'license_name' => $license->license_name, - 'license_email' => $license->license_email, + 'license_name' => e($license->license_name), + 'license_email' => e($license->license_email), 'purchase_date' => ($license->purchase_date) ? $license->purchase_date : '', 'expiration_date' => ($license->expiration_date) ? $license->expiration_date : '', 'purchase_cost' => ($license->purchase_cost) ? $license->purchase_cost : '', - 'purchase_order' => ($license->purchase_order) ? $license->purchase_order : '', - 'order_number' => ($license->order_number) ? $license->order_number : '', - 'notes' => ($license->notes) ? $license->notes : '', + 'purchase_order' => ($license->purchase_order) ? e($license->purchase_order) : '', + 'order_number' => ($license->order_number) ? e($license->order_number) : '', + 'notes' => ($license->notes) ? e($license->notes) : '', 'actions' => $actions, 'companyName' => is_null($license->company) ? '' : e($license->company->name) ); diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php index 60e8cf149..e9841bf86 100755 --- a/app/Http/Controllers/LocationsController.php +++ b/app/Http/Controllers/LocationsController.php @@ -71,7 +71,7 @@ class LocationsController extends Controller } else { $location->parent_id = e(Input::get('parent_id')); } - $location->currency = Input::get('currency', '$'); + $location->currency = e(Input::get('currency', '$')); $location->address = e(Input::get('address')); $location->address2 = e(Input::get('address2')); $location->city = e(Input::get('city')); @@ -172,7 +172,7 @@ class LocationsController extends Controller } else { $location->parent_id = e(Input::get('parent_id', '')); } - $location->currency = Input::get('currency', '$'); + $location->currency = e(Input::get('currency', '$')); $location->address = e(Input::get('address')); $location->address2 = e(Input::get('address2')); $location->city = e(Input::get('city')); @@ -302,16 +302,16 @@ class LocationsController extends Controller $rows[] = array( 'id' => $location->id, - 'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', $location->name), - 'parent' => ($location->parent) ? $location->parent->name : '', + 'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', e($location->name)), + 'parent' => ($location->parent) ? e($location->parent->name) : '', // 'assets' => ($location->assets->count() + $location->assignedassets->count()), 'assets_default' => $location->assignedassets->count(), 'assets_checkedout' => $location->assets->count(), - 'address' => ($location->address) ? $location->address: '', - 'city' => $location->city, - 'state' => $location->state, - 'country' => $location->country, - 'currency' => $location->currency, + 'address' => ($location->address) ? e($location->address): '', + 'city' => e($location->city), + 'state' => e($location->state), + 'country' => e($location->country), + 'currency' => e($location->currency), 'actions' => $actions ); } @@ -339,7 +339,7 @@ class LocationsController extends Controller foreach ($location_users as $user) { $rows[] = array( - 'name' => (string)link_to('/admin/users/'.$user->id.'/view', $user->fullName()) + 'name' => (string)link_to('/admin/users/'.$user->id.'/view', e($user->fullName())) ); } @@ -364,10 +364,10 @@ class LocationsController extends Controller foreach ($location->assets as $asset) { $rows[] = array( - 'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()), - 'asset_tag' => $asset->asset_tag, - 'serial' => $asset->serial, - 'model' => $asset->model->name, + 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())), + 'asset_tag' => e($asset->asset_tag), + 'serial' => e($asset->serial), + 'model' => e($asset->model->name), ); } diff --git a/app/Http/Controllers/ManufacturersController.php b/app/Http/Controllers/ManufacturersController.php index a4fcf5090..65f37eb62 100755 --- a/app/Http/Controllers/ManufacturersController.php +++ b/app/Http/Controllers/ManufacturersController.php @@ -132,11 +132,6 @@ class ManufacturersController extends Controller return Redirect::to('admin/settings/manufacturers')->with('success', Lang::get('admin/manufacturers/message.delete.success')); } - - - - - } @@ -201,7 +196,7 @@ class ManufacturersController extends Controller $rows[] = array( 'id' => $manufacturer->id, - 'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', $manufacturer->name), + 'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', e($manufacturer->name)), 'assets' => $manufacturer->assets->count(), 'actions' => $actions ); @@ -266,13 +261,13 @@ class ManufacturersController extends Controller $row = array( 'id' => $asset->id, - 'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()), - 'model' => $asset->model->name, - 'asset_tag' => $asset->asset_tag, - 'serial' => $asset->serial, - 'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '', + 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())), + 'model' => e($asset->model->name), + 'asset_tag' => e($asset->asset_tag), + 'serial' => e($asset->serial), + 'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', e($asset->assigneduser->fullName())): '', 'actions' => $actions, - 'companyName' => Company::getName($asset), + 'companyName' => e(Company::getName($asset)), ); if (isset($inout)) { diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 0c842b330..dd0067167 100755 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -36,12 +36,12 @@ class ProfileController extends Controller $user = Auth::user(); // Update the user information - $user->first_name = Input::get('first_name'); - $user->last_name = Input::get('last_name'); - $user->website = Input::get('website'); - $user->location_id = Input::get('location_id'); - $user->gravatar = Input::get('gravatar'); - $user->locale = Input::get('locale'); + $user->first_name = e(Input::get('first_name')); + $user->last_name = e(Input::get('last_name')); + $user->website = e(Input::get('website')); + $user->location_id = e(Input::get('location_id')); + $user->gravatar = e(Input::get('gravatar')); + $user->locale = e(Input::get('locale')); if (Input::file('avatar')) { $image = Input::file('avatar'); diff --git a/app/Http/Controllers/ReportsController.php b/app/Http/Controllers/ReportsController.php index d83875c85..0a014a235 100644 --- a/app/Http/Controllers/ReportsController.php +++ b/app/Http/Controllers/ReportsController.php @@ -58,10 +58,10 @@ class ReportsController extends Controller // Row per accessory foreach ($accessories as $accessory) { $row = array(); - $row[] = $accessory->accessory_name; - $row[] = $accessory->accessory_category; - $row[] = $accessory->total; - $row[] = $accessory->remaining; + $row[] = e($accessory->accessory_name); + $row[] = e($accessory->accessory_category); + $row[] = e($accessory->total); + $row[] = e($accessory->remaining); $rows[] = implode($row, ','); } @@ -133,37 +133,37 @@ class ReportsController extends Controller // Create a row per asset foreach ($assets as $asset) { $row = [ ]; - $row[] = $asset->asset_tag; + $row[] = e($asset->asset_tag); if ($asset->model->manufacturer) { - $row[] = $asset->model->manufacturer->name; + $row[] = e($asset->model->manufacturer->name); } else { $row[] = ''; } - $row[] = '"' . $asset->model->name . '"'; - $row[] = '"' . $asset->model->modelno . '"'; - $row[] = $asset->name; - $row[] = $asset->serial; + $row[] = '"' . e($asset->model->name) . '"'; + $row[] = '"' . e($asset->model->modelno) . '"'; + $row[] = e($asset->name); + $row[] = e($asset->serial); if ($asset->assetstatus) { - $row[] = $asset->assetstatus->name; + $row[] = e($asset->assetstatus->name); } else { $row[] = ''; } $row[] = $asset->purchase_date; - $row[] = '"' . number_format($asset->purchase_cost) . '"'; + $row[] = '"' . number_format($asset->purchase_cost, 2) . '"'; if ($asset->order_number) { - $row[] = $asset->order_number; + $row[] = e($asset->order_number); } else { $row[] = ''; } if ($asset->supplier_id) { - $row[] = $asset->supplier->name; + $row[] = e($asset->supplier->name); } else { $row[] = ''; } if ($asset->assigned_to > 0) { $user = User::find($asset->assigned_to); - $row[] = $user->fullName(); + $row[] = e($user->fullName()); } else { $row[] = ''; // Empty string if unassigned } @@ -171,14 +171,14 @@ class ReportsController extends Controller if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) { $location = Location::find($asset->assigneduser->location_id); if ($location) { - $row[] = $location->name; + $row[] = e($location->name); } else { $row[] = ''; } } elseif ($asset->rtd_location_id) { $location = Location::find($asset->rtd_location_id); if ($location->name) { - $row[] = $location->name; + $row[] = e($location->name); } else { $row[] = ''; } @@ -187,7 +187,7 @@ class ReportsController extends Controller } if ($asset->notes) { - $row[] = '"' . $asset->notes . '"'; + $row[] = '"' . e($asset->notes) . '"'; } else { $row[] = ''; } @@ -255,13 +255,13 @@ class ReportsController extends Controller // Create a row per asset foreach ($assets as $asset) { $row = [ ]; - $row[] = $asset->asset_tag; - $row[] = $asset->name; - $row[] = $asset->serial; + $row[] = e($asset->asset_tag); + $row[] = e($asset->name); + $row[] = e($asset->serial); if ($asset->assigned_to > 0) { $user = User::find($asset->assigned_to); - $row[] = $user->fullName(); + $row[] = e($user->fullName()); } else { $row[] = ''; // Empty string if unassigned } @@ -269,9 +269,9 @@ class ReportsController extends Controller if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) { $location = Location::find($asset->assigneduser->location_id); if ($location->city) { - $row[] = $location->city . ', ' . $location->state; + $row[] = e($location->city) . ', ' . e($location->state); } elseif ($location->name) { - $row[] = $location->name; + $row[] = e($location->name); } else { $row[] = ''; } @@ -280,15 +280,15 @@ class ReportsController extends Controller } if ($asset->assetloc) { - $currency = $asset->assetloc->currency; + $currency = e($asset->assetloc->currency); } else { - $currency = Setting::first()->default_currency; + $currency = e(Setting::first()->default_currency); } $row[] = $asset->purchase_date; - $row[] = $currency . number_format($asset->purchase_cost); - $row[] = $currency . number_format($asset->getDepreciatedValue()); - $row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() )); + $row[] = $currency . number_format($asset->purchase_cost, 2); + $row[] = $currency . number_format($asset->getDepreciatedValue(), 2); + $row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() ), 2); $csv->insertOne($row); } @@ -357,13 +357,13 @@ class ReportsController extends Controller // Row per license foreach ($licenses as $license) { $row = [ ]; - $row[] = $license->name; - $row[] = $license->serial; - $row[] = $license->seats; + $row[] = e($license->name); + $row[] = e($license->serial); + $row[] = e($license->seats); $row[] = $license->remaincount(); $row[] = $license->expiration_date; $row[] = $license->purchase_date; - $row[] = '"' . number_format($license->purchase_cost) . '"'; + $row[] = '"' . number_format($license->purchase_cost, 2) . '"'; $rows[] = implode($row, ','); } @@ -445,45 +445,45 @@ class ReportsController extends Controller foreach ($assets as $asset) { $row = [ ]; if (e(Input::get('asset_name')) == '1') { - $row[] = '"' .$asset->name . '"'; + $row[] = '"' .e($asset->name) . '"'; } if (e(Input::get('asset_tag')) == '1') { - $row[] = $asset->asset_tag; + $row[] = e($asset->asset_tag); } if (e(Input::get('manufacturer')) == '1') { if ($asset->model->manufacturer) { - $row[] = '"' .$asset->model->manufacturer->name . '"'; + $row[] = '"' .e($asset->model->manufacturer->name) . '"'; } else { $row[] = ''; } } if (e(Input::get('model')) == '1') { - $row[] = '"' . $asset->model->name . '"'; - $row[] = '"' . $asset->model->modelno . '"'; + $row[] = '"' . e($asset->model->name) . '"'; + $row[] = '"' . e($asset->model->modelno) . '"'; } if (e(Input::get('category')) == '1') { - $row[] = '"' .$asset->model->category->name . '"'; + $row[] = '"' .e($asset->model->category->name) . '"'; } if (e(Input::get('serial')) == '1') { - $row[] = $asset->serial; + $row[] = e($asset->serial); } if (e(Input::get('purchase_date')) == '1') { - $row[] = $asset->purchase_date; + $row[] = e($asset->purchase_date); } if (e(Input::get('purchase_cost')) == '1' && ( e(Input::get('depreciation')) != '1' )) { - $row[] = '"' . number_format($asset->purchase_cost) . '"'; + $row[] = '"' . number_format($asset->purchase_cost, 2) . '"'; } if (e(Input::get('order')) == '1') { if ($asset->order_number) { - $row[] = $asset->order_number; + $row[] = e($asset->order_number); } else { $row[] = ''; } } if (e(Input::get('supplier')) == '1') { if ($asset->supplier_id) { - $row[] = '"' .$asset->supplier->name . '"'; + $row[] = '"' .e($asset->supplier->name) . '"'; } else { $row[] = ''; } @@ -493,14 +493,14 @@ class ReportsController extends Controller if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id !='' )) { $location = Location::find($asset->assigneduser->location_id); if ($location) { - $show_loc .= '"' .$location->name. '"'; + $show_loc .= '"' .e($location->name). '"'; } else { $show_loc .= 'User location '.$asset->assigneduser->location_id.' is invalid'; } } elseif ($asset->rtd_location_id!='') { $location = Location::find($asset->rtd_location_id); if ($location) { - $show_loc .= '"' .$location->name. '"'; + $show_loc .= '"' .e($location->name). '"'; } else { $show_loc .= 'Default location '.$asset->rtd_location_id.' is invalid'; } @@ -512,7 +512,7 @@ class ReportsController extends Controller if (e(Input::get('assigned_to')) == '1') { if ($asset->assigned_to > 0) { $user = User::find($asset->assigned_to); - $row[] = '"' .$user->fullName(). '"'; + $row[] = '"' .e($user->fullName()). '"'; } else { $row[] = ''; // Empty string if unassigned } @@ -523,7 +523,7 @@ class ReportsController extends Controller } elseif (( $asset->status_id == '' ) && ( $asset->assigned_to == '0' )) { $row[] = Lang::get('general.pending'); } elseif ($asset->assetstatus) { - $row[] = '"' .$asset->assetstatus->name. '"'; + $row[] = '"' .e($asset->assetstatus->name). '"'; } else { $row[] = ''; } @@ -539,9 +539,9 @@ class ReportsController extends Controller } if (e(Input::get('depreciation')) == '1') { $depreciation = $asset->getDepreciatedValue(); - $row[] = '"' . number_format($asset->purchase_cost) . '"'; - $row[] = '"' . number_format($depreciation) . '"'; - $row[] = '"' . number_format($asset->purchase_cost - $depreciation) . '"'; + $row[] = '"' . number_format($asset->purchase_cost, 2) . '"'; + $row[] = '"' . number_format($depreciation, 2) . '"'; + $row[] = '"' . number_format($asset->purchase_cost - $depreciation, 2) . '"'; } $rows[] = implode($row, ','); } @@ -610,12 +610,12 @@ class ReportsController extends Controller foreach ($assetMaintenances as $assetMaintenance) { $row = [ ]; - $row[] = str_replace(',', '', $assetMaintenance->asset->name); - $row[] = str_replace(',', '', $assetMaintenance->supplier->name); - $row[] = $assetMaintenance->improvement_type; - $row[] = $assetMaintenance->title; - $row[] = $assetMaintenance->start_date; - $row[] = $assetMaintenance->completion_date; + $row[] = str_replace(',', '', e($assetMaintenance->asset->name)); + $row[] = str_replace(',', '', e($assetMaintenance->supplier->name)); + $row[] = e($assetMaintenance->improvement_type); + $row[] = e($assetMaintenance->title); + $row[] = e($assetMaintenance->start_date); + $row[] = e($assetMaintenance->completion_date;) if (is_null($assetMaintenance->asset_maintenance_time)) { $improvementTime = intval(Carbon::now() ->diffInDays(Carbon::parse($assetMaintenance->start_date))); @@ -679,11 +679,11 @@ class ReportsController extends Controller foreach ($assetsForReport as $assetItem) { $row = [ ]; - $row[] = str_replace(',', '', $assetItem->assetlog->model->category->name); - $row[] = str_replace(',', '', $assetItem->assetlog->model->name); - $row[] = str_replace(',', '', $assetItem->assetlog->showAssetName()); - $row[] = str_replace(',', '', $assetItem->assetlog->asset_tag); - $row[] = str_replace(',', '', $assetItem->assetlog->assigneduser->fullName()); + $row[] = str_replace(',', '', e($assetItem->assetlog->model->category->name)); + $row[] = str_replace(',', '', e($assetItem->assetlog->model->name)); + $row[] = str_replace(',', '', e($assetItem->assetlog->showAssetName())); + $row[] = str_replace(',', '', e($assetItem->assetlog->asset_tag)); + $row[] = str_replace(',', '', e($assetItem->assetlog->assigneduser->fullName())); $rows[] = implode($row, ','); } diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index a0f468fee..79d90fc17 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -379,23 +379,23 @@ class SettingsController extends Controller $setting->slack_endpoint = e(Input::get('slack_endpoint')); $setting->slack_channel = e(Input::get('slack_channel')); $setting->slack_botname = e(Input::get('slack_botname')); - $setting->ldap_enabled = Input::get('ldap_enabled', '0'); - $setting->ldap_server = Input::get('ldap_server'); + $setting->ldap_enabled = e(Input::get('ldap_enabled', '0')); + $setting->ldap_server = e(Input::get('ldap_server')); $setting->ldap_server_cert_ignore = e(Input::get('ldap_server_cert_ignore', false)); - $setting->ldap_uname = Input::get('ldap_uname'); + $setting->ldap_uname = e(Input::get('ldap_uname')); if (Input::has('ldap_pword')) { $setting->ldap_pword = Crypt::encrypt(Input::get('ldap_pword')); } $setting->ldap_basedn = e(Input::get('ldap_basedn')); $setting->ldap_filter = Input::get('ldap_filter'); $setting->ldap_username_field = Input::get('ldap_username_field'); - $setting->ldap_lname_field = Input::get('ldap_lname_field'); - $setting->ldap_fname_field = Input::get('ldap_fname_field'); + $setting->ldap_lname_field = e(Input::get('ldap_lname_field')); + $setting->ldap_fname_field = e(Input::get('ldap_fname_field')); $setting->ldap_auth_filter_query = Input::get('ldap_auth_filter_query'); - $setting->ldap_version = Input::get('ldap_version'); - $setting->ldap_active_flag = Input::get('ldap_active_flag'); - $setting->ldap_emp_num = Input::get('ldap_emp_num'); - $setting->ldap_email = Input::get('ldap_email'); + $setting->ldap_version = e(Input::get('ldap_version')); + $setting->ldap_active_flag = e(Input::get('ldap_active_flag')); + $setting->ldap_emp_num = e(Input::get('ldap_emp_num')); + $setting->ldap_email = e(Input::get('ldap_email')); // If validation fails, we'll exit the operation now. if ($setting->save()) { diff --git a/app/Http/Controllers/StatuslabelsController.php b/app/Http/Controllers/StatuslabelsController.php index 953775bfb..ce1788c82 100755 --- a/app/Http/Controllers/StatuslabelsController.php +++ b/app/Http/Controllers/StatuslabelsController.php @@ -248,8 +248,8 @@ class StatuslabelsController extends Controller $actions = ''; $rows[] = array( - 'id' => $statuslabel->id, - 'type' => $label_type, + 'id' => e($statuslabel->id), + 'type' => e($label_type), 'name' => e($statuslabel->name), 'actions' => $actions ); diff --git a/app/Http/Controllers/SuppliersController.php b/app/Http/Controllers/SuppliersController.php index c286913ac..54af9eb27 100755 --- a/app/Http/Controllers/SuppliersController.php +++ b/app/Http/Controllers/SuppliersController.php @@ -270,12 +270,12 @@ class SuppliersController extends Controller $rows[] = array( 'id' => $supplier->id, - 'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', $supplier->name), - 'contact' => $supplier->contact, - 'address' => $supplier->address.' '.$supplier->address2.' '.$supplier->city.' '.$supplier->state.' '.$supplier->country, - 'phone' => $supplier->phone, - 'fax' => $supplier->fax, - 'email' => ($supplier->email!='') ? ''.$supplier->email.'' : '', + 'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', e($supplier->name)), + 'contact' => e($supplier->contact), + 'address' => e($supplier->address).' '.e($supplier->address2).' '.e($supplier->city).' '.e($supplier->state).' '.e($supplier->country), + 'phone' => e($supplier->phone), + 'fax' => e($supplier->fax), + 'email' => ($supplier->email!='') ? ''.e($supplier->email).'' : '', 'assets' => $supplier->num_assets(), 'licenses' => $supplier->num_licenses(), 'actions' => $actions diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index f3365f114..4b70c2cd4 100755 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -1101,7 +1101,7 @@ class UsersController extends Controller public function postLDAP() { - $location_id = Input::get('location_id'); + $location_id = e(Input::get('location_id')); $ldap_version = Setting::getSettings()->ldap_version; $url = Setting::getSettings()->ldap_server; diff --git a/resources/views/models/index.blade.php b/resources/views/models/index.blade.php index e4b1477a1..a459ae46d 100755 --- a/resources/views/models/index.blade.php +++ b/resources/views/models/index.blade.php @@ -30,7 +30,7 @@ name="models" class="table table-striped" id="table" - data-url="{{ route('api.models.list',array('status'=>Input::get('status'))) }}" + data-url="{{ route('api.models.list',array('status'=>e(Input::get('status')))) }}" data-cookie="true" data-click-to-select="true" data-cookie-id-table="modelsTable-{{ config('version.hash_version') }}"> diff --git a/resources/views/users/index.blade.php b/resources/views/users/index.blade.php index 706172c18..84db1d149 100755 --- a/resources/views/users/index.blade.php +++ b/resources/views/users/index.blade.php @@ -56,7 +56,7 @@ class="table table-striped" id="table" data-toggle="table" - data-url="{{ route('api.users.list', array(''=>Input::get('status'))) }}" + data-url="{{ route('api.users.list', array(''=>e(Input::get('status')))) }}" data-cookie="true" data-click-to-select="true" data-cookie-id-table="userTableDisplay-{{ config('version.hash_version') }}">