From 1775995f2607874d9b585488fe70f3ceba54f042 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 17:25:04 -0700 Subject: [PATCH 1/6] Is this space necessary? Getting weird results from netsparker --- app/Http/Middleware/XssProtectHeader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Middleware/XssProtectHeader.php b/app/Http/Middleware/XssProtectHeader.php index 45b980680..6719415fe 100644 --- a/app/Http/Middleware/XssProtectHeader.php +++ b/app/Http/Middleware/XssProtectHeader.php @@ -14,7 +14,7 @@ class XssProtectHeader */ public function handle($request, Closure $next) { - $mode = '1; mode=block'; + $mode = '1; mode= block'; $response = $next($request); $response->headers->set('X-XSS-Protection', $mode); return $response; From adac5ac54491c5989317faf4ad0bccdf9406d650 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 17:32:37 -0700 Subject: [PATCH 2/6] Check for valid asset --- .../reports/asset_maintenances.blade.php | 50 ++++++++++--------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/resources/views/reports/asset_maintenances.blade.php b/resources/views/reports/asset_maintenances.blade.php index 05ac4e1db..79dbb806c 100644 --- a/resources/views/reports/asset_maintenances.blade.php +++ b/resources/views/reports/asset_maintenances.blade.php @@ -41,30 +41,32 @@ $totalCost = 0; ?> @foreach ($assetMaintenances as $assetMaintenance) - - {{ is_null($assetMaintenance->asset->company) ? '' : $assetMaintenance->asset->company->name }} - {{ $assetMaintenance->asset->asset_tag }} - {{ $assetMaintenance->asset->name }} - {{ $assetMaintenance->supplier->name }} - {{ $assetMaintenance->asset_maintenance_type }} - {{ $assetMaintenance->title }} - {{ $assetMaintenance->start_date }} - {{ is_null($assetMaintenance->completion_date) ? trans('admin/asset_maintenances/message.asset_maintenance_incomplete') : $assetMaintenance->completion_date }} - @if (is_null($assetMaintenance->asset_maintenance_time)) - diffInDays(Carbon::parse($assetMaintenance->start_date))); - ?> - @else - asset_maintenance_time); - ?> - @endif - {{ $assetMaintenanceTime }} - - {{ $snipeSettings->default_currency }} - {{ number_format($assetMaintenance->cost,2) }} - - + @if ($assetMaintenance->asset) + + {{ ($assetMaintenance->asset->company) ? $assetMaintenance->asset->company->name : '' }} + {{ $assetMaintenance->asset->asset_tag }} + {{ $assetMaintenance->asset->name }} + {{ $assetMaintenance->supplier->name }} + {{ $assetMaintenance->asset_maintenance_type }} + {{ $assetMaintenance->title }} + {{ $assetMaintenance->start_date }} + {{ is_null($assetMaintenance->completion_date) ? trans('admin/asset_maintenances/message.asset_maintenance_incomplete') : $assetMaintenance->completion_date }} + @if (is_null($assetMaintenance->asset_maintenance_time)) + diffInDays(Carbon::parse($assetMaintenance->start_date))); + ?> + @else + asset_maintenance_time); + ?> + @endif + {{ $assetMaintenanceTime }} + + {{ $snipeSettings->default_currency }} + {{ number_format($assetMaintenance->cost,2) }} + + + @endif cost); From 9b84a0d5160cc7e464d2919c21e234cc9b78cb81 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 17:34:47 -0700 Subject: [PATCH 3/6] *eyeroll* --- app/Http/Middleware/XssProtectHeader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Middleware/XssProtectHeader.php b/app/Http/Middleware/XssProtectHeader.php index 6719415fe..45b980680 100644 --- a/app/Http/Middleware/XssProtectHeader.php +++ b/app/Http/Middleware/XssProtectHeader.php @@ -14,7 +14,7 @@ class XssProtectHeader */ public function handle($request, Closure $next) { - $mode = '1; mode= block'; + $mode = '1; mode=block'; $response = $next($request); $response->headers->set('X-XSS-Protection', $mode); return $response; From b3e0d8f675a165955beb0bb3ce0614c9360b8f8b Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 17:47:48 -0700 Subject: [PATCH 4/6] Disallow / in robots --- public/robots.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/robots.txt b/public/robots.txt index eb0536286..1f53798bb 100644 --- a/public/robots.txt +++ b/public/robots.txt @@ -1,2 +1,2 @@ User-agent: * -Disallow: +Disallow: / From b60febeea245b37e0171640ebc0843bed9d457a6 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 18:45:54 -0700 Subject: [PATCH 5/6] Removed space in XSS header because safari was getting angry --- app/Http/Middleware/XssProtectHeader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Middleware/XssProtectHeader.php b/app/Http/Middleware/XssProtectHeader.php index 45b980680..868d100f3 100644 --- a/app/Http/Middleware/XssProtectHeader.php +++ b/app/Http/Middleware/XssProtectHeader.php @@ -14,7 +14,7 @@ class XssProtectHeader */ public function handle($request, Closure $next) { - $mode = '1; mode=block'; + $mode = '1;mode=block'; $response = $next($request); $response->headers->set('X-XSS-Protection', $mode); return $response; From 507f1f196c3311e4e632caf4e61525ff6af4ea90 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 28 Sep 2017 18:46:16 -0700 Subject: [PATCH 6/6] Added integrity hashes --- resources/views/layouts/default.blade.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/resources/views/layouts/default.blade.php b/resources/views/layouts/default.blade.php index 2c9403087..3b72b32b5 100644 --- a/resources/views/layouts/default.blade.php +++ b/resources/views/layouts/default.blade.php @@ -83,9 +83,8 @@