DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-12 06:17:28 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

prevent injection, fix asset update

Browse source
This commit is contained in:
slong753 2023-07-17 10:56:12 -05:00 committed by spencerrlongg
parent 17ccfa9ada
commit 1ea0de8bca
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/AssetModelsController.php
View file

@ -93,7 +93,8 @@ class AssetModelsController extends Controller
// Was it created?
if ($model->save()) {
if ($request->filled('eol')) {
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL '.$model->eol.' MONTH)')]);
$newEol = $model->eol;
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL :newEol MONTH)', ['newEol' => $newEol])]);
}
if ($this->shouldAddDefaultValues($request->input())) {
if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
@ -182,7 +183,8 @@ class AssetModelsController extends Controller
if ($model->save()) {
if ($model->wasChanged('eol')) {
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL '.$model->eol.' MONTH)')]);
$newEol = $model->eol;
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL :newEol MONTH)', ['newEol' => $newEol])]);
}
return redirect()->route('models.index')->with('success', trans('admin/models/message.update.success'));
}

2
app/Http/Controllers/Assets/AssetsController.php
View file

@ -389,7 +389,7 @@ class AssetsController extends Controller
if ($asset->save()) {
if($asset->wasChanged('purchase_date')){
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL '.$model->eol.' MONTH)')]);
$asset->asset_eol_date = Carbon::parse($asset->purchase_date)->addMonths($asset->model->eol)->format('Y-m-d');
}
return redirect()->route('hardware.show', $assetId)
->with('success', trans('admin/hardware/message.update.success'));