Merge pull request #12516 from inietov/fixes/quotes_in_custom_field_custom_regex

Fixed #12252 Quotes in Custom Field regex are being HTML-escaped
2024-12-25 13:44:06 -08:00 · 2023-02-14 20:10:43 -08:00 · 2023-02-14 20:10:43 -08:00 · 1ed57d30e0
parent f7df2ae403 99122ccb50
commit 1ed57d30e0
2 changed files with 35 additions and 2 deletions
--- a/app/Http/Controllers/CustomFieldsController.php
+++ b/app/Http/Controllers/CustomFieldsController.php
@ -109,9 +109,9 @@ class CustomFieldsController extends Controller


        if ($request->filled('custom_format')) {
-            $field->format = e($request->get('custom_format'));
+            $field->format = $request->get('custom_format');
        } else {
-            $field->format = e($request->get('format'));
+            $field->format = $request->get('format');
        }

        if ($field->save()) {
--- a/database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php
+++ b/database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php
@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use App\Models\CustomField;
+
+class FixUnescapedCustomfieldsFormat extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $customfields = CustomField::where('format', 'LIKE', '%&%')->get();
+
+        foreach($customfields as $customfield){
+            $customfield->update(['format' => html_entity_decode($customfield->format)]);
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        //
+    }
+}