Additional escaping

This commit is contained in:
snipe 2016-03-25 15:24:12 -07:00
parent f1bdaeaf95
commit 27543d16f6
20 changed files with 199 additions and 205 deletions

View file

@ -26,6 +26,7 @@ use Slack;
use Str; use Str;
use View; use View;
use Auth; use Auth;
use Request;
/** /**
* This class controls all actions related to accessories * This class controls all actions related to accessories
@ -42,7 +43,7 @@ class AccessoriesController extends Controller
* @since [v1.0] * @since [v1.0]
* @return View * @return View
*/ */
public function getIndex() public function getIndex(Request $request)
{ {
return View::make('accessories/index'); return View::make('accessories/index');
} }
@ -54,7 +55,7 @@ class AccessoriesController extends Controller
* @author [A. Gianotto] [<snipe@snipe.net>] * @author [A. Gianotto] [<snipe@snipe.net>]
* @return View * @return View
*/ */
public function getCreate() public function getCreate(Request $request)
{ {
// Show the page // Show the page
$category_list = array('' => '') + DB::table('categories')->where('category_type', '=', 'accessory')->whereNull('deleted_at')->orderBy('name', 'ASC')->lists('name', 'id'); $category_list = array('' => '') + DB::table('categories')->where('category_type', '=', 'accessory')->whereNull('deleted_at')->orderBy('name', 'ASC')->lists('name', 'id');
@ -74,7 +75,7 @@ class AccessoriesController extends Controller
* @author [A. Gianotto] [<snipe@snipe.net>] * @author [A. Gianotto] [<snipe@snipe.net>]
* @return Redirect * @return Redirect
*/ */
public function postCreate() public function postCreate(Request $request)
{ {
// create a new model instance // create a new model instance
@ -120,7 +121,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return View * @return View
*/ */
public function getEdit($accessoryId = null) public function getEdit(Request $request, $accessoryId = null)
{ {
// Check if the accessory exists // Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) { if (is_null($accessory = Accessory::find($accessoryId))) {
@ -148,7 +149,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return Redirect * @return Redirect
*/ */
public function postEdit($accessoryId = null) public function postEdit(Request $request, $accessoryId = null)
{ {
// Check if the blog post exists // Check if the blog post exists
if (is_null($accessory = Accessory::find($accessoryId))) { if (is_null($accessory = Accessory::find($accessoryId))) {
@ -203,7 +204,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return Redirect * @return Redirect
*/ */
public function getDelete($accessoryId) public function getDelete(Request $request, $accessoryId)
{ {
// Check if the blog post exists // Check if the blog post exists
if (is_null($accessory = Accessory::find($accessoryId))) { if (is_null($accessory = Accessory::find($accessoryId))) {
@ -237,7 +238,7 @@ class AccessoriesController extends Controller
* @since [v1.0] * @since [v1.0]
* @return View * @return View
*/ */
public function getView($accessoryID = null) public function getView(Request $request, $accessoryID = null)
{ {
$accessory = Accessory::find($accessoryID); $accessory = Accessory::find($accessoryID);
@ -266,7 +267,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return View * @return View
*/ */
public function getCheckout($accessoryId) public function getCheckout(Request $request, $accessoryId)
{ {
// Check if the accessory exists // Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) { if (is_null($accessory = Accessory::find($accessoryId))) {
@ -293,7 +294,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return Redirect * @return Redirect
*/ */
public function postCheckout($accessoryId) public function postCheckout(Request $request, $accessoryId)
{ {
// Check if the accessory exists // Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) { if (is_null($accessory = Accessory::find($accessoryId))) {
@ -399,7 +400,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return View * @return View
**/ **/
public function getCheckin($accessoryUserId = null, $backto = null) public function getCheckin(Request $request, $accessoryUserId = null, $backto = null)
{ {
// Check if the accessory exists // Check if the accessory exists
if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) { if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
@ -425,7 +426,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return Redirect * @return Redirect
**/ **/
public function postCheckin($accessoryUserId = null, $backto = null) public function postCheckin(Request $request, $accessoryUserId = null, $backto = null)
{ {
// Check if the accessory exists // Check if the accessory exists
if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) { if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
@ -441,18 +442,18 @@ class AccessoriesController extends Controller
} }
$logaction = new Actionlog(); $logaction = new Actionlog();
$logaction->checkedout_to = $accessory_user->assigned_to; $logaction->checkedout_to = e($accessory_user->assigned_to);
$return_to = $accessory_user->assigned_to; $return_to = e($accessory_user->assigned_to);
$admin_user = Auth::user(); $admin_user = Auth::user();
// Was the accessory updated? // Was the accessory updated?
if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) { if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
$logaction->accessory_id = $accessory->id; $logaction->accessory_id = e($accessory->id);
$logaction->location_id = null; $logaction->location_id = null;
$logaction->asset_type = 'accessory'; $logaction->asset_type = 'accessory';
$logaction->user_id = $admin_user->id; $logaction->user_id = e($admin_user->id);
$logaction->note = e(Input::get('note')); $logaction->note = e(Input::get('note'));
$settings = Setting::getSettings(); $settings = Setting::getSettings();
@ -461,8 +462,8 @@ class AccessoriesController extends Controller
$slack_settings = [ $slack_settings = [
'username' => $settings->botname, 'username' => e($settings->botname),
'channel' => $settings->slack_channel, 'channel' => e($settings->slack_channel),
'link_names' => true 'link_names' => true
]; ];
@ -474,7 +475,7 @@ class AccessoriesController extends Controller
'fields' => [ 'fields' => [
[ [
'title' => 'Checked In:', 'title' => 'Checked In:',
'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.$accessory->id.'/view'.'|'.$accessory->name.'> checked in by <'.config('app.url').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.' 'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.e($accessory->id).'/view'.'|'.e($accessory->name).'> checked in by <'.config('app.url').'/admin/users/'.e($admin_user->id).'/view'.'|'.e($admin_user->fullName()).'>.'
], ],
[ [
'title' => 'Note:', 'title' => 'Note:',
@ -498,11 +499,11 @@ class AccessoriesController extends Controller
} }
$data['log_id'] = $logaction->id; $data['log_id'] = $logaction->id;
$data['first_name'] = $user->first_name; $data['first_name'] = e($user->first_name);
$data['item_name'] = $accessory->name; $data['item_name'] = e($accessory->name);
$data['checkin_date'] = $logaction->created_at; $data['checkin_date'] = e($logaction->created_at);
$data['item_tag'] = ''; $data['item_tag'] = '';
$data['note'] = $logaction->note; $data['note'] = e($logaction->note);
if (($accessory->checkin_email()=='1')) { if (($accessory->checkin_email()=='1')) {
@ -550,13 +551,13 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return string JSON containing accessories and their associated atrributes. * @return string JSON containing accessories and their associated atrributes.
**/ **/
public function getDatatable() public function getDatatable(Request $request)
{ {
$accessories = Accessory::select('accessories.*')->with('category', 'company') $accessories = Accessory::select('accessories.*')->with('category', 'company')
->whereNull('accessories.deleted_at'); ->whereNull('accessories.deleted_at');
if (Input::has('search')) { if (Input::has('search')) {
$accessories = $accessories->TextSearch(Input::get('search')); $accessories = $accessories->TextSearch(e(Input::get('search')));
} }
if (Input::has('offset')) { if (Input::has('offset')) {
@ -574,7 +575,7 @@ class AccessoriesController extends Controller
$allowed_columns = ['name','min_amt','order_number','purchase_date','purchase_cost','companyName','category']; $allowed_columns = ['name','min_amt','order_number','purchase_date','purchase_cost','companyName','category'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
switch ($sort) { switch ($sort) {
case 'category': case 'category':
@ -600,11 +601,11 @@ class AccessoriesController extends Controller
$rows[] = array( $rows[] = array(
'name' => '<a href="'.url('admin/accessories/'.$accessory->id).'/view">'. $accessory->name.'</a>', 'name' => '<a href="'.url('admin/accessories/'.$accessory->id).'/view">'. $accessory->name.'</a>',
'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '', 'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '',
'qty' => $accessory->qty, 'qty' => e($accessory->qty),
'order_number' => $accessory->order_number, 'order_number' => e($accessory->order_number),
'min_amt' => $accessory->min_amt, 'min_amt' => e($accessory->min_amt),
'location' => ($accessory->location) ? $accessory->location->name: '', 'location' => ($accessory->location) ? e($accessory->location->name): '',
'purchase_date' => $accessory->purchase_date, 'purchase_date' => e($accessory->purchase_date),
'purchase_cost' => number_format($accessory->purchase_cost, 2), 'purchase_cost' => number_format($accessory->purchase_cost, 2),
'numRemaining' => $accessory->numRemaining(), 'numRemaining' => $accessory->numRemaining(),
'actions' => $actions, 'actions' => $actions,
@ -643,7 +644,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId * @param int $accessoryId
* @return string JSON containing accessories and their associated atrributes. * @return string JSON containing accessories and their associated atrributes.
**/ **/
public function getDataView($accessoryID) public function getDataView(Request $request, $accessoryID)
{ {
$accessory = Accessory::find($accessoryID); $accessory = Accessory::find($accessoryID);
@ -660,7 +661,7 @@ class AccessoriesController extends Controller
$actions = '<a href="'.route('checkin/accessory', $user->pivot->id).'" class="btn btn-info btn-sm">Checkin</a>'; $actions = '<a href="'.route('checkin/accessory', $user->pivot->id).'" class="btn btn-info btn-sm">Checkin</a>';
$rows[] = array( $rows[] = array(
'name' =>(string) link_to('/admin/users/'.$user->id.'/view', $user->fullName()), 'name' =>(string) link_to('/admin/users/'.$user->id.'/view', e($user->fullName())),
'actions' => $actions 'actions' => $actions
); );
} }

View file

@ -75,7 +75,7 @@ class AssetMaintenancesController extends Controller
$allowed_columns = ['id','title','asset_maintenance_time','asset_maintenance_type','cost','start_date','completion_date','notes']; $allowed_columns = ['id','title','asset_maintenance_time','asset_maintenance_type','cost','start_date','completion_date','notes'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$maintenances->orderBy($sort, $order); $maintenances->orderBy($sort, $order);

View file

@ -441,7 +441,7 @@ class AssetModelsController extends Controller
$allowed_columns = ['id','name','modelno']; $allowed_columns = ['id','name','modelno'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$models = $models->orderBy($sort, $order); $models = $models->orderBy($sort, $order);
@ -491,7 +491,7 @@ class AssetModelsController extends Controller
$assets = Asset::where('model_id', '=', $modelID)->withTrashed()->with('company'); $assets = Asset::where('model_id', '=', $modelID)->withTrashed()->with('company');
if (Input::has('search')) { if (Input::has('search')) {
$assets = $assets->TextSearch(Input::get('search')); $assets = $assets->TextSearch(e(Input::get('search')));
} }
if (Input::has('offset')) { if (Input::has('offset')) {
@ -509,7 +509,7 @@ class AssetModelsController extends Controller
$allowed_columns = ['name', 'serial','asset_tag']; $allowed_columns = ['name', 'serial','asset_tag'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$assets = $assets->orderBy($sort, $order); $assets = $assets->orderBy($sort, $order);

View file

@ -136,7 +136,7 @@ class AssetsController extends Controller
$asset->name = e(Input::get('name')); $asset->name = e(Input::get('name'));
$asset->serial = e(Input::get('serial')); $asset->serial = e(Input::get('serial'));
$asset->company_id = \App\Models\Company::getIdForCurrentUser(Input::get('company_id')); $asset->company_id = \App\Models\Company::getIdForCurrentUser(e(Input::get('company_id')));
$asset->model_id = e(Input::get('model_id')); $asset->model_id = e(Input::get('model_id'));
$asset->order_number = e(Input::get('order_number')); $asset->order_number = e(Input::get('order_number'));
$asset->notes = e(Input::get('notes')); $asset->notes = e(Input::get('notes'));
@ -358,12 +358,11 @@ class AssetsController extends Controller
$checkModel = config('app.url').'/api/models/'.e(Input::get('model_id')).'/check'; $checkModel = config('app.url').'/api/models/'.e(Input::get('model_id')).'/check';
//$asset->mac_address = ($checkModel == true) ? e(Input::get('mac_address')) : NULL;
// Update the asset data // Update the asset data
$asset->name = e(Input::get('name')); $asset->name = e(Input::get('name'));
$asset->serial = e(Input::get('serial')); $asset->serial = e(Input::get('serial'));
$asset->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $asset->company_id = Company::getIdForCurrentUser(e(Input::get('company_id')));
$asset->model_id = e(Input::get('model_id')); $asset->model_id = e(Input::get('model_id'));
$asset->order_number = e(Input::get('order_number')); $asset->order_number = e(Input::get('order_number'));
$asset->asset_tag = e(Input::get('asset_tag')); $asset->asset_tag = e(Input::get('asset_tag'));
@ -439,7 +438,7 @@ class AssetsController extends Controller
public function getCheckout($assetId) public function getCheckout($assetId)
{ {
// Check if the asset exists // Check if the asset exists
if (is_null($asset = Asset::find($assetId))) { if (is_null($asset = Asset::find(e($assetId)))) {
// Redirect to the asset management page with error // Redirect to the asset management page with error
return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) { } elseif (!Company::isCurrentUserHasAccess($asset)) {
@ -582,8 +581,7 @@ class AssetsController extends Controller
$logaction->note = e(Input::get('note')); $logaction->note = e(Input::get('note'));
$logaction->user_id = Auth::user()->id; $logaction->user_id = Auth::user()->id;
$log = $logaction->logaction('checkin from'); $log = $logaction->logaction('checkin from');
$settings = Setting::getSettings();
$settings = Setting::getSettings();
if ($settings->slack_endpoint) { if ($settings->slack_endpoint) {
@ -601,7 +599,7 @@ class AssetsController extends Controller
'fields' => [ 'fields' => [
[ [
'title' => 'Checked In:', 'title' => 'Checked In:',
'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.$asset->showAssetName().'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.Auth::user()->fullName().'>.' 'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e($asset->showAssetName()).'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e(Auth::user()->fullName()).'>.'
], ],
[ [
'title' => 'Note:', 'title' => 'Note:',
@ -1462,19 +1460,19 @@ class AssetsController extends Controller
'checkbox' =>'<div class="text-center"><input type="checkbox" name="edit_asset['.$asset->id.']" class="one_required"></div>', 'checkbox' =>'<div class="text-center"><input type="checkbox" name="edit_asset['.$asset->id.']" class="one_required"></div>',
'id' => $asset->id, 'id' => $asset->id,
'image' => (($asset->image) && ($asset->image!='')) ? '<img src="'.config('app.url').'/uploads/assets/'.$asset->image.'" height=50 width=50>' : ((($asset->model) && ($asset->model->image!='')) ? '<img src="'.config('app.url').'/uploads/models/'.$asset->model->image.'" height=40 width=50>' : ''), 'image' => (($asset->image) && ($asset->image!='')) ? '<img src="'.config('app.url').'/uploads/assets/'.$asset->image.'" height=50 width=50>' : ((($asset->model) && ($asset->model->image!='')) ? '<img src="'.config('app.url').'/uploads/models/'.$asset->model->image.'" height=40 width=50>' : ''),
'name' => '<a title="'.$asset->name.'" href="hardware/'.$asset->id.'/view">'.$asset->name.'</a>', 'name' => '<a title="'.e($asset->name).'" href="hardware/'.$asset->id.'/view">'.e($asset->name).'</a>',
'asset_tag' => '<a title="'.$asset->asset_tag.'" href="hardware/'.$asset->id.'/view">'.$asset->asset_tag.'</a>', 'asset_tag' => '<a title="'.e($asset->asset_tag).'" href="hardware/'.$asset->id.'/view">'.e($asset->asset_tag).'</a>',
'serial' => $asset->serial, 'serial' => e($asset->serial),
'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', $asset->model->name) : 'No model', 'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', e($asset->model->name)) : 'No model',
'status_label' => ($asset->assigneduser) ? 'Deployed' : (($asset->assetstatus) ? $asset->assetstatus->name : ''), 'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', $asset->assigneduser->fullName()) : '', 'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', e($asset->assigneduser->fullName())) : '',
'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', $asset->assigneduser->userloc->name) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', $asset->defaultLoc->name) : ''), 'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', e($asset->assigneduser->userloc->name)) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', e($asset->defaultLoc->name)) : ''),
'category' => (($asset->model) && ($asset->model->category)) ? $asset->model->category->name : '', 'category' => (($asset->model) && ($asset->model->category)) ? e($asset->model->category->name) : '',
'eol' => ($asset->eol_date()) ? $asset->eol_date() : '', 'eol' => ($asset->eol_date()) ? $asset->eol_date() : '',
'notes' => $asset->notes, 'notes' => e($asset->notes),
'order_number' => ($asset->order_number!='') ? '<a href="'.config('app.url').'/hardware?order_number='.$asset->order_number.'">'.$asset->order_number.'</a>' : '', 'order_number' => ($asset->order_number!='') ? '<a href="'.config('app.url').'/hardware?order_number='.e($asset->order_number).'">'.e($asset->order_number).'</a>' : '',
'last_checkout' => ($asset->last_checkout!='') ? $asset->last_checkout : '', 'last_checkout' => ($asset->last_checkout!='') ? e($asset->last_checkout) : '',
'expected_checkin' => ($asset->expected_checkin!='') ? $asset->expected_checkin : '', 'expected_checkin' => ($asset->expected_checkin!='') ? e($asset->expected_checkin) : '',
'change' => ($inout) ? $inout : '', 'change' => ($inout) ? $inout : '',
'actions' => ($actions) ? $actions : '', 'actions' => ($actions) ? $actions : '',
'companyName' => is_null($asset->company) ? '' : e($asset->company->name) 'companyName' => is_null($asset->company) ? '' : e($asset->company->name)

View file

@ -218,7 +218,7 @@ class CategoriesController extends Controller
$allowed_columns = ['id','name','category_type']; $allowed_columns = ['id','name','category_type'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$categories = $categories->orderBy($sort, $order); $categories = $categories->orderBy($sort, $order);
@ -309,10 +309,10 @@ class CategoriesController extends Controller
$rows[] = array( $rows[] = array(
'id' => $asset->id, 'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->name), 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->name)),
//'model' => $asset->model->name, //'model' => $asset->model->name,
'asset_tag' => $asset->asset_tag, 'asset_tag' => e($asset->asset_tag),
'serial' => $asset->serial, 'serial' => e($asset->serial),
'assigned_to' => ($asset->assigneduser) ? (string)link_to(config('app.url').'/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '', 'assigned_to' => ($asset->assigneduser) ? (string)link_to(config('app.url').'/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '',
'change' => $inout, 'change' => $inout,
'actions' => $actions, 'actions' => $actions,

View file

@ -70,7 +70,7 @@ class ComponentsController extends Controller
$component->location_id = e(Input::get('location_id')); $component->location_id = e(Input::get('location_id'));
$component->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $component->company_id = Company::getIdForCurrentUser(Input::get('company_id'));
$component->order_number = e(Input::get('order_number')); $component->order_number = e(Input::get('order_number'));
$component->min_amt = e(Input::get('min_amt')); $component->min_amt = e(Input::get('min_amt'));
if (e(Input::get('purchase_date')) == '') { if (e(Input::get('purchase_date')) == '') {
$component->purchase_date = null; $component->purchase_date = null;
@ -397,13 +397,13 @@ class ComponentsController extends Controller
$rows[] = array( $rows[] = array(
'checkbox' =>'<div class="text-center"><input type="checkbox" name="component['.$component->id.']" class="one_required"></div>', 'checkbox' =>'<div class="text-center"><input type="checkbox" name="component['.$component->id.']" class="one_required"></div>',
'id' => $component->id, 'id' => $component->id,
'name' => (string)link_to('admin/components/'.$component->id.'/view', $component->name), 'name' => (string)link_to('admin/components/'.$component->id.'/view', e($component->name)),
'location' => ($component->location) ? e($component->location->name) : '', 'location' => ($component->location) ? e($component->location->name) : '',
'total_qty' => $component->total_qty, 'total_qty' => e($component->total_qty),
'min_amt' => $component->min_amt, 'min_amt' => e($component->min_amt),
'category' => ($component->category) ? $component->category->name : 'Missing category', 'category' => ($component->category) ? e($component->category->name) : 'Missing category',
'order_number' => $component->order_number, 'order_number' => e($component->order_number),
'purchase_date' => $component->purchase_date, 'purchase_date' => e($component->purchase_date),
'purchase_cost' => ($component->purchase_cost!='') ? number_format($component->purchase_cost, 2): '' , 'purchase_cost' => ($component->purchase_cost!='') ? number_format($component->purchase_cost, 2): '' ,
'numRemaining' => $component->numRemaining(), 'numRemaining' => $component->numRemaining(),
'actions' => $actions, 'actions' => $actions,
@ -432,8 +432,8 @@ class ComponentsController extends Controller
foreach ($component->assets as $component_assignment) { foreach ($component->assets as $component_assignment) {
$rows[] = array( $rows[] = array(
'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', $component_assignment->name), 'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', e($component_assignment->name)),
'qty' => $component_assignment->pivot->assigned_qty, 'qty' => e($component_assignment->pivot->assigned_qty),
'created_at' => ($component_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $component_assignment->created_at->format('Y-m-d H:i:s'), 'created_at' => ($component_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $component_assignment->created_at->format('Y-m-d H:i:s'),
); );
} }

View file

@ -68,7 +68,7 @@ class ConsumablesController extends Controller
$consumable->location_id = e(Input::get('location_id')); $consumable->location_id = e(Input::get('location_id'));
$consumable->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $consumable->company_id = Company::getIdForCurrentUser(Input::get('company_id'));
$consumable->order_number = e(Input::get('order_number')); $consumable->order_number = e(Input::get('order_number'));
$consumable->min_amt = e(Input::get('min_amt')); $consumable->min_amt = e(Input::get('min_amt'));
if (e(Input::get('purchase_date')) == '') { if (e(Input::get('purchase_date')) == '') {
$consumable->purchase_date = null; $consumable->purchase_date = null;
@ -79,7 +79,7 @@ class ConsumablesController extends Controller
if (e(Input::get('purchase_cost')) == '0.00') { if (e(Input::get('purchase_cost')) == '0.00') {
$consumable->purchase_cost = null; $consumable->purchase_cost = null;
} else { } else {
$consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost'))); $consumable->purchase_cost = e(Input::get('purchase_cost'));
} }
$consumable->qty = e(Input::get('qty')); $consumable->qty = e(Input::get('qty'));
@ -157,7 +157,7 @@ class ConsumablesController extends Controller
if (e(Input::get('purchase_cost')) == '0.00') { if (e(Input::get('purchase_cost')) == '0.00') {
$consumable->purchase_cost = null; $consumable->purchase_cost = null;
} else { } else {
$consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost'))); $consumable->purchase_cost = e(Input::get('purchase_cost'));
} }
$consumable->qty = e(Input::get('qty')); $consumable->qty = e(Input::get('qty'));
@ -357,7 +357,7 @@ class ConsumablesController extends Controller
->with('company', 'location', 'category', 'users'); ->with('company', 'location', 'category', 'users');
if (Input::has('search')) { if (Input::has('search')) {
$consumables = $consumables->TextSearch(Input::get('search')); $consumables = $consumables->TextSearch(e(Input::get('search')));
} }
if (Input::has('offset')) { if (Input::has('offset')) {
@ -398,17 +398,17 @@ class ConsumablesController extends Controller
foreach ($consumables as $consumable) { foreach ($consumables as $consumable) {
$actions = '<nobr><a href="'.route('checkout/consumable', $consumable->id).'" style="margin-right:5px;" class="btn btn-info btn-sm" '.(($consumable->numRemaining() > 0 ) ? '' : ' disabled').'>'.Lang::get('general.checkout').'</a><a href="'.route('update/consumable', $consumable->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/consumable', $consumable->id).'" data-content="'.Lang::get('admin/consumables/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($consumable->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>'; $actions = '<nobr><a href="'.route('checkout/consumable', $consumable->id).'" style="margin-right:5px;" class="btn btn-info btn-sm" '.(($consumable->numRemaining() > 0 ) ? '' : ' disabled').'>'.Lang::get('general.checkout').'</a><a href="'.route('update/consumable', $consumable->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/consumable', $consumable->id).'" data-content="'.Lang::get('admin/consumables/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($consumable->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
$company = $consumable->company; $company = e($consumable->company);
$rows[] = array( $rows[] = array(
'id' => $consumable->id, 'id' => $consumable->id,
'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', $consumable->name), 'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
'location' => ($consumable->location) ? e($consumable->location->name) : '', 'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => $consumable->min_amt, 'min_amt' => e($consumable->min_amt),
'qty' => $consumable->qty, 'qty' => e($consumable->qty),
'category' => ($consumable->category) ? $consumable->category->name : 'Missing category', 'category' => ($consumable->category) ? e($consumable->category->name) : 'Missing category',
'order_number' => $consumable->order_number, 'order_number' => e($consumable->order_number),
'purchase_date' => $consumable->purchase_date, 'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' , 'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' ,
'numRemaining' => $consumable->numRemaining(), 'numRemaining' => $consumable->numRemaining(),
'actions' => $actions, 'actions' => $actions,
@ -445,9 +445,9 @@ class ConsumablesController extends Controller
foreach ($consumable->consumableAssigments as $consumable_assignment) { foreach ($consumable->consumableAssigments as $consumable_assignment) {
$rows[] = array( $rows[] = array(
'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', $consumable_assignment->user->fullName()), 'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', e($consumable_assignment->user->fullName())),
'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'), 'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'),
'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->fullName() : '', 'admin' => ($consumable_assignment->admin) ? e($consumable_assignment->admin->fullName()) : '',
); );
} }

View file

@ -184,8 +184,8 @@ class DepreciationsController extends Controller
$rows[] = array( $rows[] = array(
'id' => $depreciation->id, 'id' => $depreciation->id,
'name' => $depreciation->name, 'name' => e($depreciation->name),
'months' => $depreciation->months, 'months' => e($depreciation->months),
'actions' => $actions 'actions' => $actions
); );
} }

View file

@ -165,7 +165,7 @@ class GroupsController extends Controller
//$users = Company::scopeCompanyables($users); //$users = Company::scopeCompanyables($users);
if (Input::has('search')) { if (Input::has('search')) {
$groups = $users->TextSearch(Input::get('search')); $groups = $users->TextSearch(e(Input::get('search')));
} }
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';

View file

@ -936,7 +936,7 @@ class LicensesController extends Controller
$allowed_columns = ['id','name','purchase_cost','expiration_date','purchase_order','order_number','notes','purchase_date','serial']; $allowed_columns = ['id','name','purchase_cost','expiration_date','purchase_order','order_number','notes','purchase_date','serial'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc'; $order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at'; $sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$licenses = $licenses->orderBy($sort, $order); $licenses = $licenses->orderBy($sort, $order);
@ -954,14 +954,14 @@ class LicensesController extends Controller
'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")), 'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")),
'totalSeats' => $license->totalSeatsByLicenseID(), 'totalSeats' => $license->totalSeatsByLicenseID(),
'remaining' => $license->remaincount(), 'remaining' => $license->remaincount(),
'license_name' => $license->license_name, 'license_name' => e($license->license_name),
'license_email' => $license->license_email, 'license_email' => e($license->license_email),
'purchase_date' => ($license->purchase_date) ? $license->purchase_date : '', 'purchase_date' => ($license->purchase_date) ? $license->purchase_date : '',
'expiration_date' => ($license->expiration_date) ? $license->expiration_date : '', 'expiration_date' => ($license->expiration_date) ? $license->expiration_date : '',
'purchase_cost' => ($license->purchase_cost) ? $license->purchase_cost : '', 'purchase_cost' => ($license->purchase_cost) ? $license->purchase_cost : '',
'purchase_order' => ($license->purchase_order) ? $license->purchase_order : '', 'purchase_order' => ($license->purchase_order) ? e($license->purchase_order) : '',
'order_number' => ($license->order_number) ? $license->order_number : '', 'order_number' => ($license->order_number) ? e($license->order_number) : '',
'notes' => ($license->notes) ? $license->notes : '', 'notes' => ($license->notes) ? e($license->notes) : '',
'actions' => $actions, 'actions' => $actions,
'companyName' => is_null($license->company) ? '' : e($license->company->name) 'companyName' => is_null($license->company) ? '' : e($license->company->name)
); );

View file

@ -71,7 +71,7 @@ class LocationsController extends Controller
} else { } else {
$location->parent_id = e(Input::get('parent_id')); $location->parent_id = e(Input::get('parent_id'));
} }
$location->currency = Input::get('currency', '$'); $location->currency = e(Input::get('currency', '$'));
$location->address = e(Input::get('address')); $location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2')); $location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city')); $location->city = e(Input::get('city'));
@ -172,7 +172,7 @@ class LocationsController extends Controller
} else { } else {
$location->parent_id = e(Input::get('parent_id', '')); $location->parent_id = e(Input::get('parent_id', ''));
} }
$location->currency = Input::get('currency', '$'); $location->currency = e(Input::get('currency', '$'));
$location->address = e(Input::get('address')); $location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2')); $location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city')); $location->city = e(Input::get('city'));
@ -302,16 +302,16 @@ class LocationsController extends Controller
$rows[] = array( $rows[] = array(
'id' => $location->id, 'id' => $location->id,
'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', $location->name), 'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', e($location->name)),
'parent' => ($location->parent) ? $location->parent->name : '', 'parent' => ($location->parent) ? e($location->parent->name) : '',
// 'assets' => ($location->assets->count() + $location->assignedassets->count()), // 'assets' => ($location->assets->count() + $location->assignedassets->count()),
'assets_default' => $location->assignedassets->count(), 'assets_default' => $location->assignedassets->count(),
'assets_checkedout' => $location->assets->count(), 'assets_checkedout' => $location->assets->count(),
'address' => ($location->address) ? $location->address: '', 'address' => ($location->address) ? e($location->address): '',
'city' => $location->city, 'city' => e($location->city),
'state' => $location->state, 'state' => e($location->state),
'country' => $location->country, 'country' => e($location->country),
'currency' => $location->currency, 'currency' => e($location->currency),
'actions' => $actions 'actions' => $actions
); );
} }
@ -339,7 +339,7 @@ class LocationsController extends Controller
foreach ($location_users as $user) { foreach ($location_users as $user) {
$rows[] = array( $rows[] = array(
'name' => (string)link_to('/admin/users/'.$user->id.'/view', $user->fullName()) 'name' => (string)link_to('/admin/users/'.$user->id.'/view', e($user->fullName()))
); );
} }
@ -364,10 +364,10 @@ class LocationsController extends Controller
foreach ($location->assets as $asset) { foreach ($location->assets as $asset) {
$rows[] = array( $rows[] = array(
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()), 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
'asset_tag' => $asset->asset_tag, 'asset_tag' => e($asset->asset_tag),
'serial' => $asset->serial, 'serial' => e($asset->serial),
'model' => $asset->model->name, 'model' => e($asset->model->name),
); );
} }

View file

@ -132,11 +132,6 @@ class ManufacturersController extends Controller
return Redirect::to('admin/settings/manufacturers')->with('success', Lang::get('admin/manufacturers/message.delete.success')); return Redirect::to('admin/settings/manufacturers')->with('success', Lang::get('admin/manufacturers/message.delete.success'));
} }
} }
@ -201,7 +196,7 @@ class ManufacturersController extends Controller
$rows[] = array( $rows[] = array(
'id' => $manufacturer->id, 'id' => $manufacturer->id,
'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', $manufacturer->name), 'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', e($manufacturer->name)),
'assets' => $manufacturer->assets->count(), 'assets' => $manufacturer->assets->count(),
'actions' => $actions 'actions' => $actions
); );
@ -266,13 +261,13 @@ class ManufacturersController extends Controller
$row = array( $row = array(
'id' => $asset->id, 'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()), 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
'model' => $asset->model->name, 'model' => e($asset->model->name),
'asset_tag' => $asset->asset_tag, 'asset_tag' => e($asset->asset_tag),
'serial' => $asset->serial, 'serial' => e($asset->serial),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '', 'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', e($asset->assigneduser->fullName())): '',
'actions' => $actions, 'actions' => $actions,
'companyName' => Company::getName($asset), 'companyName' => e(Company::getName($asset)),
); );
if (isset($inout)) { if (isset($inout)) {

View file

@ -36,12 +36,12 @@ class ProfileController extends Controller
$user = Auth::user(); $user = Auth::user();
// Update the user information // Update the user information
$user->first_name = Input::get('first_name'); $user->first_name = e(Input::get('first_name'));
$user->last_name = Input::get('last_name'); $user->last_name = e(Input::get('last_name'));
$user->website = Input::get('website'); $user->website = e(Input::get('website'));
$user->location_id = Input::get('location_id'); $user->location_id = e(Input::get('location_id'));
$user->gravatar = Input::get('gravatar'); $user->gravatar = e(Input::get('gravatar'));
$user->locale = Input::get('locale'); $user->locale = e(Input::get('locale'));
if (Input::file('avatar')) { if (Input::file('avatar')) {
$image = Input::file('avatar'); $image = Input::file('avatar');

View file

@ -58,10 +58,10 @@ class ReportsController extends Controller
// Row per accessory // Row per accessory
foreach ($accessories as $accessory) { foreach ($accessories as $accessory) {
$row = array(); $row = array();
$row[] = $accessory->accessory_name; $row[] = e($accessory->accessory_name);
$row[] = $accessory->accessory_category; $row[] = e($accessory->accessory_category);
$row[] = $accessory->total; $row[] = e($accessory->total);
$row[] = $accessory->remaining; $row[] = e($accessory->remaining);
$rows[] = implode($row, ','); $rows[] = implode($row, ',');
} }
@ -133,37 +133,37 @@ class ReportsController extends Controller
// Create a row per asset // Create a row per asset
foreach ($assets as $asset) { foreach ($assets as $asset) {
$row = [ ]; $row = [ ];
$row[] = $asset->asset_tag; $row[] = e($asset->asset_tag);
if ($asset->model->manufacturer) { if ($asset->model->manufacturer) {
$row[] = $asset->model->manufacturer->name; $row[] = e($asset->model->manufacturer->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
$row[] = '"' . $asset->model->name . '"'; $row[] = '"' . e($asset->model->name) . '"';
$row[] = '"' . $asset->model->modelno . '"'; $row[] = '"' . e($asset->model->modelno) . '"';
$row[] = $asset->name; $row[] = e($asset->name);
$row[] = $asset->serial; $row[] = e($asset->serial);
if ($asset->assetstatus) { if ($asset->assetstatus) {
$row[] = $asset->assetstatus->name; $row[] = e($asset->assetstatus->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
$row[] = $asset->purchase_date; $row[] = $asset->purchase_date;
$row[] = '"' . number_format($asset->purchase_cost) . '"'; $row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
if ($asset->order_number) { if ($asset->order_number) {
$row[] = $asset->order_number; $row[] = e($asset->order_number);
} else { } else {
$row[] = ''; $row[] = '';
} }
if ($asset->supplier_id) { if ($asset->supplier_id) {
$row[] = $asset->supplier->name; $row[] = e($asset->supplier->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
if ($asset->assigned_to > 0) { if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to); $user = User::find($asset->assigned_to);
$row[] = $user->fullName(); $row[] = e($user->fullName());
} else { } else {
$row[] = ''; // Empty string if unassigned $row[] = ''; // Empty string if unassigned
} }
@ -171,14 +171,14 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) { if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) {
$location = Location::find($asset->assigneduser->location_id); $location = Location::find($asset->assigneduser->location_id);
if ($location) { if ($location) {
$row[] = $location->name; $row[] = e($location->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
} elseif ($asset->rtd_location_id) { } elseif ($asset->rtd_location_id) {
$location = Location::find($asset->rtd_location_id); $location = Location::find($asset->rtd_location_id);
if ($location->name) { if ($location->name) {
$row[] = $location->name; $row[] = e($location->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
@ -187,7 +187,7 @@ class ReportsController extends Controller
} }
if ($asset->notes) { if ($asset->notes) {
$row[] = '"' . $asset->notes . '"'; $row[] = '"' . e($asset->notes) . '"';
} else { } else {
$row[] = ''; $row[] = '';
} }
@ -255,13 +255,13 @@ class ReportsController extends Controller
// Create a row per asset // Create a row per asset
foreach ($assets as $asset) { foreach ($assets as $asset) {
$row = [ ]; $row = [ ];
$row[] = $asset->asset_tag; $row[] = e($asset->asset_tag);
$row[] = $asset->name; $row[] = e($asset->name);
$row[] = $asset->serial; $row[] = e($asset->serial);
if ($asset->assigned_to > 0) { if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to); $user = User::find($asset->assigned_to);
$row[] = $user->fullName(); $row[] = e($user->fullName());
} else { } else {
$row[] = ''; // Empty string if unassigned $row[] = ''; // Empty string if unassigned
} }
@ -269,9 +269,9 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) { if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) {
$location = Location::find($asset->assigneduser->location_id); $location = Location::find($asset->assigneduser->location_id);
if ($location->city) { if ($location->city) {
$row[] = $location->city . ', ' . $location->state; $row[] = e($location->city) . ', ' . e($location->state);
} elseif ($location->name) { } elseif ($location->name) {
$row[] = $location->name; $row[] = e($location->name);
} else { } else {
$row[] = ''; $row[] = '';
} }
@ -280,15 +280,15 @@ class ReportsController extends Controller
} }
if ($asset->assetloc) { if ($asset->assetloc) {
$currency = $asset->assetloc->currency; $currency = e($asset->assetloc->currency);
} else { } else {
$currency = Setting::first()->default_currency; $currency = e(Setting::first()->default_currency);
} }
$row[] = $asset->purchase_date; $row[] = $asset->purchase_date;
$row[] = $currency . number_format($asset->purchase_cost); $row[] = $currency . number_format($asset->purchase_cost, 2);
$row[] = $currency . number_format($asset->getDepreciatedValue()); $row[] = $currency . number_format($asset->getDepreciatedValue(), 2);
$row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() )); $row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() ), 2);
$csv->insertOne($row); $csv->insertOne($row);
} }
@ -357,13 +357,13 @@ class ReportsController extends Controller
// Row per license // Row per license
foreach ($licenses as $license) { foreach ($licenses as $license) {
$row = [ ]; $row = [ ];
$row[] = $license->name; $row[] = e($license->name);
$row[] = $license->serial; $row[] = e($license->serial);
$row[] = $license->seats; $row[] = e($license->seats);
$row[] = $license->remaincount(); $row[] = $license->remaincount();
$row[] = $license->expiration_date; $row[] = $license->expiration_date;
$row[] = $license->purchase_date; $row[] = $license->purchase_date;
$row[] = '"' . number_format($license->purchase_cost) . '"'; $row[] = '"' . number_format($license->purchase_cost, 2) . '"';
$rows[] = implode($row, ','); $rows[] = implode($row, ',');
} }
@ -445,45 +445,45 @@ class ReportsController extends Controller
foreach ($assets as $asset) { foreach ($assets as $asset) {
$row = [ ]; $row = [ ];
if (e(Input::get('asset_name')) == '1') { if (e(Input::get('asset_name')) == '1') {
$row[] = '"' .$asset->name . '"'; $row[] = '"' .e($asset->name) . '"';
} }
if (e(Input::get('asset_tag')) == '1') { if (e(Input::get('asset_tag')) == '1') {
$row[] = $asset->asset_tag; $row[] = e($asset->asset_tag);
} }
if (e(Input::get('manufacturer')) == '1') { if (e(Input::get('manufacturer')) == '1') {
if ($asset->model->manufacturer) { if ($asset->model->manufacturer) {
$row[] = '"' .$asset->model->manufacturer->name . '"'; $row[] = '"' .e($asset->model->manufacturer->name) . '"';
} else { } else {
$row[] = ''; $row[] = '';
} }
} }
if (e(Input::get('model')) == '1') { if (e(Input::get('model')) == '1') {
$row[] = '"' . $asset->model->name . '"'; $row[] = '"' . e($asset->model->name) . '"';
$row[] = '"' . $asset->model->modelno . '"'; $row[] = '"' . e($asset->model->modelno) . '"';
} }
if (e(Input::get('category')) == '1') { if (e(Input::get('category')) == '1') {
$row[] = '"' .$asset->model->category->name . '"'; $row[] = '"' .e($asset->model->category->name) . '"';
} }
if (e(Input::get('serial')) == '1') { if (e(Input::get('serial')) == '1') {
$row[] = $asset->serial; $row[] = e($asset->serial);
} }
if (e(Input::get('purchase_date')) == '1') { if (e(Input::get('purchase_date')) == '1') {
$row[] = $asset->purchase_date; $row[] = e($asset->purchase_date);
} }
if (e(Input::get('purchase_cost')) == '1' && ( e(Input::get('depreciation')) != '1' )) { if (e(Input::get('purchase_cost')) == '1' && ( e(Input::get('depreciation')) != '1' )) {
$row[] = '"' . number_format($asset->purchase_cost) . '"'; $row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
} }
if (e(Input::get('order')) == '1') { if (e(Input::get('order')) == '1') {
if ($asset->order_number) { if ($asset->order_number) {
$row[] = $asset->order_number; $row[] = e($asset->order_number);
} else { } else {
$row[] = ''; $row[] = '';
} }
} }
if (e(Input::get('supplier')) == '1') { if (e(Input::get('supplier')) == '1') {
if ($asset->supplier_id) { if ($asset->supplier_id) {
$row[] = '"' .$asset->supplier->name . '"'; $row[] = '"' .e($asset->supplier->name) . '"';
} else { } else {
$row[] = ''; $row[] = '';
} }
@ -493,14 +493,14 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id !='' )) { if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id !='' )) {
$location = Location::find($asset->assigneduser->location_id); $location = Location::find($asset->assigneduser->location_id);
if ($location) { if ($location) {
$show_loc .= '"' .$location->name. '"'; $show_loc .= '"' .e($location->name). '"';
} else { } else {
$show_loc .= 'User location '.$asset->assigneduser->location_id.' is invalid'; $show_loc .= 'User location '.$asset->assigneduser->location_id.' is invalid';
} }
} elseif ($asset->rtd_location_id!='') { } elseif ($asset->rtd_location_id!='') {
$location = Location::find($asset->rtd_location_id); $location = Location::find($asset->rtd_location_id);
if ($location) { if ($location) {
$show_loc .= '"' .$location->name. '"'; $show_loc .= '"' .e($location->name). '"';
} else { } else {
$show_loc .= 'Default location '.$asset->rtd_location_id.' is invalid'; $show_loc .= 'Default location '.$asset->rtd_location_id.' is invalid';
} }
@ -512,7 +512,7 @@ class ReportsController extends Controller
if (e(Input::get('assigned_to')) == '1') { if (e(Input::get('assigned_to')) == '1') {
if ($asset->assigned_to > 0) { if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to); $user = User::find($asset->assigned_to);
$row[] = '"' .$user->fullName(). '"'; $row[] = '"' .e($user->fullName()). '"';
} else { } else {
$row[] = ''; // Empty string if unassigned $row[] = ''; // Empty string if unassigned
} }
@ -523,7 +523,7 @@ class ReportsController extends Controller
} elseif (( $asset->status_id == '' ) && ( $asset->assigned_to == '0' )) { } elseif (( $asset->status_id == '' ) && ( $asset->assigned_to == '0' )) {
$row[] = Lang::get('general.pending'); $row[] = Lang::get('general.pending');
} elseif ($asset->assetstatus) { } elseif ($asset->assetstatus) {
$row[] = '"' .$asset->assetstatus->name. '"'; $row[] = '"' .e($asset->assetstatus->name). '"';
} else { } else {
$row[] = ''; $row[] = '';
} }
@ -539,9 +539,9 @@ class ReportsController extends Controller
} }
if (e(Input::get('depreciation')) == '1') { if (e(Input::get('depreciation')) == '1') {
$depreciation = $asset->getDepreciatedValue(); $depreciation = $asset->getDepreciatedValue();
$row[] = '"' . number_format($asset->purchase_cost) . '"'; $row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
$row[] = '"' . number_format($depreciation) . '"'; $row[] = '"' . number_format($depreciation, 2) . '"';
$row[] = '"' . number_format($asset->purchase_cost - $depreciation) . '"'; $row[] = '"' . number_format($asset->purchase_cost - $depreciation, 2) . '"';
} }
$rows[] = implode($row, ','); $rows[] = implode($row, ',');
} }
@ -610,12 +610,12 @@ class ReportsController extends Controller
foreach ($assetMaintenances as $assetMaintenance) { foreach ($assetMaintenances as $assetMaintenance) {
$row = [ ]; $row = [ ];
$row[] = str_replace(',', '', $assetMaintenance->asset->name); $row[] = str_replace(',', '', e($assetMaintenance->asset->name));
$row[] = str_replace(',', '', $assetMaintenance->supplier->name); $row[] = str_replace(',', '', e($assetMaintenance->supplier->name));
$row[] = $assetMaintenance->improvement_type; $row[] = e($assetMaintenance->improvement_type);
$row[] = $assetMaintenance->title; $row[] = e($assetMaintenance->title);
$row[] = $assetMaintenance->start_date; $row[] = e($assetMaintenance->start_date);
$row[] = $assetMaintenance->completion_date; $row[] = e($assetMaintenance->completion_date;)
if (is_null($assetMaintenance->asset_maintenance_time)) { if (is_null($assetMaintenance->asset_maintenance_time)) {
$improvementTime = intval(Carbon::now() $improvementTime = intval(Carbon::now()
->diffInDays(Carbon::parse($assetMaintenance->start_date))); ->diffInDays(Carbon::parse($assetMaintenance->start_date)));
@ -679,11 +679,11 @@ class ReportsController extends Controller
foreach ($assetsForReport as $assetItem) { foreach ($assetsForReport as $assetItem) {
$row = [ ]; $row = [ ];
$row[] = str_replace(',', '', $assetItem->assetlog->model->category->name); $row[] = str_replace(',', '', e($assetItem->assetlog->model->category->name));
$row[] = str_replace(',', '', $assetItem->assetlog->model->name); $row[] = str_replace(',', '', e($assetItem->assetlog->model->name));
$row[] = str_replace(',', '', $assetItem->assetlog->showAssetName()); $row[] = str_replace(',', '', e($assetItem->assetlog->showAssetName()));
$row[] = str_replace(',', '', $assetItem->assetlog->asset_tag); $row[] = str_replace(',', '', e($assetItem->assetlog->asset_tag));
$row[] = str_replace(',', '', $assetItem->assetlog->assigneduser->fullName()); $row[] = str_replace(',', '', e($assetItem->assetlog->assigneduser->fullName()));
$rows[] = implode($row, ','); $rows[] = implode($row, ',');
} }

View file

@ -379,23 +379,23 @@ class SettingsController extends Controller
$setting->slack_endpoint = e(Input::get('slack_endpoint')); $setting->slack_endpoint = e(Input::get('slack_endpoint'));
$setting->slack_channel = e(Input::get('slack_channel')); $setting->slack_channel = e(Input::get('slack_channel'));
$setting->slack_botname = e(Input::get('slack_botname')); $setting->slack_botname = e(Input::get('slack_botname'));
$setting->ldap_enabled = Input::get('ldap_enabled', '0'); $setting->ldap_enabled = e(Input::get('ldap_enabled', '0'));
$setting->ldap_server = Input::get('ldap_server'); $setting->ldap_server = e(Input::get('ldap_server'));
$setting->ldap_server_cert_ignore = e(Input::get('ldap_server_cert_ignore', false)); $setting->ldap_server_cert_ignore = e(Input::get('ldap_server_cert_ignore', false));
$setting->ldap_uname = Input::get('ldap_uname'); $setting->ldap_uname = e(Input::get('ldap_uname'));
if (Input::has('ldap_pword')) { if (Input::has('ldap_pword')) {
$setting->ldap_pword = Crypt::encrypt(Input::get('ldap_pword')); $setting->ldap_pword = Crypt::encrypt(Input::get('ldap_pword'));
} }
$setting->ldap_basedn = e(Input::get('ldap_basedn')); $setting->ldap_basedn = e(Input::get('ldap_basedn'));
$setting->ldap_filter = Input::get('ldap_filter'); $setting->ldap_filter = Input::get('ldap_filter');
$setting->ldap_username_field = Input::get('ldap_username_field'); $setting->ldap_username_field = Input::get('ldap_username_field');
$setting->ldap_lname_field = Input::get('ldap_lname_field'); $setting->ldap_lname_field = e(Input::get('ldap_lname_field'));
$setting->ldap_fname_field = Input::get('ldap_fname_field'); $setting->ldap_fname_field = e(Input::get('ldap_fname_field'));
$setting->ldap_auth_filter_query = Input::get('ldap_auth_filter_query'); $setting->ldap_auth_filter_query = Input::get('ldap_auth_filter_query');
$setting->ldap_version = Input::get('ldap_version'); $setting->ldap_version = e(Input::get('ldap_version'));
$setting->ldap_active_flag = Input::get('ldap_active_flag'); $setting->ldap_active_flag = e(Input::get('ldap_active_flag'));
$setting->ldap_emp_num = Input::get('ldap_emp_num'); $setting->ldap_emp_num = e(Input::get('ldap_emp_num'));
$setting->ldap_email = Input::get('ldap_email'); $setting->ldap_email = e(Input::get('ldap_email'));
// If validation fails, we'll exit the operation now. // If validation fails, we'll exit the operation now.
if ($setting->save()) { if ($setting->save()) {

View file

@ -248,8 +248,8 @@ class StatuslabelsController extends Controller
$actions = '<a href="'.route('update/statuslabel', $statuslabel->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/statuslabel', $statuslabel->id).'" data-content="'.Lang::get('admin/statuslabels/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($statuslabel->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>'; $actions = '<a href="'.route('update/statuslabel', $statuslabel->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/statuslabel', $statuslabel->id).'" data-content="'.Lang::get('admin/statuslabels/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($statuslabel->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
$rows[] = array( $rows[] = array(
'id' => $statuslabel->id, 'id' => e($statuslabel->id),
'type' => $label_type, 'type' => e($label_type),
'name' => e($statuslabel->name), 'name' => e($statuslabel->name),
'actions' => $actions 'actions' => $actions
); );

View file

@ -270,12 +270,12 @@ class SuppliersController extends Controller
$rows[] = array( $rows[] = array(
'id' => $supplier->id, 'id' => $supplier->id,
'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', $supplier->name), 'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', e($supplier->name)),
'contact' => $supplier->contact, 'contact' => e($supplier->contact),
'address' => $supplier->address.' '.$supplier->address2.' '.$supplier->city.' '.$supplier->state.' '.$supplier->country, 'address' => e($supplier->address).' '.e($supplier->address2).' '.e($supplier->city).' '.e($supplier->state).' '.e($supplier->country),
'phone' => $supplier->phone, 'phone' => e($supplier->phone),
'fax' => $supplier->fax, 'fax' => e($supplier->fax),
'email' => ($supplier->email!='') ? '<a href="mailto:'.$supplier->email.'">'.$supplier->email.'</a>' : '', 'email' => ($supplier->email!='') ? '<a href="mailto:'.e($supplier->email).'">'.e($supplier->email).'</a>' : '',
'assets' => $supplier->num_assets(), 'assets' => $supplier->num_assets(),
'licenses' => $supplier->num_licenses(), 'licenses' => $supplier->num_licenses(),
'actions' => $actions 'actions' => $actions

View file

@ -1101,7 +1101,7 @@ class UsersController extends Controller
public function postLDAP() public function postLDAP()
{ {
$location_id = Input::get('location_id'); $location_id = e(Input::get('location_id'));
$ldap_version = Setting::getSettings()->ldap_version; $ldap_version = Setting::getSettings()->ldap_version;
$url = Setting::getSettings()->ldap_server; $url = Setting::getSettings()->ldap_server;

View file

@ -30,7 +30,7 @@
name="models" name="models"
class="table table-striped" class="table table-striped"
id="table" id="table"
data-url="{{ route('api.models.list',array('status'=>Input::get('status'))) }}" data-url="{{ route('api.models.list',array('status'=>e(Input::get('status')))) }}"
data-cookie="true" data-cookie="true"
data-click-to-select="true" data-click-to-select="true"
data-cookie-id-table="modelsTable-{{ config('version.hash_version') }}"> data-cookie-id-table="modelsTable-{{ config('version.hash_version') }}">

View file

@ -56,7 +56,7 @@
class="table table-striped" class="table table-striped"
id="table" id="table"
data-toggle="table" data-toggle="table"
data-url="{{ route('api.users.list', array(''=>Input::get('status'))) }}" data-url="{{ route('api.users.list', array(''=>e(Input::get('status')))) }}"
data-cookie="true" data-cookie="true"
data-click-to-select="true" data-click-to-select="true"
data-cookie-id-table="userTableDisplay-{{ config('version.hash_version') }}"> data-cookie-id-table="userTableDisplay-{{ config('version.hash_version') }}">