Additional escaping

This commit is contained in:
snipe 2016-03-25 15:24:12 -07:00
parent f1bdaeaf95
commit 27543d16f6
20 changed files with 199 additions and 205 deletions

View file

@ -26,6 +26,7 @@ use Slack;
use Str;
use View;
use Auth;
use Request;
/**
* This class controls all actions related to accessories
@ -42,7 +43,7 @@ class AccessoriesController extends Controller
* @since [v1.0]
* @return View
*/
public function getIndex()
public function getIndex(Request $request)
{
return View::make('accessories/index');
}
@ -54,7 +55,7 @@ class AccessoriesController extends Controller
* @author [A. Gianotto] [<snipe@snipe.net>]
* @return View
*/
public function getCreate()
public function getCreate(Request $request)
{
// Show the page
$category_list = array('' => '') + DB::table('categories')->where('category_type', '=', 'accessory')->whereNull('deleted_at')->orderBy('name', 'ASC')->lists('name', 'id');
@ -74,7 +75,7 @@ class AccessoriesController extends Controller
* @author [A. Gianotto] [<snipe@snipe.net>]
* @return Redirect
*/
public function postCreate()
public function postCreate(Request $request)
{
// create a new model instance
@ -120,7 +121,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return View
*/
public function getEdit($accessoryId = null)
public function getEdit(Request $request, $accessoryId = null)
{
// Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) {
@ -148,7 +149,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return Redirect
*/
public function postEdit($accessoryId = null)
public function postEdit(Request $request, $accessoryId = null)
{
// Check if the blog post exists
if (is_null($accessory = Accessory::find($accessoryId))) {
@ -203,7 +204,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return Redirect
*/
public function getDelete($accessoryId)
public function getDelete(Request $request, $accessoryId)
{
// Check if the blog post exists
if (is_null($accessory = Accessory::find($accessoryId))) {
@ -237,7 +238,7 @@ class AccessoriesController extends Controller
* @since [v1.0]
* @return View
*/
public function getView($accessoryID = null)
public function getView(Request $request, $accessoryID = null)
{
$accessory = Accessory::find($accessoryID);
@ -266,7 +267,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return View
*/
public function getCheckout($accessoryId)
public function getCheckout(Request $request, $accessoryId)
{
// Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) {
@ -293,7 +294,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return Redirect
*/
public function postCheckout($accessoryId)
public function postCheckout(Request $request, $accessoryId)
{
// Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) {
@ -399,7 +400,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return View
**/
public function getCheckin($accessoryUserId = null, $backto = null)
public function getCheckin(Request $request, $accessoryUserId = null, $backto = null)
{
// Check if the accessory exists
if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
@ -425,7 +426,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return Redirect
**/
public function postCheckin($accessoryUserId = null, $backto = null)
public function postCheckin(Request $request, $accessoryUserId = null, $backto = null)
{
// Check if the accessory exists
if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
@ -441,18 +442,18 @@ class AccessoriesController extends Controller
}
$logaction = new Actionlog();
$logaction->checkedout_to = $accessory_user->assigned_to;
$return_to = $accessory_user->assigned_to;
$logaction->checkedout_to = e($accessory_user->assigned_to);
$return_to = e($accessory_user->assigned_to);
$admin_user = Auth::user();
// Was the accessory updated?
if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
$logaction->accessory_id = $accessory->id;
$logaction->accessory_id = e($accessory->id);
$logaction->location_id = null;
$logaction->asset_type = 'accessory';
$logaction->user_id = $admin_user->id;
$logaction->user_id = e($admin_user->id);
$logaction->note = e(Input::get('note'));
$settings = Setting::getSettings();
@ -461,8 +462,8 @@ class AccessoriesController extends Controller
$slack_settings = [
'username' => $settings->botname,
'channel' => $settings->slack_channel,
'username' => e($settings->botname),
'channel' => e($settings->slack_channel),
'link_names' => true
];
@ -474,7 +475,7 @@ class AccessoriesController extends Controller
'fields' => [
[
'title' => 'Checked In:',
'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.$accessory->id.'/view'.'|'.$accessory->name.'> checked in by <'.config('app.url').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
'value' => strtoupper($logaction->asset_type).' <'.config('app.url').'/admin/accessories/'.e($accessory->id).'/view'.'|'.e($accessory->name).'> checked in by <'.config('app.url').'/admin/users/'.e($admin_user->id).'/view'.'|'.e($admin_user->fullName()).'>.'
],
[
'title' => 'Note:',
@ -498,11 +499,11 @@ class AccessoriesController extends Controller
}
$data['log_id'] = $logaction->id;
$data['first_name'] = $user->first_name;
$data['item_name'] = $accessory->name;
$data['checkin_date'] = $logaction->created_at;
$data['first_name'] = e($user->first_name);
$data['item_name'] = e($accessory->name);
$data['checkin_date'] = e($logaction->created_at);
$data['item_tag'] = '';
$data['note'] = $logaction->note;
$data['note'] = e($logaction->note);
if (($accessory->checkin_email()=='1')) {
@ -550,13 +551,13 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return string JSON containing accessories and their associated atrributes.
**/
public function getDatatable()
public function getDatatable(Request $request)
{
$accessories = Accessory::select('accessories.*')->with('category', 'company')
->whereNull('accessories.deleted_at');
if (Input::has('search')) {
$accessories = $accessories->TextSearch(Input::get('search'));
$accessories = $accessories->TextSearch(e(Input::get('search')));
}
if (Input::has('offset')) {
@ -574,7 +575,7 @@ class AccessoriesController extends Controller
$allowed_columns = ['name','min_amt','order_number','purchase_date','purchase_cost','companyName','category'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
switch ($sort) {
case 'category':
@ -600,11 +601,11 @@ class AccessoriesController extends Controller
$rows[] = array(
'name' => '<a href="'.url('admin/accessories/'.$accessory->id).'/view">'. $accessory->name.'</a>',
'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '',
'qty' => $accessory->qty,
'order_number' => $accessory->order_number,
'min_amt' => $accessory->min_amt,
'location' => ($accessory->location) ? $accessory->location->name: '',
'purchase_date' => $accessory->purchase_date,
'qty' => e($accessory->qty),
'order_number' => e($accessory->order_number),
'min_amt' => e($accessory->min_amt),
'location' => ($accessory->location) ? e($accessory->location->name): '',
'purchase_date' => e($accessory->purchase_date),
'purchase_cost' => number_format($accessory->purchase_cost, 2),
'numRemaining' => $accessory->numRemaining(),
'actions' => $actions,
@ -643,7 +644,7 @@ class AccessoriesController extends Controller
* @param int $accessoryId
* @return string JSON containing accessories and their associated atrributes.
**/
public function getDataView($accessoryID)
public function getDataView(Request $request, $accessoryID)
{
$accessory = Accessory::find($accessoryID);
@ -660,7 +661,7 @@ class AccessoriesController extends Controller
$actions = '<a href="'.route('checkin/accessory', $user->pivot->id).'" class="btn btn-info btn-sm">Checkin</a>';
$rows[] = array(
'name' =>(string) link_to('/admin/users/'.$user->id.'/view', $user->fullName()),
'name' =>(string) link_to('/admin/users/'.$user->id.'/view', e($user->fullName())),
'actions' => $actions
);
}

View file

@ -75,7 +75,7 @@ class AssetMaintenancesController extends Controller
$allowed_columns = ['id','title','asset_maintenance_time','asset_maintenance_type','cost','start_date','completion_date','notes'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$maintenances->orderBy($sort, $order);

View file

@ -441,7 +441,7 @@ class AssetModelsController extends Controller
$allowed_columns = ['id','name','modelno'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$models = $models->orderBy($sort, $order);
@ -491,7 +491,7 @@ class AssetModelsController extends Controller
$assets = Asset::where('model_id', '=', $modelID)->withTrashed()->with('company');
if (Input::has('search')) {
$assets = $assets->TextSearch(Input::get('search'));
$assets = $assets->TextSearch(e(Input::get('search')));
}
if (Input::has('offset')) {
@ -509,7 +509,7 @@ class AssetModelsController extends Controller
$allowed_columns = ['name', 'serial','asset_tag'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$assets = $assets->orderBy($sort, $order);

View file

@ -136,7 +136,7 @@ class AssetsController extends Controller
$asset->name = e(Input::get('name'));
$asset->serial = e(Input::get('serial'));
$asset->company_id = \App\Models\Company::getIdForCurrentUser(Input::get('company_id'));
$asset->company_id = \App\Models\Company::getIdForCurrentUser(e(Input::get('company_id')));
$asset->model_id = e(Input::get('model_id'));
$asset->order_number = e(Input::get('order_number'));
$asset->notes = e(Input::get('notes'));
@ -358,12 +358,11 @@ class AssetsController extends Controller
$checkModel = config('app.url').'/api/models/'.e(Input::get('model_id')).'/check';
//$asset->mac_address = ($checkModel == true) ? e(Input::get('mac_address')) : NULL;
// Update the asset data
$asset->name = e(Input::get('name'));
$asset->serial = e(Input::get('serial'));
$asset->company_id = Company::getIdForCurrentUser(Input::get('company_id'));
$asset->company_id = Company::getIdForCurrentUser(e(Input::get('company_id')));
$asset->model_id = e(Input::get('model_id'));
$asset->order_number = e(Input::get('order_number'));
$asset->asset_tag = e(Input::get('asset_tag'));
@ -439,7 +438,7 @@ class AssetsController extends Controller
public function getCheckout($assetId)
{
// Check if the asset exists
if (is_null($asset = Asset::find($assetId))) {
if (is_null($asset = Asset::find(e($assetId)))) {
// Redirect to the asset management page with error
return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
@ -582,7 +581,6 @@ class AssetsController extends Controller
$logaction->note = e(Input::get('note'));
$logaction->user_id = Auth::user()->id;
$log = $logaction->logaction('checkin from');
$settings = Setting::getSettings();
if ($settings->slack_endpoint) {
@ -601,7 +599,7 @@ class AssetsController extends Controller
'fields' => [
[
'title' => 'Checked In:',
'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.$asset->showAssetName().'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.Auth::user()->fullName().'>.'
'value' => strtoupper($logaction->asset_type).' asset <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e($asset->showAssetName()).'> checked in by <'.config('app.url').'/hardware/'.$asset->id.'/view'.'|'.e(Auth::user()->fullName()).'>.'
],
[
'title' => 'Note:',
@ -1462,19 +1460,19 @@ class AssetsController extends Controller
'checkbox' =>'<div class="text-center"><input type="checkbox" name="edit_asset['.$asset->id.']" class="one_required"></div>',
'id' => $asset->id,
'image' => (($asset->image) && ($asset->image!='')) ? '<img src="'.config('app.url').'/uploads/assets/'.$asset->image.'" height=50 width=50>' : ((($asset->model) && ($asset->model->image!='')) ? '<img src="'.config('app.url').'/uploads/models/'.$asset->model->image.'" height=40 width=50>' : ''),
'name' => '<a title="'.$asset->name.'" href="hardware/'.$asset->id.'/view">'.$asset->name.'</a>',
'asset_tag' => '<a title="'.$asset->asset_tag.'" href="hardware/'.$asset->id.'/view">'.$asset->asset_tag.'</a>',
'serial' => $asset->serial,
'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', $asset->model->name) : 'No model',
'status_label' => ($asset->assigneduser) ? 'Deployed' : (($asset->assetstatus) ? $asset->assetstatus->name : ''),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', $asset->assigneduser->fullName()) : '',
'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', $asset->assigneduser->userloc->name) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', $asset->defaultLoc->name) : ''),
'category' => (($asset->model) && ($asset->model->category)) ? $asset->model->category->name : '',
'name' => '<a title="'.e($asset->name).'" href="hardware/'.$asset->id.'/view">'.e($asset->name).'</a>',
'asset_tag' => '<a title="'.e($asset->asset_tag).'" href="hardware/'.$asset->id.'/view">'.e($asset->asset_tag).'</a>',
'serial' => e($asset->serial),
'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', e($asset->model->name)) : 'No model',
'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('../admin/users/'.$asset->assigned_to.'/view', e($asset->assigneduser->fullName())) : '',
'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/edit', e($asset->assigneduser->userloc->name)) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/edit', e($asset->defaultLoc->name)) : ''),
'category' => (($asset->model) && ($asset->model->category)) ? e($asset->model->category->name) : '',
'eol' => ($asset->eol_date()) ? $asset->eol_date() : '',
'notes' => $asset->notes,
'order_number' => ($asset->order_number!='') ? '<a href="'.config('app.url').'/hardware?order_number='.$asset->order_number.'">'.$asset->order_number.'</a>' : '',
'last_checkout' => ($asset->last_checkout!='') ? $asset->last_checkout : '',
'expected_checkin' => ($asset->expected_checkin!='') ? $asset->expected_checkin : '',
'notes' => e($asset->notes),
'order_number' => ($asset->order_number!='') ? '<a href="'.config('app.url').'/hardware?order_number='.e($asset->order_number).'">'.e($asset->order_number).'</a>' : '',
'last_checkout' => ($asset->last_checkout!='') ? e($asset->last_checkout) : '',
'expected_checkin' => ($asset->expected_checkin!='') ? e($asset->expected_checkin) : '',
'change' => ($inout) ? $inout : '',
'actions' => ($actions) ? $actions : '',
'companyName' => is_null($asset->company) ? '' : e($asset->company->name)

View file

@ -218,7 +218,7 @@ class CategoriesController extends Controller
$allowed_columns = ['id','name','category_type'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$categories = $categories->orderBy($sort, $order);
@ -309,10 +309,10 @@ class CategoriesController extends Controller
$rows[] = array(
'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->name),
'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->name)),
//'model' => $asset->model->name,
'asset_tag' => $asset->asset_tag,
'serial' => $asset->serial,
'asset_tag' => e($asset->asset_tag),
'serial' => e($asset->serial),
'assigned_to' => ($asset->assigneduser) ? (string)link_to(config('app.url').'/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '',
'change' => $inout,
'actions' => $actions,

View file

@ -397,13 +397,13 @@ class ComponentsController extends Controller
$rows[] = array(
'checkbox' =>'<div class="text-center"><input type="checkbox" name="component['.$component->id.']" class="one_required"></div>',
'id' => $component->id,
'name' => (string)link_to('admin/components/'.$component->id.'/view', $component->name),
'name' => (string)link_to('admin/components/'.$component->id.'/view', e($component->name)),
'location' => ($component->location) ? e($component->location->name) : '',
'total_qty' => $component->total_qty,
'min_amt' => $component->min_amt,
'category' => ($component->category) ? $component->category->name : 'Missing category',
'order_number' => $component->order_number,
'purchase_date' => $component->purchase_date,
'total_qty' => e($component->total_qty),
'min_amt' => e($component->min_amt),
'category' => ($component->category) ? e($component->category->name) : 'Missing category',
'order_number' => e($component->order_number),
'purchase_date' => e($component->purchase_date),
'purchase_cost' => ($component->purchase_cost!='') ? number_format($component->purchase_cost, 2): '' ,
'numRemaining' => $component->numRemaining(),
'actions' => $actions,
@ -432,8 +432,8 @@ class ComponentsController extends Controller
foreach ($component->assets as $component_assignment) {
$rows[] = array(
'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', $component_assignment->name),
'qty' => $component_assignment->pivot->assigned_qty,
'name' => (string)link_to('/hardware/'.$component_assignment->id.'/view', e($component_assignment->name)),
'qty' => e($component_assignment->pivot->assigned_qty),
'created_at' => ($component_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $component_assignment->created_at->format('Y-m-d H:i:s'),
);
}

View file

@ -79,7 +79,7 @@ class ConsumablesController extends Controller
if (e(Input::get('purchase_cost')) == '0.00') {
$consumable->purchase_cost = null;
} else {
$consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost')));
$consumable->purchase_cost = e(Input::get('purchase_cost'));
}
$consumable->qty = e(Input::get('qty'));
@ -157,7 +157,7 @@ class ConsumablesController extends Controller
if (e(Input::get('purchase_cost')) == '0.00') {
$consumable->purchase_cost = null;
} else {
$consumable->purchase_cost = ParseFloat(e(Input::get('purchase_cost')));
$consumable->purchase_cost = e(Input::get('purchase_cost'));
}
$consumable->qty = e(Input::get('qty'));
@ -357,7 +357,7 @@ class ConsumablesController extends Controller
->with('company', 'location', 'category', 'users');
if (Input::has('search')) {
$consumables = $consumables->TextSearch(Input::get('search'));
$consumables = $consumables->TextSearch(e(Input::get('search')));
}
if (Input::has('offset')) {
@ -398,17 +398,17 @@ class ConsumablesController extends Controller
foreach ($consumables as $consumable) {
$actions = '<nobr><a href="'.route('checkout/consumable', $consumable->id).'" style="margin-right:5px;" class="btn btn-info btn-sm" '.(($consumable->numRemaining() > 0 ) ? '' : ' disabled').'>'.Lang::get('general.checkout').'</a><a href="'.route('update/consumable', $consumable->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/consumable', $consumable->id).'" data-content="'.Lang::get('admin/consumables/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($consumable->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
$company = $consumable->company;
$company = e($consumable->company);
$rows[] = array(
'id' => $consumable->id,
'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', $consumable->name),
'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => $consumable->min_amt,
'qty' => $consumable->qty,
'category' => ($consumable->category) ? $consumable->category->name : 'Missing category',
'order_number' => $consumable->order_number,
'purchase_date' => $consumable->purchase_date,
'min_amt' => e($consumable->min_amt),
'qty' => e($consumable->qty),
'category' => ($consumable->category) ? e($consumable->category->name) : 'Missing category',
'order_number' => e($consumable->order_number),
'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' ,
'numRemaining' => $consumable->numRemaining(),
'actions' => $actions,
@ -445,9 +445,9 @@ class ConsumablesController extends Controller
foreach ($consumable->consumableAssigments as $consumable_assignment) {
$rows[] = array(
'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', $consumable_assignment->user->fullName()),
'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', e($consumable_assignment->user->fullName())),
'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'),
'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->fullName() : '',
'admin' => ($consumable_assignment->admin) ? e($consumable_assignment->admin->fullName()) : '',
);
}

View file

@ -184,8 +184,8 @@ class DepreciationsController extends Controller
$rows[] = array(
'id' => $depreciation->id,
'name' => $depreciation->name,
'months' => $depreciation->months,
'name' => e($depreciation->name),
'months' => e($depreciation->months),
'actions' => $actions
);
}

View file

@ -165,7 +165,7 @@ class GroupsController extends Controller
//$users = Company::scopeCompanyables($users);
if (Input::has('search')) {
$groups = $users->TextSearch(Input::get('search'));
$groups = $users->TextSearch(e(Input::get('search')));
}
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';

View file

@ -936,7 +936,7 @@ class LicensesController extends Controller
$allowed_columns = ['id','name','purchase_cost','expiration_date','purchase_order','order_number','notes','purchase_date','serial'];
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
$sort = in_array(Input::get('sort'), $allowed_columns) ? Input::get('sort') : 'created_at';
$sort = in_array(Input::get('sort'), $allowed_columns) ? e(Input::get('sort')) : 'created_at';
$licenses = $licenses->orderBy($sort, $order);
@ -954,14 +954,14 @@ class LicensesController extends Controller
'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")),
'totalSeats' => $license->totalSeatsByLicenseID(),
'remaining' => $license->remaincount(),
'license_name' => $license->license_name,
'license_email' => $license->license_email,
'license_name' => e($license->license_name),
'license_email' => e($license->license_email),
'purchase_date' => ($license->purchase_date) ? $license->purchase_date : '',
'expiration_date' => ($license->expiration_date) ? $license->expiration_date : '',
'purchase_cost' => ($license->purchase_cost) ? $license->purchase_cost : '',
'purchase_order' => ($license->purchase_order) ? $license->purchase_order : '',
'order_number' => ($license->order_number) ? $license->order_number : '',
'notes' => ($license->notes) ? $license->notes : '',
'purchase_order' => ($license->purchase_order) ? e($license->purchase_order) : '',
'order_number' => ($license->order_number) ? e($license->order_number) : '',
'notes' => ($license->notes) ? e($license->notes) : '',
'actions' => $actions,
'companyName' => is_null($license->company) ? '' : e($license->company->name)
);

View file

@ -71,7 +71,7 @@ class LocationsController extends Controller
} else {
$location->parent_id = e(Input::get('parent_id'));
}
$location->currency = Input::get('currency', '$');
$location->currency = e(Input::get('currency', '$'));
$location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city'));
@ -172,7 +172,7 @@ class LocationsController extends Controller
} else {
$location->parent_id = e(Input::get('parent_id', ''));
}
$location->currency = Input::get('currency', '$');
$location->currency = e(Input::get('currency', '$'));
$location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city'));
@ -302,16 +302,16 @@ class LocationsController extends Controller
$rows[] = array(
'id' => $location->id,
'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', $location->name),
'parent' => ($location->parent) ? $location->parent->name : '',
'name' => (string)link_to('admin/settings/locations/'.$location->id.'/view', e($location->name)),
'parent' => ($location->parent) ? e($location->parent->name) : '',
// 'assets' => ($location->assets->count() + $location->assignedassets->count()),
'assets_default' => $location->assignedassets->count(),
'assets_checkedout' => $location->assets->count(),
'address' => ($location->address) ? $location->address: '',
'city' => $location->city,
'state' => $location->state,
'country' => $location->country,
'currency' => $location->currency,
'address' => ($location->address) ? e($location->address): '',
'city' => e($location->city),
'state' => e($location->state),
'country' => e($location->country),
'currency' => e($location->currency),
'actions' => $actions
);
}
@ -339,7 +339,7 @@ class LocationsController extends Controller
foreach ($location_users as $user) {
$rows[] = array(
'name' => (string)link_to('/admin/users/'.$user->id.'/view', $user->fullName())
'name' => (string)link_to('/admin/users/'.$user->id.'/view', e($user->fullName()))
);
}
@ -364,10 +364,10 @@ class LocationsController extends Controller
foreach ($location->assets as $asset) {
$rows[] = array(
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()),
'asset_tag' => $asset->asset_tag,
'serial' => $asset->serial,
'model' => $asset->model->name,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
'asset_tag' => e($asset->asset_tag),
'serial' => e($asset->serial),
'model' => e($asset->model->name),
);
}

View file

@ -132,11 +132,6 @@ class ManufacturersController extends Controller
return Redirect::to('admin/settings/manufacturers')->with('success', Lang::get('admin/manufacturers/message.delete.success'));
}
}
@ -201,7 +196,7 @@ class ManufacturersController extends Controller
$rows[] = array(
'id' => $manufacturer->id,
'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', $manufacturer->name),
'name' => (string)link_to('admin/settings/manufacturers/'.$manufacturer->id.'/view', e($manufacturer->name)),
'assets' => $manufacturer->assets->count(),
'actions' => $actions
);
@ -266,13 +261,13 @@ class ManufacturersController extends Controller
$row = array(
'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()),
'model' => $asset->model->name,
'asset_tag' => $asset->asset_tag,
'serial' => $asset->serial,
'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '',
'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
'model' => e($asset->model->name),
'asset_tag' => e($asset->asset_tag),
'serial' => e($asset->serial),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', e($asset->assigneduser->fullName())): '',
'actions' => $actions,
'companyName' => Company::getName($asset),
'companyName' => e(Company::getName($asset)),
);
if (isset($inout)) {

View file

@ -36,12 +36,12 @@ class ProfileController extends Controller
$user = Auth::user();
// Update the user information
$user->first_name = Input::get('first_name');
$user->last_name = Input::get('last_name');
$user->website = Input::get('website');
$user->location_id = Input::get('location_id');
$user->gravatar = Input::get('gravatar');
$user->locale = Input::get('locale');
$user->first_name = e(Input::get('first_name'));
$user->last_name = e(Input::get('last_name'));
$user->website = e(Input::get('website'));
$user->location_id = e(Input::get('location_id'));
$user->gravatar = e(Input::get('gravatar'));
$user->locale = e(Input::get('locale'));
if (Input::file('avatar')) {
$image = Input::file('avatar');

View file

@ -58,10 +58,10 @@ class ReportsController extends Controller
// Row per accessory
foreach ($accessories as $accessory) {
$row = array();
$row[] = $accessory->accessory_name;
$row[] = $accessory->accessory_category;
$row[] = $accessory->total;
$row[] = $accessory->remaining;
$row[] = e($accessory->accessory_name);
$row[] = e($accessory->accessory_category);
$row[] = e($accessory->total);
$row[] = e($accessory->remaining);
$rows[] = implode($row, ',');
}
@ -133,37 +133,37 @@ class ReportsController extends Controller
// Create a row per asset
foreach ($assets as $asset) {
$row = [ ];
$row[] = $asset->asset_tag;
$row[] = e($asset->asset_tag);
if ($asset->model->manufacturer) {
$row[] = $asset->model->manufacturer->name;
$row[] = e($asset->model->manufacturer->name);
} else {
$row[] = '';
}
$row[] = '"' . $asset->model->name . '"';
$row[] = '"' . $asset->model->modelno . '"';
$row[] = $asset->name;
$row[] = $asset->serial;
$row[] = '"' . e($asset->model->name) . '"';
$row[] = '"' . e($asset->model->modelno) . '"';
$row[] = e($asset->name);
$row[] = e($asset->serial);
if ($asset->assetstatus) {
$row[] = $asset->assetstatus->name;
$row[] = e($asset->assetstatus->name);
} else {
$row[] = '';
}
$row[] = $asset->purchase_date;
$row[] = '"' . number_format($asset->purchase_cost) . '"';
$row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
if ($asset->order_number) {
$row[] = $asset->order_number;
$row[] = e($asset->order_number);
} else {
$row[] = '';
}
if ($asset->supplier_id) {
$row[] = $asset->supplier->name;
$row[] = e($asset->supplier->name);
} else {
$row[] = '';
}
if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to);
$row[] = $user->fullName();
$row[] = e($user->fullName());
} else {
$row[] = ''; // Empty string if unassigned
}
@ -171,14 +171,14 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) {
$location = Location::find($asset->assigneduser->location_id);
if ($location) {
$row[] = $location->name;
$row[] = e($location->name);
} else {
$row[] = '';
}
} elseif ($asset->rtd_location_id) {
$location = Location::find($asset->rtd_location_id);
if ($location->name) {
$row[] = $location->name;
$row[] = e($location->name);
} else {
$row[] = '';
}
@ -187,7 +187,7 @@ class ReportsController extends Controller
}
if ($asset->notes) {
$row[] = '"' . $asset->notes . '"';
$row[] = '"' . e($asset->notes) . '"';
} else {
$row[] = '';
}
@ -255,13 +255,13 @@ class ReportsController extends Controller
// Create a row per asset
foreach ($assets as $asset) {
$row = [ ];
$row[] = $asset->asset_tag;
$row[] = $asset->name;
$row[] = $asset->serial;
$row[] = e($asset->asset_tag);
$row[] = e($asset->name);
$row[] = e($asset->serial);
if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to);
$row[] = $user->fullName();
$row[] = e($user->fullName());
} else {
$row[] = ''; // Empty string if unassigned
}
@ -269,9 +269,9 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id > 0 )) {
$location = Location::find($asset->assigneduser->location_id);
if ($location->city) {
$row[] = $location->city . ', ' . $location->state;
$row[] = e($location->city) . ', ' . e($location->state);
} elseif ($location->name) {
$row[] = $location->name;
$row[] = e($location->name);
} else {
$row[] = '';
}
@ -280,15 +280,15 @@ class ReportsController extends Controller
}
if ($asset->assetloc) {
$currency = $asset->assetloc->currency;
$currency = e($asset->assetloc->currency);
} else {
$currency = Setting::first()->default_currency;
$currency = e(Setting::first()->default_currency);
}
$row[] = $asset->purchase_date;
$row[] = $currency . number_format($asset->purchase_cost);
$row[] = $currency . number_format($asset->getDepreciatedValue());
$row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() ));
$row[] = $currency . number_format($asset->purchase_cost, 2);
$row[] = $currency . number_format($asset->getDepreciatedValue(), 2);
$row[] = $currency . number_format(( $asset->purchase_cost - $asset->getDepreciatedValue() ), 2);
$csv->insertOne($row);
}
@ -357,13 +357,13 @@ class ReportsController extends Controller
// Row per license
foreach ($licenses as $license) {
$row = [ ];
$row[] = $license->name;
$row[] = $license->serial;
$row[] = $license->seats;
$row[] = e($license->name);
$row[] = e($license->serial);
$row[] = e($license->seats);
$row[] = $license->remaincount();
$row[] = $license->expiration_date;
$row[] = $license->purchase_date;
$row[] = '"' . number_format($license->purchase_cost) . '"';
$row[] = '"' . number_format($license->purchase_cost, 2) . '"';
$rows[] = implode($row, ',');
}
@ -445,45 +445,45 @@ class ReportsController extends Controller
foreach ($assets as $asset) {
$row = [ ];
if (e(Input::get('asset_name')) == '1') {
$row[] = '"' .$asset->name . '"';
$row[] = '"' .e($asset->name) . '"';
}
if (e(Input::get('asset_tag')) == '1') {
$row[] = $asset->asset_tag;
$row[] = e($asset->asset_tag);
}
if (e(Input::get('manufacturer')) == '1') {
if ($asset->model->manufacturer) {
$row[] = '"' .$asset->model->manufacturer->name . '"';
$row[] = '"' .e($asset->model->manufacturer->name) . '"';
} else {
$row[] = '';
}
}
if (e(Input::get('model')) == '1') {
$row[] = '"' . $asset->model->name . '"';
$row[] = '"' . $asset->model->modelno . '"';
$row[] = '"' . e($asset->model->name) . '"';
$row[] = '"' . e($asset->model->modelno) . '"';
}
if (e(Input::get('category')) == '1') {
$row[] = '"' .$asset->model->category->name . '"';
$row[] = '"' .e($asset->model->category->name) . '"';
}
if (e(Input::get('serial')) == '1') {
$row[] = $asset->serial;
$row[] = e($asset->serial);
}
if (e(Input::get('purchase_date')) == '1') {
$row[] = $asset->purchase_date;
$row[] = e($asset->purchase_date);
}
if (e(Input::get('purchase_cost')) == '1' && ( e(Input::get('depreciation')) != '1' )) {
$row[] = '"' . number_format($asset->purchase_cost) . '"';
$row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
}
if (e(Input::get('order')) == '1') {
if ($asset->order_number) {
$row[] = $asset->order_number;
$row[] = e($asset->order_number);
} else {
$row[] = '';
}
}
if (e(Input::get('supplier')) == '1') {
if ($asset->supplier_id) {
$row[] = '"' .$asset->supplier->name . '"';
$row[] = '"' .e($asset->supplier->name) . '"';
} else {
$row[] = '';
}
@ -493,14 +493,14 @@ class ReportsController extends Controller
if (( $asset->assigned_to > 0 ) && ( $asset->assigneduser->location_id !='' )) {
$location = Location::find($asset->assigneduser->location_id);
if ($location) {
$show_loc .= '"' .$location->name. '"';
$show_loc .= '"' .e($location->name). '"';
} else {
$show_loc .= 'User location '.$asset->assigneduser->location_id.' is invalid';
}
} elseif ($asset->rtd_location_id!='') {
$location = Location::find($asset->rtd_location_id);
if ($location) {
$show_loc .= '"' .$location->name. '"';
$show_loc .= '"' .e($location->name). '"';
} else {
$show_loc .= 'Default location '.$asset->rtd_location_id.' is invalid';
}
@ -512,7 +512,7 @@ class ReportsController extends Controller
if (e(Input::get('assigned_to')) == '1') {
if ($asset->assigned_to > 0) {
$user = User::find($asset->assigned_to);
$row[] = '"' .$user->fullName(). '"';
$row[] = '"' .e($user->fullName()). '"';
} else {
$row[] = ''; // Empty string if unassigned
}
@ -523,7 +523,7 @@ class ReportsController extends Controller
} elseif (( $asset->status_id == '' ) && ( $asset->assigned_to == '0' )) {
$row[] = Lang::get('general.pending');
} elseif ($asset->assetstatus) {
$row[] = '"' .$asset->assetstatus->name. '"';
$row[] = '"' .e($asset->assetstatus->name). '"';
} else {
$row[] = '';
}
@ -539,9 +539,9 @@ class ReportsController extends Controller
}
if (e(Input::get('depreciation')) == '1') {
$depreciation = $asset->getDepreciatedValue();
$row[] = '"' . number_format($asset->purchase_cost) . '"';
$row[] = '"' . number_format($depreciation) . '"';
$row[] = '"' . number_format($asset->purchase_cost - $depreciation) . '"';
$row[] = '"' . number_format($asset->purchase_cost, 2) . '"';
$row[] = '"' . number_format($depreciation, 2) . '"';
$row[] = '"' . number_format($asset->purchase_cost - $depreciation, 2) . '"';
}
$rows[] = implode($row, ',');
}
@ -610,12 +610,12 @@ class ReportsController extends Controller
foreach ($assetMaintenances as $assetMaintenance) {
$row = [ ];
$row[] = str_replace(',', '', $assetMaintenance->asset->name);
$row[] = str_replace(',', '', $assetMaintenance->supplier->name);
$row[] = $assetMaintenance->improvement_type;
$row[] = $assetMaintenance->title;
$row[] = $assetMaintenance->start_date;
$row[] = $assetMaintenance->completion_date;
$row[] = str_replace(',', '', e($assetMaintenance->asset->name));
$row[] = str_replace(',', '', e($assetMaintenance->supplier->name));
$row[] = e($assetMaintenance->improvement_type);
$row[] = e($assetMaintenance->title);
$row[] = e($assetMaintenance->start_date);
$row[] = e($assetMaintenance->completion_date;)
if (is_null($assetMaintenance->asset_maintenance_time)) {
$improvementTime = intval(Carbon::now()
->diffInDays(Carbon::parse($assetMaintenance->start_date)));
@ -679,11 +679,11 @@ class ReportsController extends Controller
foreach ($assetsForReport as $assetItem) {
$row = [ ];
$row[] = str_replace(',', '', $assetItem->assetlog->model->category->name);
$row[] = str_replace(',', '', $assetItem->assetlog->model->name);
$row[] = str_replace(',', '', $assetItem->assetlog->showAssetName());
$row[] = str_replace(',', '', $assetItem->assetlog->asset_tag);
$row[] = str_replace(',', '', $assetItem->assetlog->assigneduser->fullName());
$row[] = str_replace(',', '', e($assetItem->assetlog->model->category->name));
$row[] = str_replace(',', '', e($assetItem->assetlog->model->name));
$row[] = str_replace(',', '', e($assetItem->assetlog->showAssetName()));
$row[] = str_replace(',', '', e($assetItem->assetlog->asset_tag));
$row[] = str_replace(',', '', e($assetItem->assetlog->assigneduser->fullName()));
$rows[] = implode($row, ',');
}

View file

@ -379,23 +379,23 @@ class SettingsController extends Controller
$setting->slack_endpoint = e(Input::get('slack_endpoint'));
$setting->slack_channel = e(Input::get('slack_channel'));
$setting->slack_botname = e(Input::get('slack_botname'));
$setting->ldap_enabled = Input::get('ldap_enabled', '0');
$setting->ldap_server = Input::get('ldap_server');
$setting->ldap_enabled = e(Input::get('ldap_enabled', '0'));
$setting->ldap_server = e(Input::get('ldap_server'));
$setting->ldap_server_cert_ignore = e(Input::get('ldap_server_cert_ignore', false));
$setting->ldap_uname = Input::get('ldap_uname');
$setting->ldap_uname = e(Input::get('ldap_uname'));
if (Input::has('ldap_pword')) {
$setting->ldap_pword = Crypt::encrypt(Input::get('ldap_pword'));
}
$setting->ldap_basedn = e(Input::get('ldap_basedn'));
$setting->ldap_filter = Input::get('ldap_filter');
$setting->ldap_username_field = Input::get('ldap_username_field');
$setting->ldap_lname_field = Input::get('ldap_lname_field');
$setting->ldap_fname_field = Input::get('ldap_fname_field');
$setting->ldap_lname_field = e(Input::get('ldap_lname_field'));
$setting->ldap_fname_field = e(Input::get('ldap_fname_field'));
$setting->ldap_auth_filter_query = Input::get('ldap_auth_filter_query');
$setting->ldap_version = Input::get('ldap_version');
$setting->ldap_active_flag = Input::get('ldap_active_flag');
$setting->ldap_emp_num = Input::get('ldap_emp_num');
$setting->ldap_email = Input::get('ldap_email');
$setting->ldap_version = e(Input::get('ldap_version'));
$setting->ldap_active_flag = e(Input::get('ldap_active_flag'));
$setting->ldap_emp_num = e(Input::get('ldap_emp_num'));
$setting->ldap_email = e(Input::get('ldap_email'));
// If validation fails, we'll exit the operation now.
if ($setting->save()) {

View file

@ -248,8 +248,8 @@ class StatuslabelsController extends Controller
$actions = '<a href="'.route('update/statuslabel', $statuslabel->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/statuslabel', $statuslabel->id).'" data-content="'.Lang::get('admin/statuslabels/message.delete.confirm').'" data-title="'.Lang::get('general.delete').' '.htmlspecialchars($statuslabel->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
$rows[] = array(
'id' => $statuslabel->id,
'type' => $label_type,
'id' => e($statuslabel->id),
'type' => e($label_type),
'name' => e($statuslabel->name),
'actions' => $actions
);

View file

@ -270,12 +270,12 @@ class SuppliersController extends Controller
$rows[] = array(
'id' => $supplier->id,
'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', $supplier->name),
'contact' => $supplier->contact,
'address' => $supplier->address.' '.$supplier->address2.' '.$supplier->city.' '.$supplier->state.' '.$supplier->country,
'phone' => $supplier->phone,
'fax' => $supplier->fax,
'email' => ($supplier->email!='') ? '<a href="mailto:'.$supplier->email.'">'.$supplier->email.'</a>' : '',
'name' => (string)link_to('admin/settings/suppliers/'.$supplier->id.'/view', e($supplier->name)),
'contact' => e($supplier->contact),
'address' => e($supplier->address).' '.e($supplier->address2).' '.e($supplier->city).' '.e($supplier->state).' '.e($supplier->country),
'phone' => e($supplier->phone),
'fax' => e($supplier->fax),
'email' => ($supplier->email!='') ? '<a href="mailto:'.e($supplier->email).'">'.e($supplier->email).'</a>' : '',
'assets' => $supplier->num_assets(),
'licenses' => $supplier->num_licenses(),
'actions' => $actions

View file

@ -1101,7 +1101,7 @@ class UsersController extends Controller
public function postLDAP()
{
$location_id = Input::get('location_id');
$location_id = e(Input::get('location_id'));
$ldap_version = Setting::getSettings()->ldap_version;
$url = Setting::getSettings()->ldap_server;

View file

@ -30,7 +30,7 @@
name="models"
class="table table-striped"
id="table"
data-url="{{ route('api.models.list',array('status'=>Input::get('status'))) }}"
data-url="{{ route('api.models.list',array('status'=>e(Input::get('status')))) }}"
data-cookie="true"
data-click-to-select="true"
data-cookie-id-table="modelsTable-{{ config('version.hash_version') }}">

View file

@ -56,7 +56,7 @@
class="table table-striped"
id="table"
data-toggle="table"
data-url="{{ route('api.users.list', array(''=>Input::get('status'))) }}"
data-url="{{ route('api.users.list', array(''=>e(Input::get('status')))) }}"
data-cookie="true"
data-click-to-select="true"
data-cookie-id-table="userTableDisplay-{{ config('version.hash_version') }}">