DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-19 23:37:38 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Removed escaping on custom fields in presenter (#7631)

Browse source
This commit is contained in:
snipe 2019-12-03 17:42:13 -08:00 committed by GitHub
parent f0af750b0a
commit 2fbbe430b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Presenters/AssetPresenter.php
View file

@ -258,13 +258,17 @@ class AssetPresenter extends Presenter
$query->whereHas('models');
})->get();
// Note: We do not need to e() escape the field names here, as they are already escaped when
// they are presented in the blade view. If we escape them here, custom fields with quotes in their
// name can break the listings page. - snipe
foreach ($fields as $field) {
$layout[] = [
"field" => 'custom_fields.'.$field->convertUnicodeDbSlug(),
"searchable" => true,
"sortable" => true,
"switchable" => true,
"title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.e($field->name) : e($field->name),
"title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.$field->name : $field->name,
"formatter" => "customFieldsFormatter"
];