From 2fbbe430b52a70a98a46a048418d649236c398d2 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 3 Dec 2019 17:42:13 -0800 Subject: [PATCH] Removed escaping on custom fields in presenter (#7631) --- app/Presenters/AssetPresenter.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Presenters/AssetPresenter.php b/app/Presenters/AssetPresenter.php index 144ed4d75b..eeb5a8704d 100644 --- a/app/Presenters/AssetPresenter.php +++ b/app/Presenters/AssetPresenter.php @@ -258,13 +258,17 @@ class AssetPresenter extends Presenter $query->whereHas('models'); })->get(); + + // Note: We do not need to e() escape the field names here, as they are already escaped when + // they are presented in the blade view. If we escape them here, custom fields with quotes in their + // name can break the listings page. - snipe foreach ($fields as $field) { $layout[] = [ "field" => 'custom_fields.'.$field->convertUnicodeDbSlug(), "searchable" => true, "sortable" => true, "switchable" => true, - "title" => ($field->field_encrypted=='1') ?' '.e($field->name) : e($field->name), + "title" => ($field->field_encrypted=='1') ?' '.$field->name : $field->name, "formatter" => "customFieldsFormatter" ];