Merge pull request #10315 from snipe/fixes/escape_custom_fields_in_api_response

Escape custom field values in API response
2025-03-05 20:52:15 -08:00 · 2021-11-15 20:33:51 -08:00 · 2021-11-15 20:33:51 -08:00 · 7ce5993f5a
parent e75a5f13ec f7b483358f
commit 7ce5993f5a
1 changed files with 5 additions and 5 deletions
--- a/app/Http/Transformers/AssetsTransformer.php
+++ b/app/Http/Transformers/AssetsTransformer.php
@ -93,15 +93,15 @@ class AssetsTransformer
                    $value = (Gate::allows('superadmin')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted'));
                    $fields_array[$field->name] = [
-                            'field' => $field->convertUnicodeDbSlug(),
+                            'field' => e($field->convertUnicodeDbSlug()),
-                            'value' => $value,
+                            'value' => e($value),
                            'field_format' => $field->format,
                        ];
                } else {
                    $fields_array[$field->name] = [
-                        'field' => $field->convertUnicodeDbSlug(),
+                        'field' => e($field->convertUnicodeDbSlug()),
-                        'value' => $asset->{$field->convertUnicodeDbSlug()},
+                        'value' => e($asset->{$field->convertUnicodeDbSlug()}),
                        'field_format' => $field->format,
                    ];
@ -134,7 +134,7 @@ class AssetsTransformer
                            'id' => $component->id,
                            'pivot_id' => $component->pivot->id,
-                            'name' => $component->name,
+                            'name' => e($component->name),
                            'qty' => $component->pivot->assigned_qty,
                            'price_cost' => $component->purchase_cost,
                            'purchase_total' => $component->purchase_cost * $component->pivot->assigned_qty,