diff --git a/app/Http/Transformers/ActionlogsTransformer.php b/app/Http/Transformers/ActionlogsTransformer.php index 8cf1840888..ef44f1d8dd 100644 --- a/app/Http/Transformers/ActionlogsTransformer.php +++ b/app/Http/Transformers/ActionlogsTransformer.php @@ -25,7 +25,19 @@ class ActionlogsTransformer if ($actionlog->filename!='') { $icon = e(\App\Helpers\Helper::filetype_icon($actionlog->filename)); } - $array = [ + + // This is necessary since we can't escape special characters within a JSON object + if (($actionlog->log_meta) && ($actionlog->log_meta!='')) { + $meta_array = json_decode($actionlog->log_meta); + foreach ($meta_array as $key => $value) { + foreach ($value as $meta_key => $meta_value) { + $clean_meta[$key][$meta_key] = e($meta_value); + } + } + } + + + $array = [ 'id' => (int) $actionlog->id, 'icon' => $icon, 'file' => ($actionlog->filename!='') ? @@ -63,7 +75,7 @@ class ActionlogsTransformer 'note' => ($actionlog->note) ? e($actionlog->note): null, 'signature_file' => ($actionlog->signature_filename) ? route('log.signature.view', ['filename' => $actionlog->signature_filename ]) : null, - 'log_meta' => ($actionlog->log_meta) ? json_decode($actionlog->log_meta): null, + 'log_meta' => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null, 'action_date' => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): null, ]; diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php index e0fe00814e..e299575cd4 100644 --- a/app/Http/Transformers/UsersTransformer.php +++ b/app/Http/Transformers/UsersTransformer.php @@ -23,7 +23,7 @@ class UsersTransformer $array = [ 'id' => (int) $user->id, 'avatar' => e($user->present()->gravatar), - 'name' => e($user->first_name).' '.($user->last_name), + 'name' => e($user->first_name).' '.e($user->last_name), 'first_name' => e($user->first_name), 'last_name' => e($user->last_name), 'username' => e($user->username),