Merge pull request #10286 from uberbrady/fix_bulk_audit_xss

Escape asset_tag attribute at controller level for bulk checkout
2024-11-09 23:24:06 -08:00 · 2021-11-08 20:32:02 -08:00 · 2021-11-08 20:32:02 -08:00 · 9ed1442bd1
parent edf98cb795 3ea209a507
commit 9ed1442bd1
1 changed files with 1 additions and 1 deletions
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@ -910,7 +910,7 @@ class AssetsController extends Controller
            }
        }

-        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.$request->input('asset_tag').' not found'));
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.e($request->input('asset_tag')).' not found'));