From cf544f9fae502f89178e4808636a1132284b35a5 Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Wed, 26 Feb 2025 10:36:27 -0800 Subject: [PATCH] escape asset tags and notification --- .../Controllers/Assets/BulkAssetsController.php | 6 +++--- resources/lang/en-US/admin/hardware/message.php | 4 ++-- resources/views/notifications.blade.php | 14 ++++++++++++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/Assets/BulkAssetsController.php b/app/Http/Controllers/Assets/BulkAssetsController.php index 72d8bd9083..b4e0ea8f51 100644 --- a/app/Http/Controllers/Assets/BulkAssetsController.php +++ b/app/Http/Controllers/Assets/BulkAssetsController.php @@ -550,7 +550,7 @@ class BulkAssetsController extends Controller $errorMessages[] = trans_choice( 'admin/hardware/message.delete.assigned_to_error', $assignedAssets->count(), - ['asset_tag' => $assignedTags] + ['asset_tag' => e($assignedTags)] ); } @@ -559,7 +559,7 @@ class BulkAssetsController extends Controller $errorMessages[] = trans_choice( 'admin/hardware/message.delete.parent_assigned_error', $parentAssets->count(), - ['asset_tag' => $parentTags] + ['asset_tag' => e($parentTags)] ); } @@ -567,7 +567,7 @@ class BulkAssetsController extends Controller // Combine both messages $combinedErrorMessage = implode('
', $errorMessages); - return redirect($bulk_back_url)->with('error', $combinedErrorMessage); + return redirect($bulk_back_url)->with('error-unescaped', $combinedErrorMessage); } foreach (Asset::wherein('id', $assetIds)->get() as $asset) { diff --git a/resources/lang/en-US/admin/hardware/message.php b/resources/lang/en-US/admin/hardware/message.php index 384a83922f..09dc99e8ca 100644 --- a/resources/lang/en-US/admin/hardware/message.php +++ b/resources/lang/en-US/admin/hardware/message.php @@ -72,8 +72,8 @@ return [ 'delete' => [ 'confirm' => 'Are you sure you wish to delete this asset?', 'error' => 'There was an issue deleting the asset. Please try again.', - 'assigned_to_error' => '{1}Asset Tag: :asset_tag is currently checked out. Check in this device before deletion of this asset.|[2,*]Asset Tags: :asset_tag are currently checked out. Check in these devices before deletion of these assets.', - 'parent_assigned_error' => '{1}Asset Tag: :asset_tag currently has items checked out. Check in all items attached before deletion of this asset.|[2,*]Asset Tags: :asset_tag currently have items checked out. Check in these devices before deletion of these assets.', + 'assigned_to_error' => 'Asset Tag: :asset_tag is currently checked out. Check in this device before deletion of this asset.|[2,*]Asset Tags: :asset_tag are currently checked out. Check in these devices before deletion of these assets.', + 'parent_assigned_error' => 'Asset Tag: :asset_tag currently has items checked out. Check in all items attached before deletion of this asset.|[2,*]Asset Tags: :asset_tag currently have items checked out. Check in these devices before deletion of these assets.', 'nothing_updated' => 'No assets were selected, so nothing was deleted.', 'success' => 'The asset was deleted successfully.', ], diff --git a/resources/views/notifications.blade.php b/resources/views/notifications.blade.php index 599c8dd2f5..4c62006c55 100755 --- a/resources/views/notifications.blade.php +++ b/resources/views/notifications.blade.php @@ -109,10 +109,20 @@ {{ trans('general.error') }}: - {!! $message !!} + {{ $message }} @endif +@if ($message = session()->get('error-unescaped')) +
+
+ + + {{ trans('general.notification_error') }}: + {!! $message !!} +
+
+@endif @if ($messages = session()->get('error_messages')) @@ -169,4 +179,4 @@ {{ $message }} -@endif +@endif \ No newline at end of file