Fixes #4457 - use un-escaped CSS for custom CSS styles

We are already escaping the CSS in the show_custom_css() method
This commit is contained in:
snipe 2017-11-15 14:27:21 -08:00
parent f137e516a6
commit edcd3afc3e
2 changed files with 13 additions and 1 deletions

View file

@ -89,6 +89,18 @@ class Setting extends Model
} }
/**
* Escapes the custom CSS, and then un-escapes the greater-than symbol
* so it can work with direct descendant characters for bootstrap
* menu overrides like:
*
* .skin-blue .sidebar-menu>li.active>a, .skin-blue .sidebar-menu>li:hover>a
*
* Important: Do not remove the e() escaping here, as we output raw in the blade.
*
* @return string escaped CSS
* @author A. Gianotto <snipe@snipe.net>
*/
public function show_custom_css() public function show_custom_css()
{ {
$custom_css = Setting::getSettings()->custom_css; $custom_css = Setting::getSettings()->custom_css;

View file

@ -52,7 +52,7 @@
@endif @endif
@if ($snipeSettings->custom_css) @if ($snipeSettings->custom_css)
{{ $snipeSettings->show_custom_css() }} {!! $snipeSettings->show_custom_css() !!}
@endif @endif
@endif @endif
@media (max-width: 400px) { @media (max-width: 400px) {