From f1592aa63fd9380e7dfcb6bfbdba2352964055f0 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 3 Feb 2017 02:04:17 -0800
Subject: [PATCH] Tighter asset API responses, sanitization

---
 app/Http/Transformers/AssetsTransformer.php | 22 ++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/Http/Transformers/AssetsTransformer.php b/app/Http/Transformers/AssetsTransformer.php
index bfe4b11334..b2bf9dd206 100644
--- a/app/Http/Transformers/AssetsTransformer.php
+++ b/app/Http/Transformers/AssetsTransformer.php
@@ -21,23 +21,23 @@ class AssetsTransformer
     {
         $array = [
             'id' => $asset->id,
-            'name' => $asset->name,
-            'asset_tag' => $asset->asset_tag,
-            'serial' => $asset->serial,
-            'model' => ($asset->model) ? ['id' => $asset->model->id,'name'=> $asset->model->name] : '',
-            'model_number' => $asset->model_number,
-            'status_label' => ($asset->assetstatus) ? $asset->assetstatus : null,
+            'name' => e($asset->name),
+            'asset_tag' => e($asset->asset_tag),
+            'serial' => e($asset->serial),
+            'model' => ($asset->model) ? ['id' => $asset->model->id,'name'=> e($asset->model->name)] : '',
+            'model_number' => e($asset->model_number),
+            'status_label' => ($asset->assetstatus) ? ['id' => $asset->assetstatus->id,'name'=> e($asset->assetstatus->name)] : null,
             'last_checkout' => $asset->last_checkout,
-            'category' => ($asset->model->category) ? $asset->model->category : null,
-            'manufacturer' => ($asset->model->manufacturer) ? $asset->model->manufacturer : null,
+            'category' => ($asset->model->category) ? ['id' => $asset->model->category->id,'name'=> e($asset->model->category->name)]  : null,
+            'manufacturer' => ($asset->model->manufacturer) ? ['id' => $asset->model->manufacturer->id,'name'=> e($asset->model->manufacturer->name)] : null,
             'notes' => $asset->notes,
             'expected_checkin' => $asset->expected_checkin,
             'order_number' => $asset->order_number,
-            'company' => ($asset->company) ? $asset->company : null,
-            'location' => ($asset->assetLoc) ? $asset->assetLoc : null,
+            'company' => ($asset->company) ? ['id' => $asset->company->id,'name'=> e($asset->company->name)] : null,
+            'location' => ($asset->assetLoc) ? ['id' => $asset->assetLoc->id,'name'=> e($asset->assetLoc->name)]  : null,
             'image' => ($asset->getImageUrl()) ? $asset->getImageUrl() : null,
             'assigned_to' => ($asset->assigneduser) ? (new UsersTransformer)->transformUser($asset->assigneduser) : null,
-            'warranty' =>  ($asset->warranty_months > 0) ? $asset->warranty_months.' '.trans('admin/hardware/form.months') : null,
+            'warranty' =>  ($asset->warranty_months > 0) ? e($asset->warranty_months).' '.trans('admin/hardware/form.months') : null,
             'warranty_expires' => ($asset->warranty_months > 0) ?  $asset->present()->warrantee_expires() : null,
             'created_at' => $asset->created_at,
             'purchase_date' => $asset->purchase_date,