Haxatron
|
1699c09758
|
Update AssetModelsController.php
|
2021-12-09 21:42:18 +08:00 |
|
Haxatron
|
918e7c8dae
|
Fix access control - https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/
|
2021-12-09 12:57:04 +08:00 |
|
snipe
|
86afe6c4b1
|
Cleanup slack validation
Signed-off-by: snipe <snipe@snipe.net>
|
2021-12-08 18:03:56 -08:00 |
|
snipe
|
ff97b359ad
|
Removed form request on ajax, cleaned up some other things
Signed-off-by: snipe <snipe@snipe.net>
|
2021-12-08 17:58:46 -08:00 |
|
snipe
|
8fa690b635
|
Reverting form request because it doesn't seem to work (????!!)
Signed-off-by: snipe <snipe@snipe.net>
|
2021-12-08 17:54:15 -08:00 |
|
snipe
|
8c1cd87831
|
Added slacksettingsrequest as use statement
Signed-off-by: snipe <snipe@snipe.net>
|
2021-12-08 15:56:22 -08:00 |
|
snipe
|
80d36cd72b
|
Added slack settings request
Signed-off-by: snipe <snipe@snipe.net>
|
2021-12-08 15:53:05 -08:00 |
|
snipe
|
ff81e6d536
|
Merge pull request #10361 from snipe/fixes/xss_in_accessories_checkout_notes
Escape notes in transformCheckedOutAccessory
|
2021-11-24 19:56:36 -08:00 |
|
snipe
|
00fad35c2a
|
Escape notes in transformCheckedOutAccessory
Signed-off-by: snipe <snipe@snipe.net>
|
2021-11-24 19:54:45 -08:00 |
|
snipe
|
3debe78574
|
Merge pull request #10350 from inietov/fixes/trim_custom_fields_names
Apply trim() function when storing Custom Fields names
|
2021-11-24 19:42:04 -08:00 |
|
snipe
|
830d07f84f
|
Removed escaping on input save for asset checkout on creation
Signed-off-by: snipe <snipe@snipe.net>
|
2021-11-24 19:19:32 -08:00 |
|
Ivan Nieto Vivanco
|
1ca770895a
|
Apply trim() function when storing Custom Fields names
|
2021-11-22 18:43:21 -06:00 |
|
snipe
|
f7b483358f
|
Escape custom field values in API response
Signed-off-by: snipe <snipe@snipe.net>
|
2021-11-15 20:32:59 -08:00 |
|
Brady Wetherington
|
3ea209a507
|
Escape asset_tag attribute at controller level for consumption in bulk checkout
|
2021-11-08 20:27:43 -08:00 |
|
snipe
|
2f9e5f79af
|
Merge pull request #10139 from FliegenKLATSCH/patch-1
API: Do not include deleted items per default on lookup by serial
|
2021-10-28 17:09:20 -07:00 |
|
snipe
|
17bf899a17
|
Set default_label to 0 instead of null in API
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-25 20:14:01 -07:00 |
|
snipe
|
8b1c60a17a
|
Make gates a little more consistent
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-25 15:34:22 -07:00 |
|
snipe
|
033c3253bb
|
Fixed permissions array to handle missing clone button
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-25 14:10:17 -07:00 |
|
FliegenKLATSCH
|
24c484303e
|
Do not include deleted assets by default when doing lookup by serial
This commit introduces a new query parameter `deleted`, which can be set to `true` to include deleted assets in the response.
|
2021-10-09 08:56:31 +02:00 |
|
snipe
|
5d94b99035
|
Switched to 5 in one minute
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 15:53:32 -07:00 |
|
snipe
|
0674ef5a3d
|
Fixed number to 1 (for minutes)
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 15:43:32 -07:00 |
|
snipe
|
702791210e
|
Throttle password reset requests to 5 every 60 seconds
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 14:26:30 -07:00 |
|
snipe
|
1c77fd0d09
|
Merge pull request #10178 from inietov/bug/sc-17520/symfony_component_debug_exception_fatalthrowableerror
Fixed typo when setting the headers
|
2021-10-08 12:04:45 -07:00 |
|
Ivan Nieto Vivanco
|
d184da8611
|
Fixed typo (thanks @ssddanbrown)
|
2021-10-08 13:39:49 -05:00 |
|
snipe
|
ccd430ce07
|
Switched back down to debug level
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-06 12:38:21 -07:00 |
|
snipe
|
f306401e7e
|
Fixed SVG XSS vuln
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-06 12:26:45 -07:00 |
|
snipe
|
c06a93ef13
|
Removed extra brace in assets for components
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-06 10:38:13 -07:00 |
|
Ivan Nieto Vivanco
|
ef6eea67d8
|
Set headers in a different manner in the middleware
|
2021-10-05 14:09:35 -05:00 |
|
snipe
|
34eab88b7e
|
Removed debugging
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-04 20:25:31 -07:00 |
|
snipe
|
b20c841a89
|
Fixed asset models restore
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-04 19:29:13 -07:00 |
|
snipe
|
52caee2a9f
|
Handle checking and unchecking for bulk actions
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-04 17:18:26 -07:00 |
|
snipe
|
52ea172e5d
|
Fix ID array
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-04 17:18:07 -07:00 |
|
snipe
|
9b48732cd2
|
Force revalidation headers when user logs out
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-04 12:52:48 -07:00 |
|
snipe
|
daa88f06f7
|
Added pivot to components JSON
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-30 15:51:08 -07:00 |
|
Brady Wetherington
|
ae466be153
|
Fix license output, tweak CleanFloat function to handle numbers over 1 million
|
2021-09-28 19:10:25 -07:00 |
|
Brady Wetherington
|
f3338667c7
|
Create new ParseCurrency helper and use it in the appropriate controllers
|
2021-09-28 18:20:39 -07:00 |
|
Brady Wetherington
|
f380da3f19
|
Try to ensure all currency output is formatted correctly.
|
2021-09-28 16:45:47 -07:00 |
|
snipe
|
2f9582ee5c
|
Switched to loadMissing for performance
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-23 17:31:19 -07:00 |
|
snipe
|
3b7ce0091c
|
Load components in the assets API if components=true in API request
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-23 17:23:53 -07:00 |
|
snipe
|
3862b6476b
|
Merge pull request #10122 from inietov/fixes/api_issue_when_component_checkout
Fixes API Issue when checking out a component
|
2021-09-23 13:21:48 -07:00 |
|
Ivan Nieto Vivanco
|
7dfab3a6e2
|
Change the condition to 'bigger or equal' instead of just 'bigger than' in ComponentsController checkout api
|
2021-09-23 15:02:39 -05:00 |
|
snipe
|
a6b3aa5f04
|
Don't try to delete the file if there is no log entry
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-22 19:04:25 -07:00 |
|
snipe
|
b4a90045e6
|
Added totals to depreciation report footer
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-21 21:52:18 -07:00 |
|
snipe
|
0763c76a4e
|
Fixed scoping with leftjoin
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-21 20:54:24 -07:00 |
|
snipe
|
5d32c17a2e
|
Removed comments
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-21 20:01:36 -07:00 |
|
snipe
|
10ca7cffc3
|
Fixes for query scoping, ordering, and nicer readability
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-21 19:59:23 -07:00 |
|
snipe
|
61176335d7
|
Improved category_type with strtolower() to make it case insensitive
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-21 15:51:41 -07:00 |
|
snipe
|
8a93e1e796
|
Remove asset call on depreciation report controller method
We ajax this in now, so no need for it
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-15 13:49:53 -07:00 |
|
snipe
|
d96f877aa4
|
Default show_in_nav to 0
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-15 11:33:13 -07:00 |
|
snipe
|
80175cffdc
|
Fixed #9969 - added color, show_in_nav, and default_label to status labels API
Signed-off-by: snipe <snipe@snipe.net>
|
2021-09-10 20:44:49 -07:00 |
|