Commit graph

6643 commits

Author SHA1 Message Date
snipe cf5e3da3a5
Merge pull request #10406 from Haxatron/fix-access-control
security fix
2021-12-09 11:23:35 -08:00
Haxatron 1699c09758
Update AssetModelsController.php 2021-12-09 21:42:18 +08:00
Haxatron 918e7c8dae
Fix access control - https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/ 2021-12-09 12:57:04 +08:00
snipe 86afe6c4b1 Cleanup slack validation
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 18:03:56 -08:00
snipe ff97b359ad Removed form request on ajax, cleaned up some other things
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:58:46 -08:00
snipe 81b66d0039 Change validation failure to 422 to make it consistent with Laravel's default
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:54:35 -08:00
snipe 8fa690b635 Reverting form request because it doesn't seem to work (????!!)
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:54:15 -08:00
snipe 8c1cd87831 Added slacksettingsrequest as use statement
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 15:56:22 -08:00
snipe cde2bad297 Small mods to slack jquery
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 15:56:05 -08:00
snipe 80d36cd72b Added slack settings request
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 15:53:05 -08:00
snipe a579353198 Add @bestlong as a contributor 2021-11-24 20:04:26 -08:00
snipe 7360e15d4e Add @sneak-it as a contributor 2021-11-24 20:04:05 -08:00
snipe 9dc2fa61b8 Add @adamboutcher as a contributor 2021-11-24 20:03:52 -08:00
snipe 80fd49a59e Add @leitwerk-ag as a contributor 2021-11-24 20:03:40 -08:00
snipe d30fa9199c Merge branch 'master' of https://github.com/snipe/snipe-it 2021-11-24 19:58:52 -08:00
snipe 8028b39b43 Bumped version
Signed-off-by: snipe <snipe@snipe.net>
2021-11-24 19:58:43 -08:00
snipe ff81e6d536
Merge pull request #10361 from snipe/fixes/xss_in_accessories_checkout_notes
Escape notes in transformCheckedOutAccessory
2021-11-24 19:56:36 -08:00
snipe 00fad35c2a Escape notes in transformCheckedOutAccessory
Signed-off-by: snipe <snipe@snipe.net>
2021-11-24 19:54:45 -08:00
snipe 3b68a6f1be
Merge pull request #10345 from leitwerk-ag/master
Fixed #10344 and #9135: don't prepand fields with a whitespace in text based export formats
2021-11-24 19:43:21 -08:00
snipe bc91aef47d
Merge pull request #10352 from adamboutcher/install_rocky
Improved Installer: Added Rocky Linux Support
2021-11-24 19:42:37 -08:00
snipe 3debe78574
Merge pull request #10350 from inietov/fixes/trim_custom_fields_names
Apply trim() function when storing Custom Fields names
2021-11-24 19:42:04 -08:00
snipe fc1b3b31b5
Merge pull request #10358 from sneak-it/bullseye
Improved Installer: Add Debian 11 (Bullseye) install script support
2021-11-24 19:41:37 -08:00
snipe 4afd598df7
Merge pull request #10356 from bestlong/fix_modal_dialog_html_typo
fix modal-title html tag unpaired.
2021-11-24 19:39:58 -08:00
snipe d1d3f893ac
Merge pull request #10360 from snipe/fixes/escaped_characters_on_asset_create_checkout
Removed escaping on input save for asset checkout on creation
2021-11-24 19:20:54 -08:00
snipe 830d07f84f Removed escaping on input save for asset checkout on creation
Signed-off-by: snipe <snipe@snipe.net>
2021-11-24 19:19:32 -08:00
snipe 0e30b9aef7
Merge pull request #10355 from inietov/fixes/customfields_with_date_format_doesnt_display_default_value_master
Fixes Default Values - Date not applying for master branch
2021-11-24 18:22:02 -08:00
sneaK b937aedc30 Add Debian 11 (Bullseye) install script support 2021-11-24 10:24:05 -05:00
Shao Yu-Lung 55d05eeae3 fix modal-title html tag unpaired. 2021-11-24 10:28:10 +08:00
Ivan Nieto Vivanco d95d3dc282 Add the call to defaultValue() function in custom fields with date format 2021-11-23 17:21:46 -06:00
Adam ab06c26527
Rocky Linux Support
Addition to enable Rocky Linux installation.
2021-11-23 16:13:38 +00:00
Ivan Nieto Vivanco 1ca770895a Apply trim() function when storing Custom Fields names 2021-11-22 18:43:21 -06:00
Klaus J. Mueller a85fa14f9c fix #10344 and #9135 2021-11-22 17:58:26 +01:00
snipe b058d84f2c
Merge pull request #10322 from snipe/uberbrady-patch-2
Change the `[END]` directive in `.htaccess` to `[L]`
2021-11-17 18:01:52 -08:00
Brady Wetherington 5fb05d8b1c
Change the [END] directive in .htaccess to [L]
This allows backwards-compatibility with older Apache versions (which we _used_ to have), and should do the exact same thing.
2021-11-17 15:29:51 -08:00
snipe 78809c0fe7 Bumped version
Signed-off-by: snipe <snipe@snipe.net>
2021-11-16 12:02:45 -08:00
snipe 7ce5993f5a
Merge pull request #10315 from snipe/fixes/escape_custom_fields_in_api_response
Escape custom field values in API response
2021-11-15 20:33:51 -08:00
snipe f7b483358f Escape custom field values in API response
Signed-off-by: snipe <snipe@snipe.net>
2021-11-15 20:32:59 -08:00
snipe e75a5f13ec
Merge pull request #10303 from inietov/fixes/weird_field_showing_up
Added the current_value string to correspondig 'en' language directory
2021-11-15 14:29:34 -08:00
snipe cf4e13f4df
Merge pull request #10312 from andrewshulgin/patch-1
Fixed: #10311: Docker: ldap_client_tls.{key,cert} are located in /var/www/html/storage instead of /var/lib/snipeit/keys
2021-11-15 14:28:59 -08:00
snipe 8e7565cbe9
Merge pull request #10313 from snipe/snyk-fix-d1fb08ebb2899913c99652bb6e188696
[Snyk] Security upgrade bootstrap-table from 1.18.3 to 1.19.1
2021-11-15 14:28:37 -08:00
snyk-bot 4839b0e008
fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597
2021-11-13 05:19:33 +00:00
Andrew Shulgin d3ddafdff4
Dockerfile: symlink for ldap_client_tls.{cert,key} 2021-11-13 03:00:09 +02:00
Ivan Nieto Vivanco b07db3b324 Added the current_value string to correspondig 'en' language directory 2021-11-11 14:43:47 -06:00
snipe 9ed1442bd1
Merge pull request #10286 from uberbrady/fix_bulk_audit_xss
Escape asset_tag attribute at controller level for bulk checkout
2021-11-08 20:32:02 -08:00
Brady Wetherington 3ea209a507 Escape asset_tag attribute at controller level for consumption in bulk checkout 2021-11-08 20:27:43 -08:00
snipe edf98cb795
Merge pull request #10279 from snipe/fixes/turn_get_into_post_for_custom_field_required
Turn custom fields required/optional/remove into POST requests
2021-11-08 14:37:36 -08:00
snipe 16d18bc7eb
Merge pull request #10283 from snipe/fixes/remove_get_logout_route 2021-11-08 12:55:19 -08:00
snipe 38c36af6fc Changes logout to POST
Signed-off-by: snipe <snipe@snipe.net>
2021-11-08 12:53:11 -08:00
snipe b5855e7be5 Removed get route for logout
Signed-off-by: snipe <snipe@snipe.net>
2021-11-08 12:35:15 -08:00
snipe 0d811d067c Turn cusotm fields required/optional/remove into POST requests
Signed-off-by: snipe <snipe@snipe.net>
2021-11-05 10:53:48 -07:00