Commit graph

12984 commits

Author SHA1 Message Date
snipe eb6e2636b5
Merge pull request #14246 from ubc-cpsc/bugfix/CVE-2022-24894
Fixes CVE-2022-24894 by upgrading symfony/http-kernel
2024-02-13 13:40:33 +00:00
snipe 4c1964d509
Merge pull request #14245 from ubc-cpsc/bugfix/CVE-2024-24821
Fixes CVE-2024-24821 by upgrading composer/composer
2024-02-13 13:39:16 +00:00
snipe 7547277352
Merge pull request #14236 from snipe/jerm/upgrade-script-enhancements
Change how we check forward-looking upgrade requirements
2024-02-13 13:38:35 +00:00
snipe 3e00bc49fd
Merge pull request #14250 from mauro-miatello/develop
Cleaned up navbar-custom-menu
2024-02-13 13:33:03 +00:00
snipe 99e0b65de7
Merge pull request #14256 from marcusmoore/bug/sc-24790
Fixed accessory check in emails being sent when setting disabled
2024-02-13 13:32:42 +00:00
Brady Wetherington 70ef904951 Actually got this pretty close to being able to do a restore 2024-02-13 12:16:15 +00:00
Brady Wetherington fcf023e3d2 WIP: trying to get prefixing and sanitization working 2024-02-13 12:16:15 +00:00
Brady Wetherington 8c882ddead Starting to abstract out the SQL Streaming logic into its own class 2024-02-13 12:16:15 +00:00
Brady Wetherington 7d136f9970 Initial rough stabs at prefix removal and SQL sanitization 2024-02-13 12:16:15 +00:00
Jeremy Price f4c1460c2b remove help text options until i put together the help text 2024-02-12 19:18:26 -08:00
Jeremy Price bb2e1de0a8 Change how we check forward-looking upgrade requirements
In https://github.com/snipe/snipe-it/pull/14128 we added the capability
for the upgrade.php script to check version requirements _before_
downloading the new source, to help keep from breaking installations.

Turns out, `file_get_contents()` isn't a reliable way to grab a url, because
some systems have `allow_url_fopen` turned off in their PHP
configurations.

In this iteration, we swap that out for a curl function, while also
adding more error handling, the ability to entirely skip the
PHP version checks if for some reason you Just Can't query the upgrade
json correctly, as well as adding a lot of helpful text around the whole
issue.

Additionally, I've added some error checking around DB backups and
initial artisan down-ing, since shell_exec would happily march right
past any errors.
2024-02-12 19:18:26 -08:00
Marcus Moore c81bc1d2ee
Scaffold tests around asset check in 2024-02-12 17:54:22 -08:00
Marcus Moore 7154d23759
Pass the correct variable to the route helper 2024-02-12 16:45:18 -08:00
Marcus Moore df23fd0dee
Remove usused import 2024-02-12 16:35:54 -08:00
Marcus Moore adfb8895df
Improve factory state name 2024-02-12 16:31:32 -08:00
Marcus Moore c8e12ddb5c
Remove bug in factory state 2024-02-12 16:30:09 -08:00
Marcus Moore 5b181ecea7
Remove old comment 2024-02-12 16:29:34 -08:00
Marcus Moore 728aaaab20
Ensure accessory check in emails are not sent when the setting is disabled 2024-02-12 16:22:59 -08:00
Marcus Moore 095a7d9b34
Scaffold tests around accessory check in 2024-02-12 12:54:48 -08:00
Marcus Moore cf53f2778f
Add LDAP test cases to group 2024-02-12 12:28:27 -08:00
snipe 65e20282b6
Merge pull request #14251 from snipe/dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.0
Bump codacy/codacy-analysis-cli-action from 4.3.0 to 4.4.0
2024-02-12 08:35:30 +00:00
dependabot[bot] 405c5b5ad0
Bump codacy/codacy-analysis-cli-action from 4.3.0 to 4.4.0
Bumps [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases)
- [Commits](https://github.com/codacy/codacy-analysis-cli-action/compare/v4.3.0...v4.4.0)

---
updated-dependencies:
- dependency-name: codacy/codacy-analysis-cli-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-12 08:33:17 +00:00
MrM 6f0fe16b87
Update default.blade.php
removed some repeated attributes
2024-02-11 18:45:37 +01:00
snipe 111daffc17
Merge pull request #14188 from spencerrlongg/bug/14146
Fixes Default Location Being Set During Asset Creation and Checkout
2024-02-10 11:47:46 +00:00
Joël Pittet b8a478f558 Fixes by CVE-2023-37260 upgrading league/oauth2-server 2024-02-09 17:24:07 -08:00
Joël Pittet 9f7084d077 Revert "Fixes by CVE-2022-24894 upgrading league/oauth2-server"
This reverts commit 0840cd3df3.
2024-02-09 17:22:36 -08:00
Joël Pittet 0840cd3df3 Fixes by CVE-2022-24894 upgrading league/oauth2-server 2024-02-09 17:21:24 -08:00
Joël Pittet cefdaf9a9b Fixes CVE-2022-24894 2024-02-09 17:17:44 -08:00
Joël Pittet 13335b19e9 Fixes CVE-2024-24821 2024-02-09 17:04:34 -08:00
snipe 6e471a27e7 Merge remote-tracking branch 'origin/develop' 2024-02-09 21:10:27 +00:00
snipe 513ea67e7d
Merge pull request #14244 from snipe/fixes/null_barcode_if_hard_deleted
Return null if asset was hard-deleted/purged
2024-02-09 21:09:17 +00:00
snipe 3868e711f4 Return null if asset was hard-deleted/purged
Signed-off-by: snipe <snipe@snipe.net>
2024-02-09 21:08:07 +00:00
snipe f33f712de7 Merge remote-tracking branch 'origin/develop' 2024-02-09 21:00:16 +00:00
snipe c12e1f6d6c
Merge pull request #14243 from snipe/fixes/reports_controller_when_item_is_deleted
Fixed ReportsController to not try to return a serial if the item doesn’t exist
2024-02-09 20:54:37 +00:00
snipe 479abd5231 Do not try to return a serial if the item doesn’t exist
Signed-off-by: snipe <snipe@snipe.net>
2024-02-09 20:53:33 +00:00
snipe a60a24a4a8 Merge remote-tracking branch 'origin/develop' 2024-02-09 20:42:48 +00:00
snipe 55b3050ca8 Re-applied previous withTrashed PR
Signed-off-by: snipe <snipe@snipe.net>
2024-02-09 20:37:18 +00:00
snipe 2c996a8508
Merge pull request #14241 from snipe/revert-14240-feature/sc-24786
Revert "Fixed barcodes crashing if asset was deleted"
2024-02-09 20:36:02 +00:00
snipe 84f8eee869
Revert "Fixed barcodes crashing if asset was deleted" 2024-02-09 20:35:45 +00:00
snipe 590c19dbd7
Merge pull request #14240 from snipe/feature/sc-24786
Feature/sc 24786
2024-02-09 20:28:31 +00:00
snipe fa47707974 Use withTrashed() to get the barcode on deleted assets
Signed-off-by: snipe <snipe@snipe.net>
2024-02-09 20:26:49 +00:00
snipe ca62481083 Added button and route
Signed-off-by: snipe <snipe@snipe.net>
2024-02-09 20:23:13 +00:00
snipe 1c3306046c Merge remote-tracking branch 'origin/develop'
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
2024-02-08 23:14:54 +00:00
snipe f4fc845375 Updated dev assets
Signed-off-by: snipe <snipe@snipe.net>
2024-02-08 23:06:47 +00:00
snipe a7af987322
Merge pull request #14229 from Godmartinz/select2-target-fix
Fixed select inputs un-select2-ifying on mobile
2024-02-08 23:04:55 +00:00
Godfrey M c4eaae923a removed vue comments since they do not apply anymore 2024-02-08 15:02:47 -08:00
snipe 849ba02516
Merge pull request #14187 from Godmartinz/general-hook_fix
Fixed the general webhook not notifying anymore
2024-02-08 23:01:36 +00:00
Godfrey Martinez 9dcd14a712
Merge branch 'develop' into general-hook_fix 2024-02-08 14:59:25 -08:00
snipe 3412b4dc5a Merge remote-tracking branch 'origin/develop' 2024-02-08 14:58:24 +00:00
snipe a3b96aff1f
Merge pull request #14233 from uberbrady/prevent_svg_injection_with_fake_extensions_rebased
Fixes file upload XSS vulnerability [sc-24156]
2024-02-08 14:56:59 +00:00