DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-10 15:44:11 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
snipe-it/app/Http/Controllers/Api
History
Brady Wetherington 9a224a07ba
Modified how we do Select2 dynamic drop-down menus to be more secure (#9079) 
* Modified how we do Select2 dynamic drop-down menus to be more secure

As noted by the author of select2, the more-secure way of creating
rich Select-dropdowns is to use jquery to create HTML snippets and
carefully modify text attributes within there. This prevents any
XSS from being brought to the page. As a side-effect, the extra
escaping that we had to do in all of the internal selectlist calls
is now no longer necessary, and has been removed. Rebased and
squashed from the original.

* Rebuilt all assets, but this still feels like it's too much stuff in here.

* Whoops, need to run that in dev, not prod
2021-02-02 15:55:21 -08:00
..
AccessoriesController.php Started migration to normalize note 2020-10-22 23:18:14 -07:00
AssetMaintenancesController.php Merge branch 'develop' into integrations/2020-04-15-v5-merge 2020-04-20 23:20:34 -07:00
AssetModelsController.php Modified how we do Select2 dynamic drop-down menus to be more secure (#9079) 2021-02-02 15:55:21 -08:00
AssetsController.php Depreciation detail view fixes [ch15776] (#9059) 2021-01-27 17:44:05 -08:00
CategoriesController.php Clean up Transformers and extract an isDeletable() method to models where it makes sense. 2020-05-23 15:24:10 -04:00
CompaniesController.php Clean up Transformers and extract an isDeletable() method to models where it makes sense. 2020-05-23 15:24:10 -04:00
ComponentsController.php Merge branch 'develop' into integrations/2020-04-15-v5-merge 2020-04-20 23:20:34 -07:00
ConsumablesController.php Fixed [ch15085] - duplicate use statements in Consumables controller 2020-09-03 19:47:15 -07:00
CustomFieldsController.php Fixed #7250 - permission issue for API fieldsets and fields endpoints 2019-07-24 11:00:42 -07:00
CustomFieldsetsController.php Fixed #7250 - permission issue for API fieldsets and fields endpoints 2019-07-24 11:00:42 -07:00
DepartmentsController.php Removed duplicate update method (per #7997) 2020-04-30 17:23:56 -07:00
DepreciationsController.php Depreciation detail view fixes [ch15776] (#9059) 2021-01-27 17:44:05 -08:00
GroupsController.php Merge branch 'develop' into integrations/2020-04-15-v5-merge 2020-04-20 23:20:34 -07:00
ImportController.php Apply PR #8043 to develop 2020-05-11 22:57:55 -07:00
LicensesController.php Depreciation detail view fixes [ch15776] (#9059) 2021-01-27 17:44:05 -08:00
LocationsController.php Added search/sort by Location OU, added to listing 2020-11-17 22:17:07 -08:00
ManufacturersController.php Clean up Transformers and extract an isDeletable() method to models where it makes sense. 2020-05-23 15:24:10 -04:00
PredefinedKitsController.php Minor code cleanup bits and bobs (#6805) 2019-03-13 20:12:03 -07:00
ProfileController.php Minor code cleanup bits and bobs (#6805) 2019-03-13 20:12:03 -07:00
ReportsController.php Fixed signature issue on accepted assets - related to #8577 2020-10-22 23:20:55 -07:00
SettingsController.php Forward-port of the old LDAP sync system (#8801) 2020-11-30 17:11:44 -08:00
StatuslabelsController.php Fixed #8749 - added more default colors to prevent missing index in pie chart math 2020-11-18 07:06:14 -08:00
SuppliersController.php Merge branch 'develop' into integrations/2020-04-15-v5-merge 2020-04-20 23:20:34 -07:00
UsersController.php Modified how we do Select2 dynamic drop-down menus to be more secure (#9079) 2021-02-02 15:55:21 -08:00