snipe-it/app/Http/Controllers
snipe e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639)
* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
2019-12-05 22:23:05 -08:00
..
Api Update child assets to reflect asset parent location (#7458) 2019-12-04 16:19:25 -08:00
Auth Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
AccessoriesController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
ActionlogController.php Discussion: Moving to policies for controller based authorization (#3080) 2016-12-19 11:04:28 -08:00
AssetCheckinController.php Fixed #7100 - Check if $user isset on checkin 2019-05-30 19:06:30 -07:00
AssetCheckoutController.php Removed old comments 2019-05-30 19:02:20 -07:00
AssetFilesController.php Only build the log upload destination path if there is a matching record 2019-05-24 15:28:53 -07:00
AssetMaintenancesController.php Return an error if asset maintenance is associated with a non-existant asset 2019-01-16 02:19:57 -08:00
AssetModelsController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
AssetsController.php Update child assets to reflect asset parent location (#7458) 2019-12-04 16:19:25 -08:00
BulkAssetsController.php Changed has to filled to fix bulk asset editing 2019-05-31 14:11:43 -07:00
CategoriesController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
CheckInOutRequest.php Assetcontroller cleanup (#5858) 2018-07-16 17:44:03 -07:00
CompaniesController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
ComponentsController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
ConsumablesController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
Controller.php Updated docblocks 2016-04-07 13:21:09 -07:00
CustomFieldsController.php Partial fix for #5896 2018-07-19 10:40:07 -07:00
CustomFieldsetsController.php Small fix for reordering fields 2019-05-24 12:05:52 -07:00
DashboardController.php Call migrate before passport install 2017-10-11 12:42:31 -07:00
DepartmentsController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
DepreciationsController.php Fixed #6491 - cleaner return methods for PHP 7.3 compact() 2018-12-12 18:23:39 -08:00
GroupsController.php Fixed incorrect group route 2019-01-24 15:17:11 -08:00
ImportsController.php Fixes/import permissions mask (#6826) 2019-03-18 11:58:08 -07:00
LicensesController.php Only display the file if the log record can be found 2019-05-24 16:06:52 -07:00
LocationsController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
ManufacturersController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
ModalController.php Remove old helpers (#5843) 2018-07-16 14:22:25 -07:00
ProfileController.php Allow phone number to be changed in Profile 2019-04-18 14:13:50 -04:00
ReportsController.php Smaller chunking for custom report, add max_execution_time 2019-08-15 06:14:25 -07:00
SettingsController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
StatuslabelsController.php Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
SuppliersController.php Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 2019-12-05 22:23:05 -08:00
UsersController.php Fixed countable() strings on user destroy 2019-07-17 17:51:13 -07:00
ViewAssetsController.php Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00