Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-21 08:40:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

XSS fixes

Browse Source
This commit is contained in:
Hillel Coren 2019-04-17 18:29:09 +03:00
parent c666a867ab
commit a5ae3aa6bc
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Libraries/Utils.php
View File

@ -1258,6 +1258,7 @@ class Utils
return ''; return '';
} }
$link = e($link);
$title = $link; $title = $link;
if (substr($link, 0, 4) != 'http') { if (substr($link, 0, 4) != 'http') {
$link = 'http://' . $link; $link = 'http://' . $link;

2
app/Ninja/Datatables/ActivityDatatable.php
View File

@ -45,7 +45,7 @@ class ActivityDatatable extends EntityDatatable
'invoice' => $model->invoice ? link_to('/invoices/' . $model->invoice_public_id, $model->is_recurring ? trans('texts.recurring_invoice') : $model->invoice)->toHtml() : null, 'invoice' => $model->invoice ? link_to('/invoices/' . $model->invoice_public_id, $model->is_recurring ? trans('texts.recurring_invoice') : $model->invoice)->toHtml() : null,
'quote' => $model->invoice ? link_to('/quotes/' . $model->invoice_public_id, $model->invoice)->toHtml() : null, 'quote' => $model->invoice ? link_to('/quotes/' . $model->invoice_public_id, $model->invoice)->toHtml() : null,
'contact' => $model->contact_id ? link_to('/clients/' . $model->client_public_id, Utils::getClientDisplayName($model))->toHtml() : Utils::getPersonDisplayName($model->user_first_name, $model->user_last_name, $model->user_email), 'contact' => $model->contact_id ? link_to('/clients/' . $model->client_public_id, Utils::getClientDisplayName($model))->toHtml() : Utils::getPersonDisplayName($model->user_first_name, $model->user_last_name, $model->user_email),
'payment' => $model->payment ?: '', 'payment' => $model->payment ? e($model->payment) : '',
'credit' => $model->payment_amount ? Utils::formatMoney($model->credit, $model->currency_id, $model->country_id) : '', 'credit' => $model->payment_amount ? Utils::formatMoney($model->credit, $model->currency_id, $model->country_id) : '',
'payment_amount' => $model->payment_amount ? Utils::formatMoney($model->payment_amount, $model->currency_id, $model->country_id) : null, 'payment_amount' => $model->payment_amount ? Utils::formatMoney($model->payment_amount, $model->currency_id, $model->country_id) : null,
'adjustment' => $model->adjustment ? Utils::formatMoney($model->adjustment, $model->currency_id, $model->country_id) : null, 'adjustment' => $model->adjustment ? Utils::formatMoney($model->adjustment, $model->currency_id, $model->country_id) : null,

5
app/Ninja/Presenters/ClientPresenter.php
View File

@ -32,9 +32,10 @@ class ClientPresenter extends EntityPresenter
return ''; return '';
} }
$link = Utils::addHttp($client->website); $website = e($client->website);
$link = Utils::addHttp($website);
return link_to($link, $client->website, ['target' => '_blank']); return link_to($link, $website, ['target' => '_blank']);
} }
public function paid_to_date() public function paid_to_date()