Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #7043 from firefly-iii/fix-bad-escape
Catch escape in currencies
  • Loading branch information
JC5 committed Feb 17, 2023
2 parents e4fa385 + 0667ccf commit 6b05c0f
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
7 changes: 6 additions & 1 deletion app/Factory/TransactionCurrencyFactory.php
Expand Up @@ -41,6 +41,11 @@ class TransactionCurrencyFactory
*/
public function create(array $data): TransactionCurrency
{
$data['code'] = e($data['code']);
$data['symbol'] = e($data['symbol']);
$data['name'] = e($data['name']);
$data['decimal_places'] = (int)$data['decimal_places'];
$data['enabled'] = (bool)$data['enabled'];
// if the code already exists (deleted)
// force delete it and then create the transaction:
$count = TransactionCurrency::withTrashed()->whereCode($data['code'])->count();
Expand Down Expand Up @@ -78,7 +83,7 @@ public function create(array $data): TransactionCurrency
*/
public function find(?int $currencyId, ?string $currencyCode): ?TransactionCurrency
{
$currencyCode = (string)$currencyCode;
$currencyCode = (string)e($currencyCode);
$currencyId = (int)$currencyId;

if ('' === $currencyCode && 0 === $currencyId) {
Expand Down
10 changes: 5 additions & 5 deletions app/Services/Internal/Update/CurrencyUpdateService.php
Expand Up @@ -41,23 +41,23 @@ class CurrencyUpdateService
public function update(TransactionCurrency $currency, array $data): TransactionCurrency
{
if (array_key_exists('code', $data) && '' !== (string)$data['code']) {
$currency->code = $data['code'];
$currency->code = e($data['code']);
}

if (array_key_exists('symbol', $data) && '' !== (string)$data['symbol']) {
$currency->symbol = $data['symbol'];
$currency->symbol = e($data['symbol']);
}

if (array_key_exists('name', $data) && '' !== (string)$data['name']) {
$currency->name = $data['name'];
$currency->name = e($data['name']);
}

if (array_key_exists('enabled', $data) && is_bool($data['enabled'])) {
$currency->enabled = $data['enabled'];
$currency->enabled = (bool) $data['enabled'];
}

if (array_key_exists('decimal_places', $data) && is_int($data['decimal_places'])) {
$currency->decimal_places = $data['decimal_places'];
$currency->decimal_places = (int) $data['decimal_places'];
}

$currency->save();
Expand Down

0 comments on commit 6b05c0f

Please sign in to comment.