Merge pull request #10971 from snipe/fixes/potential_xss_in_depreciation

Escape checkout target name
snipe · Apr 24, 2022 · 0abc108 · 0abc108
2 parents ef7f21e + f623d05
commit 0abc108
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/Http/Transformers/DepreciationReportTransformer.php b/app/Http/Transformers/DepreciationReportTransformer.php
@@ -98,7 +98,7 @@ public function transformAsset(Asset $asset)
             'purchase_cost' => Helper::formatCurrencyOutput($asset->purchase_cost),
             'book_value' => Helper::formatCurrencyOutput($depreciated_value),
             'monthly_depreciation' => $monthly_depreciation,
-            'checked_out_to' => $checkout_target,
+            'checked_out_to' => ($checkout_target) ? e($checkout_target) : null,
             'diff' =>  Helper::formatCurrencyOutput($diff),
             'number_of_months' =>  ($asset->model && $asset->model->depreciation) ? e($asset->model->depreciation->months) : null,
             'depreciation' => (($asset->model) && ($asset->model->depreciation)) ?  e($asset->model->depreciation->name) : null,