Skip to content
Permalink
Browse files
Merge pull request #10361 from snipe/fixes/xss_in_accessories_checkou…
…t_notes

Escape notes in transformCheckedOutAccessory
  • Loading branch information
snipe committed Nov 25, 2021
2 parents 3b68a6f + 00fad35 commit ff81e6d5366c2cfb15618793ad919ae4cbb3ac57
Showing with 1 addition and 1 deletion.
  1. +1 −1 app/Http/Transformers/AccessoriesTransformer.php
@@ -82,7 +82,7 @@ public function transformCheckedoutAccessory ($accessory, $accessory_users, $tot
'first_name'=> e($user->first_name),
'last_name'=> e($user->last_name),
'employee_number' => e($user->employee_num),
'checkout_notes' => $user->pivot->note,
'checkout_notes' => e($user->pivot->note),
'last_checkout' => Helper::getFormattedDateObject($user->pivot->created_at, 'datetime'),
'type' => 'user',
'available_actions' => ['checkin' => true]

0 comments on commit ff81e6d

Please sign in to comment.