Merge pull request #422 from ControlPanel-gg/development

Fixed JS Exploit
2022-04-20 12:31:46 +02:00 · 2022-04-20 12:31:46 +02:00 · 0e426dca62
commit 0e426dca62
parent 0eb63c8541 39af09b521
5 changed files with 5 additions and 5 deletions
--- a/app/Http/Controllers/Admin/ServerController.php
+++ b/app/Http/Controllers/Admin/ServerController.php
@ -163,7 +163,7 @@ class ServerController extends Controller
                return $server->suspended ? $server->suspended->diffForHumans() : '';
            })
            ->editColumn('name', function (Server $server) {
-                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . $server->name . '</a>';
+                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . strip_tags($server->name) . '</a>';
            })
            ->rawColumns(['user', 'actions', 'status', 'name'])
            ->make();
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -302,7 +302,7 @@ class UserController extends Controller
                return '<span class="badge ' . $badgeColor . '">' . $user->role . '</span>';
            })
            ->editColumn('name', function (User $user) {
-                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . $user->name . '</a>';
+                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . strip_tags($user->name) . '</a>';
            })
            ->orderColumn('last_seen', function ($query, $order) {
                $query->orderBy('last_seen', $order);
--- a/config/app.php
+++ b/config/app.php
@ -4,7 +4,7 @@ use App\Models\Settings;

 return [

-    'version' => '0.7.3',
+    'version' => '0.7.4',

    /*
    |--------------------------------------------------------------------------
--- a/resources/views/admin/products/create.blade.php
+++ b/resources/views/admin/products/create.blade.php
@ -63,7 +63,7 @@
                                        </div>

                                        <div class="form-group">
-                                            <label for="price">{{__('Price in')}}{{CREDITS_DISPLAY_NAME}}</label>
+                                            <label for="price">{{__('Price in')}} {{CREDITS_DISPLAY_NAME}}</label>
                                            <input value="{{$product->price ??  old('price')}}" id="price" name="price"
                                                   type="number"
                                                   class="form-control @error('price') is-invalid @enderror"
--- a/resources/views/admin/users/index.blade.php
+++ b/resources/views/admin/users/index.blade.php
@ -79,7 +79,7 @@
                serverSide: true,
                stateSave: true,
                ajax: "{{route('admin.users.datatable')}}",
-                order: [[ 11, "desc" ]],
+                order: [[ 10, "desc" ]],
                columns: [
                    {data: 'discordId', visible: false, name: 'discordUser.id'},
                    {data: 'pterodactyl_id', visible: false},