From 7305f3cd4726bad3b66f049d99b7b786ba672c87 Mon Sep 17 00:00:00 2001
From: AnonDev <85408287+anondev-sudo@users.noreply.github.com>
Date: Tue, 22 Feb 2022 13:46:07 +0100
Subject: [PATCH 1/4] Update index.blade.php

---
 resources/views/admin/users/index.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/admin/users/index.blade.php b/resources/views/admin/users/index.blade.php
index ae90ff3e..110ed3c9 100644
--- a/resources/views/admin/users/index.blade.php
+++ b/resources/views/admin/users/index.blade.php
@@ -79,7 +79,7 @@
                 serverSide: true,
                 stateSave: true,
                 ajax: "{{route('admin.users.datatable')}}",
-                order: [[ 11, "desc" ]],
+                order: [[ 10, "desc" ]],
                 columns: [
                     {data: 'discordId', visible: false, name: 'discordUser.id'},
                     {data: 'pterodactyl_id', visible: false},

From 0c462d0c7ca65b3ff154385578a1526c520a22e4 Mon Sep 17 00:00:00 2001
From: GeckoBoy84 <67899387+GeckoBoy84@users.noreply.github.com>
Date: Sun, 27 Feb 2022 14:47:39 +0000
Subject: [PATCH 2/4] Update create.blade.php

---
 resources/views/admin/products/create.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/admin/products/create.blade.php b/resources/views/admin/products/create.blade.php
index c809a2ef..a4fb0dc1 100644
--- a/resources/views/admin/products/create.blade.php
+++ b/resources/views/admin/products/create.blade.php
@@ -63,7 +63,7 @@
                                         </div>
 
                                         <div class="form-group">
-                                            <label for="price">{{__('Price in')}}{{CREDITS_DISPLAY_NAME}}</label>
+                                            <label for="price">{{__('Price in')}} {{CREDITS_DISPLAY_NAME}}</label>
                                             <input value="{{$product->price ??  old('price')}}" id="price" name="price"
                                                    type="number"
                                                    class="form-control @error('price') is-invalid @enderror"

From 4d3b88e59b81a45e0c0a6b1c94551ef47297510a Mon Sep 17 00:00:00 2001
From: 1day2die <ownerdennis8@gmail.com>
Date: Wed, 20 Apr 2022 12:12:48 +0200
Subject: [PATCH 3/4] Fixed Javascript exploit

---
 app/Http/Controllers/Admin/ServerController.php | 2 +-
 app/Http/Controllers/Admin/UserController.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Admin/ServerController.php b/app/Http/Controllers/Admin/ServerController.php
index 4a82c1e6..6a3a239c 100644
--- a/app/Http/Controllers/Admin/ServerController.php
+++ b/app/Http/Controllers/Admin/ServerController.php
@@ -163,7 +163,7 @@ class ServerController extends Controller
                 return $server->suspended ? $server->suspended->diffForHumans() : '';
             })
             ->editColumn('name', function (Server $server) {
-                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . $server->name . '</a>';
+                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . strip_tags($server->name) . '</a>';
             })
             ->rawColumns(['user', 'actions', 'status', 'name'])
             ->make();
diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
index 54536f0b..d55ba7a2 100644
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@@ -302,7 +302,7 @@ class UserController extends Controller
                 return '<span class="badge ' . $badgeColor . '">' . $user->role . '</span>';
             })
             ->editColumn('name', function (User $user) {
-                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . $user->name . '</a>';
+                return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . strip_tags($user->name) . '</a>';
             })
             ->orderColumn('last_seen', function ($query, $order) {
                 $query->orderBy('last_seen', $order);

From 39af09b521e3a3ba6954dec53613182bbca09bdb Mon Sep 17 00:00:00 2001
From: 1day2die <ownerdennis8@gmail.com>
Date: Wed, 20 Apr 2022 12:15:49 +0200
Subject: [PATCH 4/4] Update app.php

---
 config/app.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/app.php b/config/app.php
index 7da98065..4f4fc7a4 100644
--- a/config/app.php
+++ b/config/app.php
@@ -4,7 +4,7 @@ use App\Models\Settings;
 
 return [
 
-    'version' => '0.7.3',
+    'version' => '0.7.4',
 
     /*
     |--------------------------------------------------------------------------