Bug no. 32 - XSS zranitelnost viz Wiki

czechitas · Mar 4, 2024 · 543bfd6 · 543bfd6
1 parent 2665d0a
commit 543bfd6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/resources/assets/js/partials/app.js b/resources/assets/js/partials/app.js
@@ -226,18 +226,18 @@ export default {
         }
       }
 
-      if (this.dtConfig.columns) {
-        var targets = [];
-        for (var i = 0; i < this.dtConfig.columns.length; i++) {
-          targets.push(i)
-        }
-
-        if (this.dtConfig.columnDefs) {
-          this.dtConfig.columnDefs.push({targets:targets, render: this.preventXSSRenderer});
-        }else{
-          this.dtConfig.columnDefs = [{targets:targets, render: this.preventXSSRenderer}];
-        }
-      }
+      // if (this.dtConfig.columns) {
+      //   var targets = [];
+      //   for (var i = 0; i < this.dtConfig.columns.length; i++) {
+      //     targets.push(i)
+      //   }
+
+      //   if (this.dtConfig.columnDefs) {
+      //     this.dtConfig.columnDefs.push({targets:targets, render: this.preventXSSRenderer});
+      //   }else{
+      //     this.dtConfig.columnDefs = [{targets:targets, render: this.preventXSSRenderer}];
+      //   }
+      // }
 
       // Init DataTable
       this.instance = $tableEl.DataTable(

diff --git a/resources/views/admin/users/delete.blade.php b/resources/views/admin/users/delete.blade.php
@@ -17,7 +17,7 @@
                         </p>
 
                         @component('components.modal_yes_no_form', [ 'id' => 'deleteUser', 'route' => route('admin.users.destroy', $user)] )
-                            @lang('users.delete_modal', ['name' => e($user->name)])
+                            @lang('users.delete_modal', ['name' => $user->name])
                         @endcomponent
                     @else
                         <h4>@lang('users.delete.cannot')</h4>

diff --git a/resources/views/admin/users/show.blade.php b/resources/views/admin/users/show.blade.php
@@ -26,7 +26,7 @@
                         @endcan
                         @can('delete', $user)
                             @component('components.modal_yes_no_form', [ 'id' => 'deleteUser', 'route' => route('admin.users.destroy', $user)] )
-                                @lang('users.delete_modal', ['name' => str_replace(" ", "&nbsp;", e($user->name))])
+                                @lang('users.delete_modal', ['name' => str_replace(" ", "&nbsp;", $user->name)])
                             @endcomponent
                             <a href="#deleteUser" data-toggle="modal" class="btn btn-sm btn-danger">
                                 <i class="fa fa-fw fa-trash"></i>