mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Fix vulnerability https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d/
This commit is contained in:
parent
83518d7f96
commit
14cdce113e
9
public/v1/js/ff/budgets/index.js
vendored
9
public/v1/js/ff/budgets/index.js
vendored
@ -133,7 +133,7 @@ function updateTotalBudgetedAmount(currencyId) {
|
||||
});
|
||||
|
||||
// get new amount:
|
||||
$.get(totalBudgetedUri.replace('REPLACEME',currencyId)).done(function (data) {
|
||||
$.get(totalBudgetedUri.replace('REPLACEME', currencyId)).done(function (data) {
|
||||
// set thing:
|
||||
$('span.budgeted_amount[data-currency="' + currencyId + '"]')
|
||||
.html(data.budgeted_formatted)
|
||||
@ -207,9 +207,14 @@ function createBudgetLimit(e) {
|
||||
}
|
||||
|
||||
function deleteBudgetLimit(e) {
|
||||
e.preventDefault();
|
||||
var button = $(e.currentTarget);
|
||||
var budgetLimitId = button.data('budget-limit-id');
|
||||
var url = deleteBudgetLimitUrl.replace('REPLACEME', budgetId.toString();
|
||||
var url = deleteBudgetLimitUrl.replace('REPLACEME', budgetLimitId.toString());
|
||||
$.post(url, {_token: token}).then(function () {
|
||||
$('.bl_entry[data-budget-limit-id="' + budgetLimitId + '"]').remove();
|
||||
|
||||
});
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -285,7 +285,7 @@
|
||||
{{ trans('firefly.budget_limit_not_in_range', {start: budgetLimit.start_date, end: budgetLimit.end_date}) }}
|
||||
</small><br>
|
||||
{% endif %}
|
||||
<div class="input-group">
|
||||
<div class="input-group bl_entry" data-budget-limit-id="{{ budgetLimit.id }}">
|
||||
<div class="input-group-addon">{{ budgetLimit.currency_symbol }}</div>
|
||||
<input class="form-control budget_amount" data-original="{{ budgetLimit.amount }}"
|
||||
data-id="{{ budget.id }}" data-limit="{{ budgetLimit.id }}" value="{{ budgetLimit.amount }}"
|
||||
@ -295,7 +295,9 @@
|
||||
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true"
|
||||
aria-expanded="false"><span class="caret"></span></button>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="{{ route('budget-limits.delete', [budgetLimit.id]) }}">{{ trans('firefly.remove_budgeted_amount', {currency: budgetLimit.currency_name }) }}</a></li>
|
||||
<li>
|
||||
<a class="delete_bl" href="#" data-budget-limit-id="{{ budgetLimit.id }}">{{ trans('firefly.remove_budgeted_amount', {currency: budgetLimit.currency_name }) }}</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
@ -468,6 +470,7 @@
|
||||
var createBudgetLimitUri = "{{ route('budget-limits.create', ['REPLACEME', start.format('Y-m-d'), end.format('Y-m-d')]) }}";
|
||||
var storeBudgetLimitUri = "{{ route('budget-limits.store') }}";
|
||||
var updateBudgetLimitUri = "{{ route('budget-limits.update', ['REPLACEME']) }}";
|
||||
var deleteBudgetLimitUrl = "{{ route('budget-limits.delete', ['REPLACEME']) }}";
|
||||
var totalBudgetedUri = "{{ route('json.budget.total-budgeted', ['REPLACEME', start.format('Y-m-d'), end.format('Y-m-d')]) }}";
|
||||
|
||||
// period thing:
|
||||
|
@ -282,7 +282,7 @@ Route::group(
|
||||
Route::get('create/{budget}/{start_date}/{end_date}', ['uses' => 'Budget\BudgetLimitController@create', 'as' => 'create']);
|
||||
Route::post('store', ['uses' => 'Budget\BudgetLimitController@store', 'as' => 'store']);
|
||||
|
||||
Route::get('delete/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@delete', 'as' => 'delete']);
|
||||
Route::post('delete/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@delete', 'as' => 'delete']);
|
||||
|
||||
Route::post('update/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@update', 'as' => 'update']);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user