IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix vulnerability https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d/

Browse Source
This commit is contained in:
James Cole 2021-08-20 09:38:52 +02:00
parent 83518d7f96
commit 14cdce113e
No known key found for this signature in database
GPG Key ID: BDE6667570EADBD5
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
public/v1/js/ff/budgets/index.js vendored
View File

@ -133,7 +133,7 @@ function updateTotalBudgetedAmount(currencyId) {
});
// get new amount:
$.get(totalBudgetedUri.replace('REPLACEME',currencyId)).done(function (data) {
$.get(totalBudgetedUri.replace('REPLACEME', currencyId)).done(function (data) {
// set thing:
$('span.budgeted_amount[data-currency="' + currencyId + '"]')
.html(data.budgeted_formatted)
@ -207,9 +207,14 @@ function createBudgetLimit(e) {
}
function deleteBudgetLimit(e) {
e.preventDefault();
var button = $(e.currentTarget);
var budgetLimitId = button.data('budget-limit-id');
var url = deleteBudgetLimitUrl.replace('REPLACEME', budgetId.toString();
var url = deleteBudgetLimitUrl.replace('REPLACEME', budgetLimitId.toString());
$.post(url, {_token: token}).then(function () {
$('.bl_entry[data-budget-limit-id="' + budgetLimitId + '"]').remove();
});
return false;
}

7
resources/views/v1/budgets/index.twig
View File

@ -285,7 +285,7 @@
{{ trans('firefly.budget_limit_not_in_range', {start: budgetLimit.start_date, end: budgetLimit.end_date}) }}
</small><br>
{% endif %}
<div class="input-group">
<div class="input-group bl_entry" data-budget-limit-id="{{ budgetLimit.id }}">
<div class="input-group-addon">{{ budgetLimit.currency_symbol }}</div>
<input class="form-control budget_amount" data-original="{{ budgetLimit.amount }}"
data-id="{{ budget.id }}" data-limit="{{ budgetLimit.id }}" value="{{ budgetLimit.amount }}"
@ -295,7 +295,9 @@
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="false"><span class="caret"></span></button>
<ul class="dropdown-menu">
<li><a href="{{ route('budget-limits.delete', [budgetLimit.id]) }}">{{ trans('firefly.remove_budgeted_amount', {currency: budgetLimit.currency_name }) }}</a></li>
<li>
<a class="delete_bl" href="#" data-budget-limit-id="{{ budgetLimit.id }}">{{ trans('firefly.remove_budgeted_amount', {currency: budgetLimit.currency_name }) }}</a>
</li>
</ul>
</div>
</div>
@ -468,6 +470,7 @@
var createBudgetLimitUri = "{{ route('budget-limits.create', ['REPLACEME', start.format('Y-m-d'), end.format('Y-m-d')]) }}";
var storeBudgetLimitUri = "{{ route('budget-limits.store') }}";
var updateBudgetLimitUri = "{{ route('budget-limits.update', ['REPLACEME']) }}";
var deleteBudgetLimitUrl = "{{ route('budget-limits.delete', ['REPLACEME']) }}";
var totalBudgetedUri = "{{ route('json.budget.total-budgeted', ['REPLACEME', start.format('Y-m-d'), end.format('Y-m-d')]) }}";
// period thing:

2
routes/web.php
View File

@ -282,7 +282,7 @@ Route::group(
Route::get('create/{budget}/{start_date}/{end_date}', ['uses' => 'Budget\BudgetLimitController@create', 'as' => 'create']);
Route::post('store', ['uses' => 'Budget\BudgetLimitController@store', 'as' => 'store']);
Route::get('delete/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@delete', 'as' => 'delete']);
Route::post('delete/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@delete', 'as' => 'delete']);
Route::post('update/{budgetLimit}', ['uses' => 'Budget\BudgetLimitController@update', 'as' => 'update']);
}