mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Fix similar XSS issues.
This commit is contained in:
parent
8717f469b1
commit
2d7494f8cd
@ -86,7 +86,7 @@ class LinkController extends Controller
|
|||||||
public function delete(Request $request, LinkTypeRepositoryInterface $repository, LinkType $linkType)
|
public function delete(Request $request, LinkTypeRepositoryInterface $repository, LinkType $linkType)
|
||||||
{
|
{
|
||||||
if (!$linkType->editable) {
|
if (!$linkType->editable) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => $linkType->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => e($linkType->name)]));
|
||||||
|
|
||||||
return redirect(route('admin.links.index'));
|
return redirect(route('admin.links.index'));
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ class LinkController extends Controller
|
|||||||
public function edit(Request $request, LinkType $linkType)
|
public function edit(Request $request, LinkType $linkType)
|
||||||
{
|
{
|
||||||
if (!$linkType->editable) {
|
if (!$linkType->editable) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => $linkType->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => e($linkType->name)]));
|
||||||
|
|
||||||
return redirect(route('admin.links.index'));
|
return redirect(route('admin.links.index'));
|
||||||
}
|
}
|
||||||
@ -246,7 +246,7 @@ class LinkController extends Controller
|
|||||||
public function update(LinkTypeFormRequest $request, LinkTypeRepositoryInterface $repository, LinkType $linkType)
|
public function update(LinkTypeFormRequest $request, LinkTypeRepositoryInterface $repository, LinkType $linkType)
|
||||||
{
|
{
|
||||||
if (!$linkType->editable) {
|
if (!$linkType->editable) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => $linkType->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_edit_link_type', ['name' => e($linkType->name)]));
|
||||||
|
|
||||||
return redirect(route('admin.links.index'));
|
return redirect(route('admin.links.index'));
|
||||||
}
|
}
|
||||||
|
@ -77,7 +77,7 @@ class CurrencyController extends Controller
|
|||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
}
|
}
|
||||||
@ -131,7 +131,7 @@ class CurrencyController extends Controller
|
|||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but is not site owner.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but is not site owner.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -139,7 +139,7 @@ class CurrencyController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->repository->currencyInUse($currency)) {
|
if ($this->repository->currencyInUse($currency)) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_delete_currency', ['name' => $currency->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_delete_currency', ['name' => e($currency->name)]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but currency is in use.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but currency is in use.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -167,7 +167,7 @@ class CurrencyController extends Controller
|
|||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is not site owner.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is not site owner.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -175,7 +175,7 @@ class CurrencyController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->repository->currencyInUse($currency)) {
|
if ($this->repository->currencyInUse($currency)) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_delete_currency', ['name' => $currency->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_delete_currency', ['name' => e($currency->name)]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is in use.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to delete currency %s but is in use.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -203,7 +203,7 @@ class CurrencyController extends Controller
|
|||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is not site owner.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is not site owner.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -211,7 +211,7 @@ class CurrencyController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->repository->currencyInUse($currency)) {
|
if ($this->repository->currencyInUse($currency)) {
|
||||||
$request->session()->flash('error', (string)trans('firefly.cannot_disable_currency', ['name' => $currency->name]));
|
$request->session()->flash('error', (string)trans('firefly.cannot_disable_currency', ['name' => e($currency->name)]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is in use.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to disable currency %s but is in use.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -251,7 +251,7 @@ class CurrencyController extends Controller
|
|||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
Log::channel('audit')->info(sprintf('Tried to edit currency %s but is not owner.', $currency->code));
|
Log::channel('audit')->info(sprintf('Tried to edit currency %s but is not owner.', $currency->code));
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
@ -395,7 +395,7 @@ class CurrencyController extends Controller
|
|||||||
$data = $request->getCurrencyData();
|
$data = $request->getCurrencyData();
|
||||||
if (!$this->userRepository->hasRole($user, 'owner')) {
|
if (!$this->userRepository->hasRole($user, 'owner')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')]));
|
$request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))]));
|
||||||
Log::channel('audit')->info('Tried to update (POST) currency without admin rights.', $data);
|
Log::channel('audit')->info('Tried to update (POST) currency without admin rights.', $data);
|
||||||
|
|
||||||
return redirect(route('currencies.index'));
|
return redirect(route('currencies.index'));
|
||||||
|
@ -77,7 +77,7 @@ class JobConfigurationController extends Controller
|
|||||||
$allowed = ['has_prereq', 'need_job_config'];
|
$allowed = ['has_prereq', 'need_job_config'];
|
||||||
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
||||||
Log::error(sprintf('Job has state "%s", but we only accept %s', $importJob->status, json_encode($allowed)));
|
Log::error(sprintf('Job has state "%s", but we only accept %s', $importJob->status, json_encode($allowed)));
|
||||||
session()->flash('error', (string)trans('import.bad_job_status', ['status' => $importJob->status]));
|
session()->flash('error', (string)trans('import.bad_job_status', ['status' => e($importJob->status)]));
|
||||||
|
|
||||||
return redirect(route('import.index'));
|
return redirect(route('import.index'));
|
||||||
}
|
}
|
||||||
@ -127,7 +127,7 @@ class JobConfigurationController extends Controller
|
|||||||
// catch impossible status:
|
// catch impossible status:
|
||||||
$allowed = ['has_prereq', 'need_job_config'];
|
$allowed = ['has_prereq', 'need_job_config'];
|
||||||
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
||||||
session()->flash('error', (string)trans('import.bad_job_status', ['status' => $importJob->status]));
|
session()->flash('error', (string)trans('import.bad_job_status', ['status' => e($importJob->status)]));
|
||||||
|
|
||||||
return redirect(route('import.index'));
|
return redirect(route('import.index'));
|
||||||
}
|
}
|
||||||
|
@ -76,7 +76,7 @@ class PrerequisitesController extends Controller
|
|||||||
$allowed = ['new'];
|
$allowed = ['new'];
|
||||||
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
||||||
Log::error(sprintf('Job has state "%s" but this Prerequisites::index() only accepts %s', $importJob->status, json_encode($allowed)));
|
Log::error(sprintf('Job has state "%s" but this Prerequisites::index() only accepts %s', $importJob->status, json_encode($allowed)));
|
||||||
session()->flash('error', (string)trans('import.bad_job_status', ['status' => $importJob->status]));
|
session()->flash('error', (string)trans('import.bad_job_status', ['status' => e($importJob->status)]));
|
||||||
|
|
||||||
return redirect(route('import.index'));
|
return redirect(route('import.index'));
|
||||||
}
|
}
|
||||||
@ -129,7 +129,7 @@ class PrerequisitesController extends Controller
|
|||||||
$allowed = ['new'];
|
$allowed = ['new'];
|
||||||
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
if (null !== $importJob && !\in_array($importJob->status, $allowed, true)) {
|
||||||
Log::error(sprintf('Job has state "%s" but this Prerequisites::post() only accepts %s', $importJob->status, json_encode($allowed)));
|
Log::error(sprintf('Job has state "%s" but this Prerequisites::post() only accepts %s', $importJob->status, json_encode($allowed)));
|
||||||
session()->flash('error', (string)trans('import.bad_job_status', ['status' => $importJob->status]));
|
session()->flash('error', (string)trans('import.bad_job_status', ['status' => e($importJob->status)]));
|
||||||
|
|
||||||
return redirect(route('import.index'));
|
return redirect(route('import.index'));
|
||||||
}
|
}
|
||||||
@ -148,7 +148,7 @@ class PrerequisitesController extends Controller
|
|||||||
Log::debug(sprintf('Result of storePrerequisites has message count: %d', $result->count()));
|
Log::debug(sprintf('Result of storePrerequisites has message count: %d', $result->count()));
|
||||||
|
|
||||||
if ($result->count() > 0) {
|
if ($result->count() > 0) {
|
||||||
$request->session()->flash('error', $result->first());
|
$request->session()->flash('error', e($result->first()));
|
||||||
|
|
||||||
// redirect back to job, if has job:
|
// redirect back to job, if has job:
|
||||||
return redirect(route('import.prerequisites.index', [$importProvider, $importJob->key ?? '']))->withInput();
|
return redirect(route('import.prerequisites.index', [$importProvider, $importJob->key ?? '']))->withInput();
|
||||||
|
@ -320,7 +320,7 @@ class PiggyBankController extends Controller
|
|||||||
'error',
|
'error',
|
||||||
(string)trans(
|
(string)trans(
|
||||||
'firefly.cannot_add_amount_piggy',
|
'firefly.cannot_add_amount_piggy',
|
||||||
['amount' => app('amount')->formatAnything($currency, $amount, false), 'name' => $piggyBank->name]
|
['amount' => app('amount')->formatAnything($currency, $amount, false), 'name' => e($piggyBank->name)]
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -363,7 +363,7 @@ class PiggyBankController extends Controller
|
|||||||
'error',
|
'error',
|
||||||
(string)trans(
|
(string)trans(
|
||||||
'firefly.cannot_remove_from_piggy',
|
'firefly.cannot_remove_from_piggy',
|
||||||
['amount' => app('amount')->formatAnything($currency, $amount, false), 'name' => $piggyBank->name]
|
['amount' => app('amount')->formatAnything($currency, $amount, false), 'name' => e($piggyBank->name)]
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@ class ProfileController extends Controller
|
|||||||
$loginProvider = config('firefly.login_provider');
|
$loginProvider = config('firefly.login_provider');
|
||||||
if ('eloquent' !== $loginProvider) {
|
if ('eloquent' !== $loginProvider) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -115,7 +115,7 @@ class ProfileController extends Controller
|
|||||||
$loginProvider = config('firefly.login_provider');
|
$loginProvider = config('firefly.login_provider');
|
||||||
if ('eloquent' !== $loginProvider) {
|
if ('eloquent' !== $loginProvider) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -200,7 +200,7 @@ class ProfileController extends Controller
|
|||||||
$loginProvider = config('firefly.login_provider');
|
$loginProvider = config('firefly.login_provider');
|
||||||
if ('eloquent' !== $loginProvider) {
|
if ('eloquent' !== $loginProvider) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => $loginProvider]));
|
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => e($loginProvider)]));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
}
|
}
|
||||||
$title = auth()->user()->email;
|
$title = auth()->user()->email;
|
||||||
@ -296,7 +296,7 @@ class ProfileController extends Controller
|
|||||||
$loginProvider = config('firefly.login_provider');
|
$loginProvider = config('firefly.login_provider');
|
||||||
if ('eloquent' !== $loginProvider) {
|
if ('eloquent' !== $loginProvider) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -350,7 +350,7 @@ class ProfileController extends Controller
|
|||||||
$loginProvider = config('firefly.login_provider');
|
$loginProvider = config('firefly.login_provider');
|
||||||
if ('eloquent' !== $loginProvider) {
|
if ('eloquent' !== $loginProvider) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
|
@ -396,7 +396,7 @@ class SingleController extends Controller
|
|||||||
// store the journal only, flash the rest.
|
// store the journal only, flash the rest.
|
||||||
Log::debug(sprintf('Count of error messages is %d', $this->attachments->getErrors()->count()));
|
Log::debug(sprintf('Count of error messages is %d', $this->attachments->getErrors()->count()));
|
||||||
if (\count($this->attachments->getErrors()->get('attachments')) > 0) {
|
if (\count($this->attachments->getErrors()->get('attachments')) > 0) {
|
||||||
session()->flash('error', $this->attachments->getErrors()->get('attachments'));
|
session()->flash('error', e($this->attachments->getErrors()->get('attachments')));
|
||||||
}
|
}
|
||||||
// flash messages
|
// flash messages
|
||||||
if (\count($this->attachments->getMessages()->get('attachments')) > 0) {
|
if (\count($this->attachments->getMessages()->get('attachments')) > 0) {
|
||||||
@ -463,7 +463,7 @@ class SingleController extends Controller
|
|||||||
|
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
if (\count($this->attachments->getErrors()->get('attachments')) > 0) {
|
if (\count($this->attachments->getErrors()->get('attachments')) > 0) {
|
||||||
session()->flash('error', $this->attachments->getErrors()->get('attachments'));
|
session()->flash('error', e($this->attachments->getErrors()->get('attachments')));
|
||||||
}
|
}
|
||||||
if (\count($this->attachments->getMessages()->get('attachments')) > 0) {
|
if (\count($this->attachments->getMessages()->get('attachments')) > 0) {
|
||||||
session()->flash('info', $this->attachments->getMessages()->get('attachments'));
|
session()->flash('info', $this->attachments->getMessages()->get('attachments'));
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
{% else %}
|
{% else %}
|
||||||
{{ Form.checkbox(name~'[]', id, false, options) }}
|
{{ Form.checkbox(name~'[]', id, false, options) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{{ account }}
|
{{ account|escape }}
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -64,7 +64,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if account.status != 'ACTIVE' %}
|
{% if account.status != 'ACTIVE' %}
|
||||||
<li>{{ trans('import.bunq_account_status_'~account.status) }}</li>
|
<li>{{ trans('import.bunq_account_status_'~account.status|escape) }}</li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if account.type == 'MonetaryAccountSavings' %}
|
{% if account.type == 'MonetaryAccountSavings' %}
|
||||||
<li>{{ trans('import.bunq_savings_goal', {'amount': account.savingsGoal.currency ~' '~account.savingsGoal.value,'percentage' : account.savingsGoal.percentage}) }}</li>
|
<li>{{ trans('import.bunq_savings_goal', {'amount': account.savingsGoal.currency ~' '~account.savingsGoal.value,'percentage' : account.savingsGoal.percentage}) }}</li>
|
||||||
|
Loading…
Reference in New Issue
Block a user