Skip to content

Commit

Permalink
Merge pull request #422 from ControlPanel-gg/development
Browse files Browse the repository at this point in the history 
Fixed JS Exploit
  • Loading branch information
@1day2die
1day2die authored Apr 20, 2022
2 parents 0eb63c8 + 39af09b commit 0e426dc
Show file tree
Hide file tree
Showing 5 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion app/Http/Controllers/Admin/ServerController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ public function dataTable(Request $request)
return $server->suspended ? $server->suspended->diffForHumans() : '';
})
->editColumn('name', function (Server $server) {
return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . $server->name . '</a>';
return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/servers/view/' . $server->pterodactyl_id . '">' . strip_tags($server->name) . '</a>';
})
->rawColumns(['user', 'actions', 'status', 'name'])
->make();
Expand Down
2 changes: 1 addition & 1 deletion app/Http/Controllers/Admin/UserController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,7 @@ public function dataTable()
return '<span class="badge ' . $badgeColor . '">' . $user->role . '</span>';
})
->editColumn('name', function (User $user) {
return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . $user->name . '</a>';
return '<a class="text-info" target="_blank" href="' . config("SETTINGS::SYSTEM:PTERODACTYL:URL") . '/admin/users/view/' . $user->pterodactyl_id . '">' . strip_tags($user->name) . '</a>';
})
->orderColumn('last_seen', function ($query, $order) {
$query->orderBy('last_seen', $order);
Expand Down
2 changes: 1 addition & 1 deletion config/app.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

return [

'version' => '0.7.3',
'version' => '0.7.4',

/*
|--------------------------------------------------------------------------
Expand Down
2 changes: 1 addition & 1 deletion resources/views/admin/products/create.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ class="form-control @error('name') is-invalid @enderror"
</div>

<div class="form-group">
<label for="price">{{__('Price in')}}{{CREDITS_DISPLAY_NAME}}</label>
<label for="price">{{__('Price in')}} {{CREDITS_DISPLAY_NAME}}</label>
<input value="{{$product->price ?? old('price')}}" id="price" name="price"
type="number"
class="form-control @error('price') is-invalid @enderror"
Expand Down
2 changes: 1 addition & 1 deletion resources/views/admin/users/index.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ function submitResult() {
serverSide: true,
stateSave: true,
ajax: "{{route('admin.users.datatable')}}",
order: [[ 11, "desc" ]],
order: [[ 10, "desc" ]],
columns: [
{data: 'discordId', visible: false, name: 'discordUser.id'},
{data: 'pterodactyl_id', visible: false},
Expand Down

0 comments on commit 0e426dc

Please sign in to comment.