ouyang/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent injection, fix asset update

Browse Source
This commit is contained in:
slong753
2023-07-17 10:56:12 -05:00
committed by spencerrlongg
parent 17ccfa9ada
commit 1ea0de8bca
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/AssetModelsController.php
+4 -2
View File
@@ -93,7 +93,8 @@ class AssetModelsController extends Controller
// Was it created?
if ($model->save()) {
if ($request->filled('eol')) {
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL '.$model->eol.' MONTH)')]);
$newEol = $model->eol;
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL :newEol MONTH)', ['newEol' => $newEol])]);
}
if ($this->shouldAddDefaultValues($request->input())) {
if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
@@ -182,7 +183,8 @@ class AssetModelsController extends Controller
if ($model->save()) {
if ($model->wasChanged('eol')) {
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL '.$model->eol.' MONTH)')]);
$newEol = $model->eol;
$model->assets()->whereNotNull('purchase_date')->whereNull('eol_explicit')->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL :newEol MONTH)', ['newEol' => $newEol])]);
}
return redirect()->route('models.index')->with('success', trans('admin/models/message.update.success'));
}