Merge master into develop

Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .all-contributorsrc # README.md # app/Http/Controllers/BulkAssetModelsController.php # app/Http/Controllers/CustomFieldsController.php # app/Http/Controllers/CustomFieldsetsController.php # app/Http/Controllers/ModalController.php # app/Http/Transformers/GroupsTransformer.php # config/version.php # package-lock.json # public/css/build/app.css # public/css/build/overrides.css # public/css/dist/all.css # public/css/dist/bootstrap-table.css # public/js/build/app.js # public/js/dist/all.js # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/assets/less/overrides.less # resources/lang/en/admin/hardware/message.php # resources/lang/en/admin/settings/general.php # resources/views/partials/bootstrap-table.blade.php # routes/web.php
2022-01-12 20:51:33 -08:00
parent ba5b835933 181dc5127f
commit 43c57c8461
55 changed files with 9596 additions and 295876 deletions
@@ -6,17 +6,49 @@ use App\Helpers\Helper;

 class ModalController extends Controller
 {
-    public function show($type, $itemId = null)
-    {
+
+    /** 
+     * Load the modal views after confirming they are in the allowed_types array.
+     * The allowed types away just prevents shithead skiddies from fuzzing the urls 
+     * with automated scripts and junking up the logs. - snipe
+     * 
+     * @version    v5.3.7-pre
+     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @author [A. Gianotto] [<snipe@snipe.net]
+     * @return View
+     */
+    function show ($type, $itemId = null) {
+
+        // These values should correspond to a file in resources/views/modals/
+        $allowed_types = [
+            'category',
+            'kit-model', 
+            'kit-license', 
+            'kit-consumable', 
+            'kit-accessory',
+            'location',
+            'manufacturer',
+            'model',
+            'statuslabel',
+            'supplier',
+            'upload-file',
+            'user',         
+        ];
+
+
+        if (in_array($type, $allowed_types)) {
        $view = view("modals.${type}");

-        if ($type == 'statuslabel') {
+            if ($type == "statuslabel") {
            $view->with('statuslabel_types', Helper::statusTypeList());
        }
        if (in_array($type, ['kit-model', 'kit-license', 'kit-consumable', 'kit-accessory'])) {
            $view->with('kitId', $itemId);
+            }
+            return $view;
        }

-        return $view;
+        abort(404,'Page not found');
+        
    }
 }