Fixes XSS vulnerabilities (#6831)

* Properly escape log_meta values * Vue syntax fix to allow npm run dev to work again * Janky fix for Select2 bug * Compiled production assets * Escape user’s last name in API * Removed duplicate alertClass * Compiled production assets
2026-02-05 05:05:26 +00:00 · 2019-03-18 20:49:32 -07:00
parent dec77890bd
commit dee92cfc6c
11 changed files with 8705 additions and 71 deletions
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@ -24,7 +24,7 @@ class UsersTransformer
        $array = [
                'id' => (int) $user->id,
                'avatar' => e($user->present()->gravatar),
-                'name' => e($user->first_name).' '.($user->last_name),
+                'name' => e($user->first_name).' '.e($user->last_name),
                'first_name' => e($user->first_name),
                'last_name' => e($user->last_name),
                'username' => e($user->username),