kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-14 00:04:24 +00:00
Code Issues Projects Releases Wiki Activity

Fix #2941

Browse Source
This commit is contained in:
James Cole
2020-01-02 19:41:14 +01:00
parent c55ef9c77b
commit b1848e274f
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/Transaction/ShowController.php
View File

@@ -30,6 +30,7 @@ use FireflyIII\Models\TransactionJournal;
use FireflyIII\Repositories\TransactionGroup\TransactionGroupRepositoryInterface; use FireflyIII\Repositories\TransactionGroup\TransactionGroupRepositoryInterface;
use FireflyIII\Transformers\TransactionGroupTransformer; use FireflyIII\Transformers\TransactionGroupTransformer;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\ParameterBag; use Symfony\Component\HttpFoundation\ParameterBag;
/** /**
@@ -82,6 +83,13 @@ class ShowController extends Controller
// do some amount calculations: // do some amount calculations:
$amounts = $this->getAmounts($groupArray); $amounts = $this->getAmounts($groupArray);
// make sure notes are escaped but not double escaped.
foreach ($groupArray['transactions'] as $index => $transaction) {
$search = ['&', '>', '<'];
if (!Str::contains($transaction['notes'], $search)) {
$groupArray['transactions'][$index]['notes'] = e($transaction['notes']);
}
}
$events = $this->repository->getPiggyEvents($transactionGroup); $events = $this->repository->getPiggyEvents($transactionGroup);
$attachments = $this->repository->getAttachments($transactionGroup); $attachments = $this->repository->getAttachments($transactionGroup);

13
app/Models/Note.php
View File

@@ -86,10 +86,21 @@ class Note extends Model
/** /**
* @param $value * @param $value
*
* @codeCoverageIgnore * @codeCoverageIgnore
*/ */
public function setTextAttribute($value): void public function setTextAttribute(string $value): void
{ {
$this->attributes['text'] = e($value); $this->attributes['text'] = e($value);
} }
/**
* @param string $value
*
* @return string
*/
public function getTextAttribute(string $value): string
{
return htmlspecialchars_decode($value, ENT_QUOTES);
}
} }