Bumped version

Signed-off-by: snipe <snipe@snipe.net>
Merge pull request #10942 from snipe/fixes/xss_user_requested
2022-04-15 12:26:58 +01:00 · 2022-04-15 12:25:56 +01:00 · 2022-04-15 12:22:20 +01:00 · 2022-04-12 21:31:19 +01:00 · 2022-04-12 21:17:29 +01:00 · 2022-04-12 21:04:57 +01:00
8 changed files with 70 additions and 21 deletions
@@ -26,7 +26,7 @@ class LicensesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'freeSeats', 'supplier','category')->withCount('freeSeats as free_seats_count'));
+        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));


        if ($request->filled('company_id')) {
@@ -30,11 +30,11 @@ class ProfileController extends Controller
            // Make sure the asset and request still exist
            if ($checkoutRequest && $checkoutRequest->itemRequested()) {
                $results['rows'][] = [
-                    'image' => $checkoutRequest->itemRequested()->present()->getImageUrl(),
-                    'name' => $checkoutRequest->itemRequested()->present()->name(),
-                    'type' => $checkoutRequest->itemType(),
-                    'qty' => $checkoutRequest->quantity,
-                    'location' => ($checkoutRequest->location()) ? $checkoutRequest->location()->name : null,
+                    'image' => e($checkoutRequest->itemRequested()->present()->getImageUrl()),
+                    'name' => e($checkoutRequest->itemRequested()->present()->name()),
+                    'type' => e($checkoutRequest->itemType()),
+                    'qty' => (int) $checkoutRequest->quantity,
+                    'location' => ($checkoutRequest->location()) ? e($checkoutRequest->location()->name) : null,
                    'expected_checkin' => Helper::getFormattedDateObject($checkoutRequest->itemRequested()->expected_checkin, 'datetime'),
                    'request_date' => Helper::getFormattedDateObject($checkoutRequest->created_at, 'datetime'),
                ];
@@ -235,7 +235,7 @@ class LicensesController extends Controller
    public function show($licenseId = null)
    {

-        $license = License::with('assignedusers', 'licenseSeats.user', 'licenseSeats.asset')->find($licenseId);
+        $license = License::with('assignedusers')->find($licenseId);

        if ($license) {
            $this->authorize('view', $license);
@@ -45,7 +45,7 @@ class License extends Depreciable

    protected $rules = array(
        'name'   => 'required|string|min:3|max:255',
-        'seats'   => 'required|min:1|max:999|integer',
+        'seats'   => 'required|min:1|max:9999|integer',
        'license_email'   => 'email|nullable|max:120',
        'license_name'   => 'string|nullable|max:100',
        'notes'   => 'string|nullable',
@@ -173,13 +173,25 @@ class License extends Depreciable
            $logAction->logaction('delete seats');
            return true;
        }
-        // Else we're adding seats.
-        DB::transaction(function () use ($license, $oldSeats, $newSeats) {
-            for ($i = $oldSeats; $i < $newSeats; $i++) {
-                $license->licenseSeatsRelation()->save(new LicenseSeat, ['user_id' => Auth::id()]);
-            }
+        //Create enough seats for the change.
+        $licenseInsert = [];
+        for ($i = $oldSeats; $i < $newSeats; $i++) {
+            $licenseInsert[] = [
+                'user_id' => Auth::id(),
+                'license_id' => $license->id,
+                'created_at' => now(),
+                'updated_at' => now()
+            ];
+        }
+        //Chunk and use DB transactions to prevent timeouts.
+
+        collect($licenseInsert)->chunk(1000)->each(function ($chunk) {
+            DB::transaction(function () use ($chunk) {
+                 LicenseSeat::insert($chunk->toArray());
+             });
        });
-        // On initail create, we shouldn't log the addition of seats.
+
+        // On initial create, we shouldn't log the addition of seats.
        if ($license->id) {
            //Log the addition of license to the log.
            $logAction = new Actionlog();
@@ -70,7 +70,6 @@
    "overtrue/phplint": "^2.2",
    "phpunit/php-token-stream": "^3.1",
    "phpunit/phpunit": "^8.5",
-    "roave/security-advisories": "dev-latest",
    "squizlabs/php_codesniffer": "^3.5",
    "symfony/css-selector": "^4.4",
    "symfony/dom-crawler": "^4.4"
@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v5.4.2',
-  'full_app_version' => 'v5.4.2 - build 6805-g5314ef97e',
-  'build_version' => '6805',
+  'app_version' => 'v5.4.3',
+  'full_app_version' => 'v5.4.3 - build 6812-g7479f5f12',
+  'build_version' => '6812',
  'prerelease_version' => '',
-  'hash_version' => 'g5314ef97e',
-  'full_hash' => 'v5.4.2-52-g5314ef97e',
+  'hash_version' => 'g7479f5f12',
+  'full_hash' => 'v5.4.3-5-g7479f5f12',
  'branch' => 'master',
 );
@@ -1,4 +1,8 @@
 <?php
+namespace Database\Factories;
+
+use App\Models\Category;
+use Illuminate\Database\Eloquent\Factories\Factory;

 /*
 |--------------------------------------------------------------------------
@@ -13,16 +17,18 @@ $factory->define(App\Models\License::class, function (Faker\Generator $faker) {

    return [
        'user_id' => 1,
-        'license_name' => $faker->name,
+        'name' => $this->faker->name,
        'license_email' => $faker->safeEmail,
        'serial' => $faker->uuid,
        'notes'   => 'Created by DB seeder',
+        'seats' => $this->faker->numberBetween(1, 10),
        'purchase_date' => $faker->dateTimeBetween('-1 years','now', date_default_timezone_get()),
        'order_number' => $faker->numberBetween(1000000, 50000000),
        'expiration_date' => $faker->dateTimeBetween('now', '+3 years', date_default_timezone_get())->format('Y-m-d H:i:s'),
        'reassignable' => $faker->boolean(),
        'termination_date' => $faker->dateTimeBetween('-1 years','now', date_default_timezone_get())->format('Y-m-d H:i:s'),
        'supplier_id' => $faker->numberBetween(1,5),
+        'category_id' => Category::where('category_type', '=', 'license')->inRandomOrder()->first()->id,
    ];
 });

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddLicenseIdIndexToLicenseSeats extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('license_seats', function (Blueprint $table) {
+            $table->index(['license_id']);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('license_seats', function (Blueprint $table) {
+            $table->dropIndex(['license_id']);
+        });
+    }
+}
Author	SHA1	Message	Date
snipe	e4ef970934	Bumped version Signed-off-by: snipe <snipe@snipe.net>	2022-04-15 12:26:58 +01:00
snipe	f211c11034	Merge pull request #10942 from snipe/fixes/xss_user_requested Fixes potential XSS vuln in user requestable results	2022-04-15 12:25:56 +01:00
snipe	698c7f4904	Fixes potential XSS vuln in user requestable results Signed-off-by: snipe <snipe@snipe.net>	2022-04-15 12:22:20 +01:00
snipe	7479f5f12d	Merge pull request #10936 from snipe/fixes/backport_licenses_loading Ports #10494 to master	2022-04-12 21:31:19 +01:00
snipe	161c6b7d31	Removed security-advisories package for now Signed-off-by: snipe <snipe@snipe.net>	2022-04-12 21:17:29 +01:00
snipe	1441cf9f4f	Ports #10494 to master Signed-off-by: snipe <snipe@snipe.net>	2022-04-12 21:04:57 +01:00
snipe	270143bb46	Merge pull request #10935 from uberbrady/backport_license_index_master Backport the license index fix from Develop onto the v5 branch	2022-04-12 20:14:00 +01:00
Brady Wetherington	6b0a1ab3fb	Backport the license index fix from Develop onto the v5 branch	2022-04-12 20:11:25 +01:00