Fix Injection + v5.0.2 (#2123)

ildyria · web-flow · commit 33354a2ce7cf · 2023-12-28T16:15:36.000+01:00
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -223,7 +223,7 @@ private function logSQL(QueryExecuted $query): void
 
 		$sql_with_bindings = Str::replaceArray('?', $bindings, $query->sql);
 
-		$explain = DB::select('EXPLAIN ' . $sql_with_bindings);
+		$explain = DB::select('EXPLAIN ' . $query->sql, $query->bindings);
 		$renderer = new ArrayToTextTable();
 		$renderer->setIgnoredKeys(['possible_keys', 'key_len', 'ref']);
 
diff --git a/database/migrations/2023_12_28_144906_bump_version050002.php b/database/migrations/2023_12_28_144906_bump_version050002.php
@@ -0,0 +1,26 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class() extends Migration {
+	/**
+	 * Run the migrations.
+	 *
+	 * @return void
+	 */
+	public function up(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '050002']);
+	}
+
+	/**
+	 * Reverse the migrations.
+	 *
+	 * @return void
+	 */
+	public function down(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '050001']);
+	}
+};
diff --git a/resources/views/livewire/forms/album/share-with.blade.php b/resources/views/livewire/forms/album/share-with.blade.php
@@ -96,10 +96,10 @@ class="bg-neutral-800 text-sm rounded-full w-56 px-2 pl-8 py-1 focus:outline-non
                                 @foreach ($this->userList as $result)
                                     <li class="border-b border-neutral-700 cursor-pointer transition-all ease-in-out duration-300
 							hover:bg-gradient-to-b hover:from-primary-500 hover:to-primary-600 hover:text-text-main-0"
-                                        wire:click="select('{{ $result['id'] }}','{{ $result['username'] }}')">
+                                        wire:click="select('{{ $result['id'] }}',@js($result['username']))">
                                         <a class="px-1 py-1 flex items-center"
                                             @if ($loop->last) @keydown.tab="isSearchUserOpen = false" @endif>
-                                            <span class="ml-4 text-left">{{ $result['username'] }}</span>
+                                            <span class="ml-4 text-left">{{ ($result['username']) }}</span>
                                         </a>
                                     </li>
                                 @endforeach
diff --git a/version.md b/version.md
@@ -1 +1 @@
-5.0.1
+5.0.2
