Close XSS in node image manager

eskyuu · web-flow · commit 3daddcf66cdb · 2025-10-16T10:36:42.000-05:00
diff --git a/app/Http/Controllers/Maps/CustomMapNodeImageController.php b/app/Http/Controllers/Maps/CustomMapNodeImageController.php
@@ -87,7 +87,7 @@ public function store(FormRequest $request): JsonResponse
         return response()->json([
             'result' => 'success',
             'id' => $image->custom_map_node_image_id,
-            'name' => $image->name,
+            'name' => htmlentities($image->name),
             'version' => $image->version,
         ]);
     }
@@ -105,7 +105,7 @@ public function update(FormRequest $request, CustomMapNodeImage $image): JsonRes
 
         return response()->json([
             'result' => 'success',
-            'name' => $request['name'],
+            'name' => htmlentities($image->name),
             'version' => $image->version,
         ]);
     }
