From cf4bec91a60337cab47d06c6eccb68c3a7cefe57 Mon Sep 17 00:00:00 2001
From: noor <noor.a@ladybirdweb.com>
Date: Tue, 2 May 2023 11:06:51 +0530
Subject: [PATCH] xss-injection

---
 app/Http/Controllers/Agent/helpdesk/UserController.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Agent/helpdesk/UserController.php b/app/Http/Controllers/Agent/helpdesk/UserController.php
index 82e209e04..f815c4192 100644
--- a/app/Http/Controllers/Agent/helpdesk/UserController.php
+++ b/app/Http/Controllers/Agent/helpdesk/UserController.php
@@ -171,7 +171,7 @@ class UserController extends Controller
                         })
                         /* column email */
                         ->addColumn('email', function ($model) {
-                            $email = "<a href='".route('user.show', $model->id)."'>".$model->email.'</a>';
+                            $email = "<a href='".route('user.show', $model->id)."'>".e($model->email).'</a>';
 
                             return $email;
                         })
@@ -179,11 +179,11 @@ class UserController extends Controller
                         ->addColumn('mobile', function ($model) {
                             $phone = '';
                             if ($model->phone_number) {
-                                $phone = $model->ext.' '.$model->phone_number;
+                                $phone = htmlspecialchars($model->ext.' '.$model->phone_number, ENT_QUOTES, 'UTF-8');
                             }
                             $mobile = '';
                             if ($model->mobile) {
-                                $mobile = $model->mobile;
+                                $mobile = htmlspecialchars($model->mobile, ENT_QUOTES, 'UTF-8');
                             }
                             $phone = $phone.'&nbsp;&nbsp;&nbsp;'.$mobile;