Use Binput for xss protection

src/Http/Controllers/Api/ComponentController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers\Api;
 
 use CachetHQ\Cachet\Repositories\Component\ComponentRepository;
 use Dingo\Api\Routing\ControllerTrait;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 
 class ComponentController extends Controller
 {
@@ -71,6 +71,6 @@ class ComponentController extends Controller
      */
     public function postComponents()
     {
-        return $this->component->create($this->auth->user()->id, Input::all());
+        return $this->component->create($this->auth->user()->id, Binput::all());
     }
 }

src/Http/Controllers/Api/IncidentController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers\Api;
 
 use CachetHQ\Cachet\Repositories\Incident\IncidentRepository;
 use Dingo\Api\Routing\ControllerTrait;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 
 class IncidentController extends Controller
 {
@@ -59,7 +59,7 @@ class IncidentController extends Controller
      */
     public function postIncidents()
     {
-        return $this->incident->create($this->auth->user()->id, Input::all());
+        return $this->incident->create($this->auth->user()->id, Binput::all());
     }
 
     /**
@@ -71,6 +71,6 @@ class IncidentController extends Controller
      */
     public function putIncident($id)
     {
-        return $this->incident->update($id, Input::all());
+        return $this->incident->update($id, Binput::all());
     }
 }

src/Http/Controllers/Api/MetricController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers\Api;
 
 use CachetHQ\Cachet\Repositories\Metric\MetricRepository;
 use Dingo\Api\Routing\ControllerTrait;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 
 class MetricController extends Controller
 {
@@ -58,7 +58,7 @@ class MetricController extends Controller
      */
     public function postMetrics()
     {
-        return $this->metric->create(Input::all());
+        return $this->metric->create(Binput::all());
     }
 
     /**
@@ -70,6 +70,6 @@ class MetricController extends Controller
      */
     public function putMetric($id)
     {
-        return $this->metric->update($id, Input::all());
+        return $this->metric->update($id, Binput::all());
     }
 }

src/Http/Controllers/Api/MetricPointController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers\Api;
 
 use CachetHQ\Cachet\Repositories\MetricPoint\MetricPointRepository;
 use Dingo\Api\Routing\ControllerTrait;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 
 class MetricPointController extends Controller
 {
@@ -58,6 +58,6 @@ class MetricPointController extends Controller
      */
     public function postMetricPoints()
     {
-        return $this->metricPoint->create(Input::all());
+        return $this->metricPoint->create(Binput::all());
     }
 }

src/Http/Controllers/AuthController.php

@@ -3,9 +3,9 @@
 namespace CachetHQ\Cachet\Http\Controllers;
 
 use GrahamCampbell\Throttle\Facades\Throttle;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\View;
@@ -32,14 +32,14 @@ class AuthController extends Controller
      */
     public function postLogin()
     {
-        if (Auth::attempt(Input::only(['email', 'password']))) {
+        if (Auth::attempt(Binput::only(['email', 'password']))) {
             return Redirect::intended('dashboard');
         }
 
         Throttle::hit(Request::instance(), 10, 10);
 
         return Redirect::back()
-            ->withInput(Input::except('password'))
+            ->withInput(Binput::except('password'))
             ->with('error', 'Invalid email or password');
     }
 

src/Http/Controllers/DashAPIController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers;
 
 use CachetHQ\Cachet\Models\Component;
 use Exception;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 
 class DashAPIController extends Controller
 {
@@ -20,7 +20,7 @@ class DashAPIController extends Controller
      */
     public function postUpdateComponent(Component $component)
     {
-        if (!$component->update(Input::except(['_token']))) {
+        if (!$component->update(Binput::except(['_token']))) {
             throw new Exception('Failed to update the component.');
         }
 
@@ -34,7 +34,7 @@ class DashAPIController extends Controller
      */
     public function postUpdateComponentOrder()
     {
-        $componentData = Input::all();
+        $componentData = Binput::all();
         unset($componentData['component'][0]); // Remove random 0 index.
 
         foreach ($componentData['component'] as $componentId => $order) {

src/Http/Controllers/DashComponentController.php

@@ -3,8 +3,8 @@
 namespace CachetHQ\Cachet\Http\Controllers;
 
 use CachetHQ\Cachet\Models\Component;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\View;
 
@@ -49,7 +49,7 @@ class DashComponentController extends Controller
      */
     public function updateComponentAction(Component $component)
     {
-        $_component = Input::get('component');
+        $_component = Binput::get('component');
         $component->update($_component);
 
         return Redirect::back()->with('savedComponent', $component);
@@ -74,7 +74,7 @@ class DashComponentController extends Controller
      */
     public function createComponentAction()
     {
-        $_component = Input::get('component');
+        $_component = Binput::get('component');
         $component = Component::create($_component);
 
         return Redirect::back()->with('component', $component);

src/Http/Controllers/DashIncidentController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers;
 
 use CachetHQ\Cachet\Models\Incident;
 use CachetHQ\Cachet\Models\IncidentTemplate;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\View;
 
@@ -57,7 +57,7 @@ class DashIncidentController extends Controller
      */
     public function createIncidentTemplateAction()
     {
-        $_template = Input::get('template');
+        $_template = Binput::get('template');
         $template = IncidentTemplate::create($_template);
 
         return Redirect::back()->with('template', $template);
@@ -70,7 +70,7 @@ class DashIncidentController extends Controller
      */
     public function createIncidentAction()
     {
-        $_incident = Input::get('incident');
+        $_incident = Binput::get('incident');
         $incident = Incident::create($_incident);
 
         return Redirect::back()->with('incident', $incident);

src/Http/Controllers/DashSettingsController.php

@@ -4,8 +4,8 @@ namespace CachetHQ\Cachet\Http\Controllers;
 
 use CachetHQ\Cachet\Models\Setting;
 use Exception;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\View;
 
@@ -114,13 +114,13 @@ class DashSettingsController extends Controller
      */
     public function postSettings()
     {
-        if (Input::get('remove_banner') == "1") {
+        if (Binput::get('remove_banner') == "1") {
             $setting = Setting::where('name', 'app_banner');
             $setting->delete();
         }
 
-        if (Input::hasFile('app_banner')) {
-            $file = Input::file('app_banner');
+        if (Binput::hasFile('app_banner')) {
+            $file = Binput::file('app_banner');
 
             // Image Validation.
             // Image size in bytes.
@@ -154,7 +154,7 @@ class DashSettingsController extends Controller
         }
 
         try {
-            foreach (Input::except(['app_banner', 'remove_banner']) as $settingName => $settingValue) {
+            foreach (Binput::except(['app_banner', 'remove_banner']) as $settingName => $settingValue) {
                 Setting::firstOrCreate([
                     'name' => $settingName,
                 ])->update([

src/Http/Controllers/DashUserController.php

@@ -2,9 +2,9 @@
 
 namespace CachetHQ\Cachet\Http\Controllers;
 
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\View;
 
@@ -29,7 +29,7 @@ class DashUserController extends Controller
      */
     public function postUser()
     {
-        $items = Input::all();
+        $items = Binput::all();
 
         $updated = Auth::user()->update($items);
 

src/Http/Controllers/SetupController.php

@@ -4,9 +4,9 @@ namespace CachetHQ\Cachet\Http\Controllers;
 
 use CachetHQ\Cachet\Models\Setting;
 use CachetHQ\Cachet\Models\User;
+use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\Facades\View;
@@ -42,7 +42,7 @@ class SetupController extends Controller
      */
     public function postIndex()
     {
-        $postData = Input::get();
+        $postData = Binput::get();
 
         $v = Validator::make($postData, [
             'settings.app_name'     => 'required',