mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-05-24 08:20:54 -04:00
XSS clean Giftcard (#39)
This commit is contained in:
FrancescoUK
@@ -9,25 +9,26 @@ class Giftcards extends Secure_area implements iData_controller
|
||||
parent::__construct('giftcards');
|
||||
}
|
||||
|
||||
function index($limit_from=0)
|
||||
public function index($limit_from = 0)
|
||||
{
|
||||
|
||||
$data['controller_name'] = $this->get_controller_name();
|
||||
$data['table_headers'] = get_giftcards_manage_table_headers();
|
||||
|
||||
$data = $this->security->xss_clean($data);
|
||||
|
||||
$this->load->view('giftcards/manage', $data);
|
||||
}
|
||||
|
||||
/*
|
||||
Returns Giftcards table data rows. This will be called with AJAX.
|
||||
*/
|
||||
function search()
|
||||
public function search()
|
||||
{
|
||||
$search = $this->input->get('search');
|
||||
$limit = $this->input->get('limit');
|
||||
$limit = $this->input->get('limit');
|
||||
$offset = $this->input->get('offset');
|
||||
$sort = $this->input->get('sort');
|
||||
$order = $this->input->get('order');
|
||||
$sort = $this->input->get('sort');
|
||||
$order = $this->input->get('order');
|
||||
|
||||
$giftcards = $this->Giftcard->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->Giftcard->get_found_rows($search);
|
||||
@@ -37,69 +38,83 @@ class Giftcards extends Secure_area implements iData_controller
|
||||
{
|
||||
$data_rows[] = get_giftcard_data_row($giftcard, $this);
|
||||
}
|
||||
|
||||
$data_rows = $this->security->xss_clean($data_rows);
|
||||
|
||||
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
|
||||
}
|
||||
|
||||
/*
|
||||
Gives search suggestions based on what is being searched for
|
||||
*/
|
||||
function suggest_search()
|
||||
public function suggest_search()
|
||||
{
|
||||
$suggestions = $this->Giftcard->get_search_suggestions($this->input->post('term'));
|
||||
|
||||
$suggestions = $this->security->xss_clean($suggestions);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
function get_row($row_id)
|
||||
public function get_row($row_id)
|
||||
{
|
||||
$data_row = get_giftcard_data_row($this->Giftcard->get_info($row_id), $this);
|
||||
|
||||
$data_row = $this->security->xss_clean($data_row);
|
||||
|
||||
echo json_encode($data_row);
|
||||
}
|
||||
|
||||
function view($giftcard_id=-1)
|
||||
public function view($giftcard_id = -1)
|
||||
{
|
||||
$giftcard_info = $this->Giftcard->get_info($giftcard_id);
|
||||
$person_name=$giftcard_id > 0? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
|
||||
$data['selected_person_name'] = $giftcard_id > 0 && isset($giftcard_info->person_id) ? $person_name : '';
|
||||
$data['selected_person_id'] = $giftcard_info->person_id;
|
||||
$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $this->Giftcard->get_max_number()->giftcard_number + 1;
|
||||
$data['giftcard_info'] = $giftcard_info;
|
||||
$this->load->view("giftcards/form",$data);
|
||||
|
||||
$data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
|
||||
$data['selected_person_id'] = $giftcard_info->person_id;
|
||||
$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $this->Giftcard->get_max_number()->giftcard_number + 1;
|
||||
$data['giftcard_id'] = $giftcard_id;
|
||||
$data['giftcard_value'] = $giftcard_info->value;
|
||||
|
||||
$data = $this->security->xss_clean($data);
|
||||
|
||||
$this->load->view("giftcards/form", $data);
|
||||
}
|
||||
|
||||
function save($giftcard_id=-1)
|
||||
public function save($giftcard_id = -1)
|
||||
{
|
||||
$giftcard_data = array(
|
||||
'record_time' => date('Y-m-d H:i:s'),
|
||||
'giftcard_number'=>$this->input->post('giftcard_number'),
|
||||
'value'=>$this->input->post('value'),
|
||||
'person_id'=>$this->input->post('person_id') ? $this->input->post('person_id') : null
|
||||
'giftcard_number' => $this->input->post('giftcard_number'),
|
||||
'value' => $this->input->post('value'),
|
||||
'person_id' => $this->input->post('person_id')
|
||||
);
|
||||
|
||||
if( $this->Giftcard->save( $giftcard_data, $giftcard_id ) )
|
||||
if($this->Giftcard->save($giftcard_data, $giftcard_id))
|
||||
{
|
||||
//New giftcard
|
||||
if($giftcard_id==-1)
|
||||
if($giftcard_id == -1)
|
||||
{
|
||||
echo json_encode(array('success'=>true, 'message'=>$this->lang->line('giftcards_successful_adding').' '.
|
||||
$giftcard_data['giftcard_number'], 'id'=>$giftcard_data['giftcard_id']));
|
||||
$giftcard_id = $giftcard_data['giftcard_id'];
|
||||
}
|
||||
else //previous giftcard
|
||||
else //Existing giftcard
|
||||
{
|
||||
echo json_encode(array('success'=>true, 'message'=>$this->lang->line('giftcards_successful_updating').' '.
|
||||
$giftcard_data['giftcard_number'], 'id'=>$giftcard_id));
|
||||
}
|
||||
}
|
||||
else//failure
|
||||
else //failure
|
||||
{
|
||||
echo json_encode(array('success'=>false,'message'=>$this->lang->line('giftcards_error_adding_updating').' '.
|
||||
$giftcard_data['giftcard_number'], 'id'=>-1));
|
||||
}
|
||||
}
|
||||
|
||||
function delete()
|
||||
public function delete()
|
||||
{
|
||||
$giftcards_to_delete=$this->input->post('ids');
|
||||
$giftcards_to_delete = $this->input->post('ids');
|
||||
|
||||
$giftcards_to_delete = $this->security->xss_clean($giftcards_to_delete);
|
||||
|
||||
if($this->Giftcard->delete_list($giftcards_to_delete))
|
||||
{
|
||||
|
||||
@@ -43,10 +43,10 @@ class Giftcard extends CI_Model
|
||||
$this->db->join('people', 'people.person_id = giftcards.person_id', 'left');
|
||||
$this->db->where('giftcard_id', $giftcard_id);
|
||||
$this->db->where('deleted', 0);
|
||||
|
||||
|
||||
$query = $this->db->get();
|
||||
|
||||
if($query->num_rows()==1)
|
||||
if($query->num_rows() == 1)
|
||||
{
|
||||
return $query->row();
|
||||
}
|
||||
@@ -100,9 +100,9 @@ class Giftcard extends CI_Model
|
||||
/*
|
||||
Inserts or updates a giftcard
|
||||
*/
|
||||
public function save(&$giftcard_data, $giftcard_id = FALSE)
|
||||
public function save(&$giftcard_data, $giftcard_id = -1)
|
||||
{
|
||||
if(!$giftcard_id || !$this->exists($giftcard_id))
|
||||
if($giftcard_id == -1 || !$this->exists($giftcard_id))
|
||||
{
|
||||
if($this->db->insert('giftcards', $giftcard_data))
|
||||
{
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
<ul id="error_message_box" class="error_message_box"></ul>
|
||||
|
||||
<?php echo form_open('giftcards/save/'.$giftcard_info->giftcard_id, array('id'=>'giftcard_form', 'class'=>'form-horizontal')); ?>
|
||||
<?php echo form_open('giftcards/save/'.$giftcard_id, array('id'=>'giftcard_form', 'class'=>'form-horizontal')); ?>
|
||||
<fieldset id="giftcard_basic_info">
|
||||
<div class="form-group form-group-sm">
|
||||
<?php echo form_label($this->lang->line('giftcards_person_id'), 'name', array('class'=>'control-label col-xs-3')); ?>
|
||||
@@ -40,7 +40,7 @@
|
||||
'name'=>'value',
|
||||
'id'=>'value',
|
||||
'class'=>'form-control input-sm',
|
||||
'value'=>to_currency_no_money($giftcard_info->value))
|
||||
'value'=>to_currency_no_money($giftcard_value))
|
||||
);?>
|
||||
<?php if ($this->config->item('currency_side')): ?>
|
||||
<span class="input-group-addon input-sm"><b><?php echo $this->config->item('currency_symbol'); ?></b></span>
|
||||
|
||||
Reference in New Issue
Block a user