mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-05-17 04:47:45 -04:00
fix(security): SQL injection and path traversal vulnerabilities (#4539)
Security fixes for two vulnerabilities:
1. SQL Injection in Summary Sales Taxes Report (GHSA-5j9m-2f98-cjqw)
- Fixed unsanitized user input concatenation in getData() method
- Applied proper escaping using $this->db->escape() for start_date/end_date
- Consistent with existing _where() method implementation
2. Path Traversal in Receipt Template (GHSA-h6wm-fhw2-m3q3)
- Added ALLOWED_RECEIPT_TEMPLATES whitelist constant
- Added isValidReceiptTemplate() validation method
- Validate receipt_template before saving in Config controller
- Validate receipt_template before rendering in receipt view
- Default to 'receipt_default' for invalid values
- Consistent with invoice_type fix pattern (commit 31d25e06d)
Affected files:
- app/Models/Reports/Summary_sales_taxes.php
- app/Libraries/Sale_lib.php
- app/Controllers/Config.php
- app/Views/sales/receipt.php
Co-authored-by: Ollama <ollama@steganos.dev>
This commit is contained in:
jekkos
@@ -924,7 +924,9 @@ class Config extends Secure_Controller
|
||||
public function postSaveReceipt(): ResponseInterface
|
||||
{
|
||||
$batch_save_data = [
|
||||
'receipt_template' => $this->request->getPost('receipt_template'),
|
||||
'receipt_template' => Sale_lib::isValidReceiptTemplate($this->request->getPost('receipt_template'))
|
||||
? $this->request->getPost('receipt_template')
|
||||
: 'receipt_default',
|
||||
'receipt_font_size' => $this->request->getPost('receipt_font_size', FILTER_SANITIZE_NUMBER_INT),
|
||||
'print_delay_autoreturn' => $this->request->getPost('print_delay_autoreturn', FILTER_SANITIZE_NUMBER_INT),
|
||||
'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour'),
|
||||
|
||||
Reference in New Issue
Block a user