diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index 5ae81815b..793cb8817 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -89,19 +89,19 @@ class Items extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); - $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); - $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); - $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = $this->request->getGet('search'); + $limit = $this->request->getGet('limit'); + $offset = $this->request->getGet('offset'); + $sort = $this->request->getGet('sort'); + $order = $this->request->getGet('order'); - $this->item_lib->set_item_location($this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT)); + $this->item_lib->set_item_location($this->request->getGet('stock_location')); $definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS); $filters = [ - 'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), - 'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'start_date' => $this->request->getGet('start_date'), + 'end_date' => $this->request->getGet('end_date'), 'stock_location_id' => $this->item_lib->get_item_location(), 'empty_upc' => FALSE, 'low_inventory' => FALSE, @@ -114,7 +114,7 @@ class Items extends Secure_Controller ]; //Check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: filled up does not meet naming standards + $filledup = array_fill_keys($this->request->getGet('filters'), TRUE); //TODO: filled up does not meet naming standards $filters = array_merge($filters, $filledup); $items = $this->item->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->item->get_found_rows($search, $filters); @@ -182,28 +182,28 @@ class Items extends Secure_Controller 'is_deleted' => $this->request->getPost('is_deleted') !== NULL ]; - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $options, FALSE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), $options, FALSE); echo json_encode($suggestions); } public function suggest(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } public function suggest_low_sell(): void { - $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name')); echo json_encode($suggestions); } public function suggest_kits(): void { - $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term'), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } @@ -213,7 +213,7 @@ class Items extends Secure_Controller */ public function getSuggestCategory(): void { - $suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $suggestions = $this->item->get_category_suggestions($this->request->getGet('term')); echo json_encode($suggestions); } @@ -223,7 +223,7 @@ class Items extends Secure_Controller */ public function getSuggestLocation(): void { - $suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $suggestions = $this->item->get_location_suggestions($this->request->getGet('term')); echo json_encode($suggestions); } @@ -592,8 +592,8 @@ class Items extends Secure_Controller // $upload_file = $this->request->hasFile('image') ? $this->request->getFile('image') : null; //TODO: https://codeigniter4.github.io/userguide/incoming/incomingrequest.html#uploaded-files $upload_file = null; - $receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); - $item_type = $this->request->getPost('item_type') === NULL ? ITEM : $this->request->getPost('item_type', FILTER_SANITIZE_NUMBER_INT); + $receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity')); + $item_type = $this->request->getPost('item_type') === NULL ? ITEM : intval($this->request->getPost('item_type')); if($receiving_quantity === 0.0 && $item_type !== ITEM_TEMP) { @@ -604,24 +604,24 @@ class Items extends Secure_Controller //Save item data $item_data = [ - 'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), - 'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'name' => $this->request->getPost('name'), + 'description' => $this->request->getPost('description'), + 'category' => $this->request->getPost('category'), 'item_type' => $item_type, - 'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type', FILTER_SANITIZE_NUMBER_INT)), - 'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT)), - 'item_number' => empty($this->request->getPost('item_number')) ? NULL : $this->request->getPost('item_number', FILTER_SANITIZE_NUMBER_INT), - 'cost_price' => parse_decimals($this->request->getPost('cost_price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'unit_price' => parse_decimals($this->request->getPost('unit_price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'reorder_level' => parse_quantity($this->request->getPost('reorder_level', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), + 'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type')), + 'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id')), + 'item_number' => empty($this->request->getPost('item_number')) ? NULL : $this->request->getPost('item_number'), + 'cost_price' => parse_decimals($this->request->getPost('cost_price')), + 'unit_price' => parse_decimals($this->request->getPost('unit_price')), + 'reorder_level' => parse_quantity($this->request->getPost('reorder_level')), 'receiving_quantity' => $receiving_quantity, 'allow_alt_description' => $this->request->getPost('allow_alt_description') !== NULL, 'is_serialized' => $this->request->getPost('is_serialized') !== NULL, - 'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : $this->request->getPost('qty_per_pack', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), - 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), - 'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : $this->request->getPost('low_sell_item_id', FILTER_SANITIZE_NUMBER_INT), + 'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : parse_quantity($this->request->getPost('qty_per_pack')), + 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name'), + 'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : intval($this->request->getPost('low_sell_item_id')), 'deleted' => $this->request->getPost('is_deleted') !== NULL, - 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS) + 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code') ]; if($item_data['item_type'] == ITEM_TEMP) @@ -631,7 +631,7 @@ class Items extends Secure_Controller $item_data['reorder_level'] = 0; } - $tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); + $tax_category_id = intval($this->request->getPost('tax_category_id')); if(!isset($tax_category_id)) { @@ -639,7 +639,7 @@ class Items extends Secure_Controller } else { - $item_data['tax_category_id'] = empty($this->request->getPost('tax_category_id')) ? NULL : $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); + $item_data['tax_category_id'] = empty($this->request->getPost('tax_category_id')) ? NULL : intval($this->request->getPost('tax_category_id')); } if ($upload_file != NULL) @@ -673,8 +673,8 @@ class Items extends Secure_Controller if(!$use_destination_based_tax) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS); - $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT); + $tax_names = $this->request->getPost('tax_names'); + $tax_percents = $this->request->getPost('tax_percents'); $tax_name_index = 0; @@ -696,7 +696,7 @@ class Items extends Secure_Controller $stock_locations = $this->stock_location->get_undeleted_all()->getResultArray(); foreach($stock_locations as $location) { - $updated_quantity = parse_quantity($this->request->getPost('quantity_' . $location['location_id'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); + $updated_quantity = parse_quantity($this->request->getPost('quantity_' . $location['location_id'])); if($item_data['item_type'] == ITEM_TEMP) { @@ -730,7 +730,7 @@ class Items extends Secure_Controller // Save item attributes $attribute_links = $this->request->getPost('attribute_links') !== NULL ? $this->request->getPost('attribute_links') : []; - $attribute_ids = $this->request->getPost('attribute_ids', FILTER_SANITIZE_NUMBER_INT); + $attribute_ids = $this->request->getPost('attribute_ids'); $this->attribute->delete_link($item_id); @@ -815,7 +815,7 @@ class Items extends Secure_Controller */ public function postCheckItemNumber(): void { - $exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT)); + $exists = $this->item->item_number_exists($this->request->getPost('item_number'), $this->request->getPost('item_id')); echo !$exists ? 'true' : 'false'; } @@ -824,9 +824,9 @@ class Items extends Secure_Controller */ public function check_kit_exists(): void //TODO: This function appears to be never called in the code. Need to confirm. { - if($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) === NEW_ENTRY) + if($this->request->getPost('item_number') === NEW_ENTRY) { - $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. + $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name')); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. } else { @@ -850,14 +850,14 @@ class Items extends Secure_Controller { $employee_id = $this->employee->get_logged_in_employee_info()->person_id; $cur_item_info = $this->item->get_info($item_id); - $location_id = $this->request->getPost('stock_location', FILTER_SANITIZE_NUMBER_INT); + $location_id = $this->request->getPost('stock_location'); $inv_data = [ 'trans_date' => date('Y-m-d H:i:s'), 'trans_items' => $item_id, 'trans_user' => $employee_id, 'trans_location' => $location_id, - 'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), - 'trans_inventory' => parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) + 'trans_comment' => $this->request->getPost('trans_comment'), + 'trans_inventory' => parse_quantity($this->request->getPost('newquantity')) ]; $this->inventory->insert($inv_data); @@ -867,7 +867,7 @@ class Items extends Secure_Controller $item_quantity_data = [ 'item_id' => $item_id, 'location_id' => $location_id, - 'quantity' => $item_quantity->quantity + parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) + 'quantity' => $item_quantity->quantity + parse_quantity($this->request->getPost('newquantity')) ]; if($this->item_quantity->save_value($item_quantity_data, $item_id, $location_id)) @@ -886,7 +886,7 @@ class Items extends Secure_Controller public function bulk_update(): void { - $items_to_update = $this->request->getPost('item_ids', FILTER_SANITIZE_NUMBER_INT); + $items_to_update = $this->request->getPost('item_ids'); $item_data = []; foreach($_POST as $key => $value) @@ -906,8 +906,8 @@ class Items extends Secure_Controller if(empty($item_data) || $this->item->update_multiple($item_data, $items_to_update)) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS); - $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); + $tax_names = $this->request->getPost('tax_names'); + $tax_percents = $this->request->getPost('tax_percents'); $tax_updated = FALSE; foreach($tax_percents as $tax_percent) @@ -937,7 +937,7 @@ class Items extends Secure_Controller */ public function postDelete(): void { - $items_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT); + $items_to_delete = $this->request->getPost('ids'); if($this->item->delete_list($items_to_delete)) { diff --git a/app/Views/items/form.php b/app/Views/items/form.php index 5ca3277f5..612c4fc77 100644 --- a/app/Views/items/form.php +++ b/app/Views/items/form.php @@ -38,7 +38,7 @@ 'name' => 'item_number', 'id' => 'item_number', 'class' => 'form-control input-sm', - 'value' => esc($item_info->item_number) + 'value' => $item_info->item_number ]) ?> @@ -51,7 +51,7 @@ 'name' => 'name', 'id' => 'name', 'class' => 'form-control input-sm', - 'value' => esc($item_info->name) + 'value' => $item_info->name ]) ?> @@ -72,7 +72,7 @@ 'name' => 'category', 'id' => 'category', 'class' => 'form-control input-sm', - 'value' => esc($item_info->category) + 'value' => $item_info->category ]); } ?> @@ -263,7 +263,7 @@ 'name' => 'tax_names[]', 'id' => 'tax_name_2', 'class' => 'form-control input-sm', - 'value' => isset($item_tax_info[1]['name']) ? esc($item_tax_info[1]['name']) : esc($config['default_tax_2_name']) + 'value' => isset($item_tax_info[1]['name']) ? $item_tax_info[1]['name'] : $config['default_tax_2_name'] ]) ?>
@@ -292,7 +292,7 @@ 'id' => 'tax_category', 'class' => 'form-control input-sm', 'size' => '50', - 'value' => esc($tax_category) + 'value' => $tax_category ]) ?>
@@ -308,7 +308,7 @@ 'name' => 'hsn_code', 'id' => 'hsn_code', 'class' => 'form-control input-sm', - 'value' => esc($hsn_code) + 'value' => $hsn_code ]) ?> @@ -368,7 +368,7 @@ 'name' => 'description', 'id' => 'description', 'class' => 'form-control input-sm', - 'value' => esc($item_info->description) + 'value' => $item_info->description ]) ?> @@ -441,7 +441,7 @@ 'name' => 'pack_name', 'id' => 'pack_name', 'class' => 'form-control input-sm', - 'value' => esc($item_info->pack_name) + 'value' => $item_info->pack_name ]) ?> @@ -453,7 +453,7 @@ 'name' => 'low_sell_item_name', 'id' => 'low_sell_item_name', 'class' => 'form-control input-sm', - 'value' => esc($selected_low_sell_item) + 'value' => $selected_low_sell_item ]) ?>