mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-24 16:28:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Controller class hierarchy refactoring, made xss_clean part of base Secure_Controller class (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-06-08 18:13:34 +01:00
parent 5cf23f2bd3
commit 336e10d445
20 changed files with 323 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
application/controllers/Config.php
View File

@@ -1,9 +1,10 @@
<?php
require_once ("Secure_area.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Config extends Secure_area
require_once("Secure_Controller.php");
class Config extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('config');
@@ -16,7 +17,7 @@ class Config extends Secure_area
$data['support_barcode'] = $this->barcode_lib->get_list_barcodes();
$data['logo_exists'] = $this->Appconfig->get('company_logo') != '';
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view("configs/manage", $data);
}
@@ -39,7 +40,7 @@ class Config extends Secure_area
if (!empty($upload_data['orig_name']))
{
// XSS file image sanity check
if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext'];
}
@@ -126,7 +127,7 @@ class Config extends Secure_area
{
$stock_locations = $this->Stock_location->get_all()->result_array();
$stock_locations = $this->security->xss_clean($stock_locations);
$stock_locations = $this->xss_clean($stock_locations);
$this->load->view('partial/stock_locations', array('stock_locations' => $stock_locations));
}

31
application/controllers/Customers.php
View File

@@ -1,9 +1,10 @@
<?php
require_once ("Person_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Customers extends Person_controller
require_once("Persons.php");
class Customers extends Persons
{
function __construct()
public function __construct()
{
parent::__construct('customers');
}
@@ -13,7 +14,7 @@ class Customers extends Person_controller
$data['controller_name'] = $this->get_controller_name();
$data['table_headers'] = get_people_manage_table_headers();
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view('people/manage', $data);
}
@@ -38,7 +39,7 @@ class Customers extends Person_controller
$data_rows[] = get_person_data_row($person, $this);
}
$data_rows = $this->security->xss_clean($data_rows);
$data_rows = $this->xss_clean($data_rows);
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
@@ -48,14 +49,14 @@ class Customers extends Person_controller
*/
public function suggest()
{
$suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->get('term'), TRUE));
$suggestions = $this->xss_clean($this->Customer->get_search_suggestions($this->input->get('term'), TRUE));
echo json_encode($suggestions);
}
public function suggest_search()
{
$suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->post('term'), FALSE));
$suggestions = $this->xss_clean($this->Customer->get_search_suggestions($this->input->post('term'), FALSE));
echo json_encode($suggestions);
}
@@ -68,11 +69,11 @@ class Customers extends Person_controller
$info = $this->Customer->get_info($customer_id);
foreach(get_object_vars($info) as $property => $value)
{
$info->$property = $this->security->xss_clean($value);
$info->$property = $this->xss_clean($value);
}
$data['person_info'] = $info;
$data['total'] = $this->security->xss_clean($this->Customer->get_totals($customer_id)->total);
$data['total'] = $this->xss_clean($this->Customer->get_totals($customer_id)->total);
$this->load->view("customers/form", $data);
}
@@ -105,8 +106,8 @@ class Customers extends Person_controller
if($this->Customer->save_customer($person_data, $customer_data, $customer_id))
{
$person_data = $this->security->xss_clean($person_data);
$customer_data = $this->security->xss_clean($customer_data);
$person_data = $this->xss_clean($person_data);
$customer_data = $this->xss_clean($customer_data);
//New customer
if($customer_id == -1)
@@ -122,7 +123,7 @@ class Customers extends Person_controller
}
else//failure
{
$person_data = $this->security->xss_clean($person_data);
$person_data = $this->xss_clean($person_data);
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('customers_error_adding_updating').' '.
$person_data['first_name'].' '.$person_data['last_name'], 'id' => -1));
@@ -141,7 +142,7 @@ class Customers extends Person_controller
*/
public function delete()
{
$customers_to_delete = $this->security->xss_clean($this->input->post('ids'));
$customers_to_delete = $this->xss_clean($this->input->post('ids'));
if($this->Customer->delete_list($customers_to_delete))
{
@@ -188,7 +189,7 @@ class Customers extends Person_controller
while(($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$person_data = array(
'first_name' => $data[0],

35
application/controllers/Employees.php
View File

@@ -1,9 +1,10 @@
<?php
require_once ("Person_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Employees extends Person_controller
require_once("Persons.php");
class Employees extends Persons
{
function __construct()
public function __construct()
{
parent::__construct('employees');
}
@@ -13,7 +14,7 @@ class Employees extends Person_controller
$data['controller_name'] = $this->get_controller_name();
$data['table_headers'] = get_people_manage_table_headers();
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view('people/manage', $data);
}
@@ -38,7 +39,7 @@ class Employees extends Person_controller
$data_rows[] = get_person_data_row($person, $this);
}
$data_rows = $this->security->xss_clean($data_rows);
$data_rows = $this->xss_clean($data_rows);
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
@@ -48,7 +49,7 @@ class Employees extends Person_controller
*/
public function suggest_search()
{
$suggestions = $this->security->xss_clean($this->Employee->get_search_suggestions($this->input->post('term')));
$suggestions = $this->xss_clean($this->Employee->get_search_suggestions($this->input->post('term')));
echo json_encode($suggestions);
}
@@ -61,15 +62,15 @@ class Employees extends Person_controller
$person_info = $this->Employee->get_info($employee_id);
foreach(get_object_vars($person_info) as $property => $value)
{
$person_info->$property = $this->security->xss_clean($value);
$person_info->$property = $this->xss_clean($value);
}
$data['person_info'] = $person_info;
$modules = array();
foreach($this->Module->get_all_modules()->result() as $module)
{
$module->module_id = $this->security->xss_clean($module->module_id);
$module->grant = $this->security->xss_clean($this->Employee->has_grant($module->module_id, $person_info->person_id));
$module->module_id = $this->xss_clean($module->module_id);
$module->grant = $this->xss_clean($this->Employee->has_grant($module->module_id, $person_info->person_id));
$modules[] = $module;
}
@@ -78,9 +79,9 @@ class Employees extends Person_controller
$permissions = array();
foreach($this->Module->get_all_subpermissions()->result() as $permission)
{
$permission->module_id = $this->security->xss_clean($permission->module_id);
$permission->permission_id = $this->security->xss_clean($permission->permission_id);
$permission->grant = $this->security->xss_clean($this->Employee->has_grant($permission->permission_id, $person_info->person_id));
$permission->module_id = $this->xss_clean($permission->module_id);
$permission->permission_id = $this->xss_clean($permission->permission_id);
$permission->grant = $this->xss_clean($this->Employee->has_grant($permission->permission_id, $person_info->person_id));
$permissions[] = $permission;
}
@@ -125,8 +126,8 @@ class Employees extends Person_controller
if($this->Employee->save_employee($person_data, $employee_data, $grants_data, $employee_id))
{
$person_data = $this->security->xss_clean($person_data);
$employee_data = $this->security->xss_clean($employee_data);
$person_data = $this->xss_clean($person_data);
$employee_data = $this->xss_clean($employee_data);
//New employee
if($employee_id == -1)
@@ -142,7 +143,7 @@ class Employees extends Person_controller
}
else//failure
{
$person_data = $this->security->xss_clean($person_data);
$person_data = $this->xss_clean($person_data);
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_error_adding_updating').' '.
$person_data['first_name'].' '.$person_data['last_name'], 'id' => -1));
@@ -154,7 +155,7 @@ class Employees extends Person_controller
*/
public function delete()
{
$employees_to_delete = $this->security->xss_clean($this->input->post('ids'));
$employees_to_delete = $this->xss_clean($this->input->post('ids'));
if($this->Employee->delete_list($employees_to_delete))
{

28
application/controllers/Giftcards.php
View File

@@ -1,20 +1,20 @@
<?php
require_once ("Secure_area.php");
require_once ("interfaces/Idata_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Giftcards extends Secure_area implements iData_controller
require_once("Secure_Controller.php");
class Giftcards extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('giftcards');
}
public function index($limit_from = 0)
public function index()
{
$data['controller_name'] = $this->get_controller_name();
$data['table_headers'] = get_giftcards_manage_table_headers();
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view('giftcards/manage', $data);
}
@@ -39,7 +39,7 @@ class Giftcards extends Secure_area implements iData_controller
$data_rows[] = get_giftcard_data_row($giftcard, $this);
}
$data_rows = $this->security->xss_clean($data_rows);
$data_rows = $this->xss_clean($data_rows);
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
@@ -49,14 +49,14 @@ class Giftcards extends Secure_area implements iData_controller
*/
public function suggest_search()
{
$suggestions = $this->security->xss_clean($this->Giftcard->get_search_suggestions($this->input->post('term')));
$suggestions = $this->xss_clean($this->Giftcard->get_search_suggestions($this->input->post('term')));
echo json_encode($suggestions);
}
public function get_row($row_id)
{
$data_row = $this->security->xss_clean(get_giftcard_data_row($this->Giftcard->get_info($row_id), $this));
$data_row = $this->xss_clean(get_giftcard_data_row($this->Giftcard->get_info($row_id), $this));
echo json_encode($data_row);
}
@@ -71,7 +71,7 @@ class Giftcards extends Secure_area implements iData_controller
$data['giftcard_id'] = $giftcard_id;
$data['giftcard_value'] = $giftcard_info->value;
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view("giftcards/form", $data);
}
@@ -87,7 +87,7 @@ class Giftcards extends Secure_area implements iData_controller
if($this->Giftcard->save($giftcard_data, $giftcard_id))
{
$giftcard_data = $this->security->xss_clean($giftcard_data);
$giftcard_data = $this->xss_clean($giftcard_data);
//New giftcard
if($giftcard_id == -1)
@@ -103,7 +103,7 @@ class Giftcards extends Secure_area implements iData_controller
}
else //failure
{
$giftcard_data = $this->security->xss_clean($giftcard_data);
$giftcard_data = $this->xss_clean($giftcard_data);
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('giftcards_error_adding_updating').' '.
$giftcard_data['giftcard_number'], 'id' => -1));
@@ -112,7 +112,7 @@ class Giftcards extends Secure_area implements iData_controller
public function delete()
{
$giftcards_to_delete = $this->security->xss_clean($this->input->post('ids'));
$giftcards_to_delete = $this->xss_clean($this->input->post('ids'));
if($this->Giftcard->delete_list($giftcards_to_delete))
{

11
application/controllers/Home.php
View File

@@ -1,16 +1,17 @@
<?php
require_once ("Secure_area.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Home extends Secure_area
require_once("Secure_Controller.php");
class Home extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct();
}
public function index()
{
$this->load->view("home");
$this->load->view('home');
}
public function logout()

32
application/controllers/Item_kits.php
View File

@@ -1,10 +1,10 @@
<?php
require_once ("Secure_area.php");
require_once ("interfaces/Idata_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Item_kits extends Secure_area implements iData_controller
require_once("Secure_Controller.php");
class Item_kits extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('item_kits');
}
@@ -20,7 +20,7 @@ class Item_kits extends Secure_area implements iData_controller
$item_info = $this->Item->get_info($item_kit_item['item_id']);
foreach(get_object_vars($item_info) as $property => $value)
{
$item_info->$property = $this->security->xss_clean($value);
$item_info->$property = $this->xss_clean($value);
}
$item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];
@@ -35,7 +35,7 @@ class Item_kits extends Secure_area implements iData_controller
$data['controller_name'] = $this->get_controller_name();
$data['table_headers'] = get_item_kits_manage_table_headers();
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view('item_kits/manage', $data);
}
@@ -62,14 +62,14 @@ class Item_kits extends Secure_area implements iData_controller
$data_rows[] = get_item_kit_data_row($item_kit, $this);
}
$data_rows = $this->security->xss_clean($data_rows);
$data_rows = $this->xss_clean($data_rows);
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
public function suggest_search()
{
$suggestions = $this->security->xss_clean($this->Item_kit->get_search_suggestions($this->input->post('term')));
$suggestions = $this->xss_clean($this->Item_kit->get_search_suggestions($this->input->post('term')));
echo json_encode($suggestions);
}
@@ -87,16 +87,16 @@ class Item_kits extends Secure_area implements iData_controller
$info = $this->Item_kit->get_info($item_kit_id);
foreach(get_object_vars($info) as $property => $value)
{
$info->$property = $this->security->xss_clean($value);
$info->$property = $this->xss_clean($value);
}
$data['item_kit_info'] = $info;
$items = array();
foreach($this->Item_kit_items->get_info($item_kit_id) as $item_kit_item)
{
$item['name'] = $this->security->xss_clean($this->Item->get_info($item_kit_item['item_id'])->name);
$item['item_id'] = $this->security->xss_clean($item_kit_item['item_id']);
$item['quantity'] = $this->security->xss_clean($item_kit_item['quantity']);
$item['name'] = $this->xss_clean($this->Item->get_info($item_kit_item['item_id'])->name);
$item['item_id'] = $this->xss_clean($item_kit_item['item_id']);
$item['quantity'] = $this->xss_clean($item_kit_item['quantity']);
$items[] = $item;
}
@@ -135,14 +135,14 @@ class Item_kits extends Secure_area implements iData_controller
$success = $this->Item_kit_items->save($item_kit_items, $item_kit_id);
}
$item_kit_data = $this->security->xss_clean($item_kit_data);
$item_kit_data = $this->xss_clean($item_kit_data);
echo json_encode(array('success' => $success,
'message' => $this->lang->line('item_kits_successful_adding').' '.$item_kit_data['name'], 'id' => $item_kit_id));
}
else//failure
{
$item_kit_data = $this->security->xss_clean($item_kit_data);
$item_kit_data = $this->xss_clean($item_kit_data);
echo json_encode(array('success' => FALSE,
'message' => $this->lang->line('item_kits_error_adding_updating').' '.$item_kit_data['name'], 'id' => -1));
@@ -151,7 +151,7 @@ class Item_kits extends Secure_area implements iData_controller
public function delete()
{
$item_kits_to_delete = $this->security->xss_clean($this->input->post('ids'));
$item_kits_to_delete = $this->xss_clean($this->input->post('ids'));
if($this->Item_kit->delete_list($item_kits_to_delete))
{

13
application/controllers/Items.php
View File

@@ -1,12 +1,13 @@
<?php
require_once ("Secure_area.php");
require_once ("interfaces/Idata_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Items extends Secure_area implements iData_controller
require_once("Secure_Controller.php");
class Items extends Secure_Controller
{
function __construct()
{
parent::__construct('items');
$this->load->library('item_lib');
}
@@ -332,7 +333,7 @@ class Items extends Secure_area implements iData_controller
if (!empty($upload_data['orig_name']))
{
// XSS file image sanity check
if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$item_data['pic_id'] = $upload_data['raw_name'];
}
@@ -578,7 +579,7 @@ class Items extends Secure_area implements iData_controller
while (($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
if (sizeof($data) >= 23)
{

5
application/controllers/Login.php
View File

@@ -1,7 +1,8 @@
<?php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller
{
function __construct()
public function __construct()
{
parent::__construct();
}

17
application/controllers/Messages.php
View File

@@ -1,9 +1,10 @@
<?php
require_once ("Secure_area.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Messages extends Secure_area
require_once("Secure_Controller.php");
class Messages extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('messages');
}
@@ -18,7 +19,7 @@ class Messages extends Secure_area
$info = $this->Person->get_info($person_id);
foreach(get_object_vars($info) as $property => $value)
{
$info->$property = $this->security->xss_clean($value);
$info->$property = $this->xss_clean($value);
}
$data['person_info'] = $info;
@@ -35,7 +36,7 @@ class Messages extends Secure_area
$response = $this->sms->sendSMS($username, $password, $phone, $message, $originator);
$phone = $this->security->xss_clean($phone);
$phone = $this->xss_clean($phone);
if($response)
{
@@ -57,8 +58,8 @@ class Messages extends Secure_area
$response = $this->sms->sendSMS($username, $password, $phone, $message, $originator);
$phone = $this->security->xss_clean($phone);
$person_id = $this->security->xss_clean($person_id);
$phone = $this->xss_clean($phone);
$person_id = $this->xss_clean($person_id);
if($response)
{

5
application/controllers/No_access.php
View File

@@ -1,7 +1,8 @@
<?php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class No_Access extends CI_Controller
{
function __construct()
public function __construct()
{
parent::__construct();
}

31
application/controllers/Person_controller.php
View File

@@ -1,31 +0,0 @@
<?php
require_once ("Secure_area.php");
abstract class Person_controller extends Secure_area
{
function __construct($module_id = NULL)
{
parent::__construct($module_id);
}
/*
Gives search suggestions based on what is being searched for
*/
public function suggest()
{
$suggestions = $this->security->xss_clean($this->Person->get_search_suggestions($this->input->post('term')));
echo json_encode($suggestions);
}
/*
Gets one row for a person manage table. This is called using AJAX to update one row.
*/
public function get_row($row_id)
{
$data_row = $this->security->xss_clean(get_person_data_row($this->Person->get_info($row_id), $this));
echo json_encode($data_row);
}
}
?>

32
application/controllers/Persons.php Normal file
View File

@@ -0,0 +1,32 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
require_once("Secure_Controller.php");
abstract class Persons extends Secure_Controller
{
public function __construct($module_id = NULL)
{
parent::__construct($module_id);
}
/*
Gives search suggestions based on what is being searched for
*/
public function suggest()
{
$suggestions = $this->xss_clean($this->Person->get_search_suggestions($this->input->post('term')));
echo json_encode($suggestions);
}
/*
Gets one row for a person manage table. This is called using AJAX to update one row.
*/
public function get_row($row_id)
{
$data_row = $this->xss_clean(get_person_data_row($this->Person->get_info($row_id), $this));
echo json_encode($data_row);
}
}
?>

11
application/controllers/Receivings.php
View File

@@ -1,10 +1,13 @@
<?php
require_once ("Secure_area.php");
class Receivings extends Secure_area
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
require_once("Secure_Controller.php");
class Receivings extends Secure_Controller
{
function __construct()
{
parent::__construct('receivings');
$this->load->library('receiving_lib');
$this->load->library('barcode_lib');
}
@@ -360,7 +363,7 @@ class Receivings extends Secure_area
$this->load->view("receivings/receiving",$data);
}
function save($receiving_id)
function save($receiving_id = -1)
{
$date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date'));

198
application/controllers/Reports.php
View File

@@ -1,22 +1,26 @@
<?php
require_once ("Secure_area.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Reports extends Secure_area
require_once("Secure_Controller.php");
class Reports extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('reports');
$method_name = $this->uri->segment(2);
$exploder = explode('_', $method_name);
preg_match("/(?:inventory)|([^_.]*)(?:_graph|_row)?$/", $method_name, $matches);
preg_match("/^(.*?)([sy])?$/", array_pop($matches), $matches);
$submodule_id = $matches[1] . ((count($matches) > 2) ? $matches[2] : "s");
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
// check access to report submodule
if (sizeof($exploder) > 1 && !$this->Employee->has_grant('reports_' . $submodule_id, $employee_id))
if(sizeof($exploder) > 1)
{
redirect('no_access/reports/reports_' . $submodule_id);
preg_match("/(?:inventory)|([^_.]*)(?:_graph|_row)?$/", $method_name, $matches);
preg_match("/^(.*?)([sy])?$/", array_pop($matches), $matches);
$submodule_id = $matches[1] . ((count($matches) > 2) ? $matches[2] : "s");
// check access to report submodule
if(!$this->Employee->has_grant('reports_' . $submodule_id, $this->Employee->get_logged_in_employee_info()->person_id))
{
redirect('no_access/reports/reports_' . $submodule_id);
}
}
$this->load->helper('report');
@@ -28,7 +32,7 @@ class Reports extends Secure_area
$data = array();
$data['grants'] = $this->Employee->get_employee_grants($this->session->userdata('person_id'));
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view("reports/listing", $data);
}
@@ -40,7 +44,7 @@ class Reports extends Secure_area
$report_data = $model->getDataBySaleId($sale_id);
$summary_data = $this->security->xss_clean(array(
$summary_data = $this->xss_clean(array(
'sale_id' => $report_data['sale_id'],
'sale_date' => $report_data['sale_date'],
'quantity' => to_quantity_decimals($report_data['items_purchased']),
@@ -68,7 +72,7 @@ class Reports extends Secure_area
$report_data = $model->getDataByReceivingId($receiving_id);
$summary_data = $this->security->xss_clean(array(
$summary_data = $this->xss_clean(array(
'receiving_id' => $report_data['receiving_id'],
'receiving_date' => $report_data['receiving_date'],
'quantity' => to_quantity_decimals($report_data['items_purchased']),
@@ -85,10 +89,10 @@ class Reports extends Secure_area
if($this->config->item('invoice_enable') == TRUE)
{
$summary_data[]['invoice_number'] = $this->security->xss_clean($report_data['invoice_number']);
$summary_data[]['invoice_number'] = $this->xss_clean($report_data['invoice_number']);
}
$summary_data[] = $this->security->xss_clean($report_data['comment']);
$summary_data[] = $this->xss_clean($report_data['comment']);
echo json_encode(array($receiving_id => $summary_data));
}
@@ -104,7 +108,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['sale_date'],
$tabular_data[] = $this->xss_clean(array($row['sale_date'],
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -117,9 +121,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_sales_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -136,7 +140,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['category'],
$tabular_data[] = $this->xss_clean(array($row['category'],
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -149,9 +153,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_categories_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -168,7 +172,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['customer'],
$tabular_data[] = $this->xss_clean(array($row['customer'],
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -181,9 +185,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_customers_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -200,7 +204,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['supplier'],
$tabular_data[] = $this->xss_clean(array($row['supplier'],
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -213,9 +217,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_suppliers_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -232,7 +236,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array(character_limiter($row['name'], 50),
$tabular_data[] = $this->xss_clean(array(character_limiter($row['name'], 50),
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -245,9 +249,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_items_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -264,7 +268,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['employee'],
$tabular_data[] = $this->xss_clean(array($row['employee'],
to_quantity_decimals($row['quantity_purchased']),
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -277,9 +281,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_employees_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -296,7 +300,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['percent'],
$tabular_data[] = $this->xss_clean(array($row['percent'],
$row['count'],
to_currency($row['subtotal']),
to_currency($row['total']),
@@ -307,9 +311,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_taxes_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -326,7 +330,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['discount_percent'],
$tabular_data[] = $this->xss_clean(array($row['discount_percent'],
$row['count']
));
}
@@ -334,9 +338,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_discounts_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -353,7 +357,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = $this->security->xss_clean(array($row['payment_type'],
$tabular_data[] = $this->xss_clean(array($row['payment_type'],
$row['count'],
to_currency($row['payment_amount'])
));
@@ -362,9 +366,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_payments_summary_report'),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
"summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular", $data);
@@ -383,7 +387,7 @@ class Reports extends Secure_area
public function date_input_sales()
{
$data = array();
$stock_locations = $data = $this->security->xss_clean($this->Stock_location->get_allowed_locations('sales'));
$stock_locations = $data = $this->xss_clean($this->Stock_location->get_allowed_locations('sales'));
$stock_locations['all'] = $this->lang->line('reports_all');
$data['stock_locations'] = array_reverse($stock_locations, TRUE);
$data['mode'] = 'sale';
@@ -394,7 +398,7 @@ class Reports extends Secure_area
public function date_input_recv()
{
$data = array();
$stock_locations = $data = $this->security->xss_clean($this->Stock_location->get_allowed_locations('receivings'));
$stock_locations = $data = $this->xss_clean($this->Stock_location->get_allowed_locations('receivings'));
$stock_locations['all'] = $this->lang->line('reports_all');
$data['stock_locations'] = array_reverse($stock_locations, TRUE);
$data['mode'] = 'receiving';
@@ -414,7 +418,7 @@ class Reports extends Secure_area
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$date = date($this->config->item('dateformat'), strtotime($row['sale_date']));
$labels[] = $date;
@@ -427,7 +431,7 @@ class Reports extends Secure_area
"chart_type" => "reports/graphs/line",
"labels_1" => $labels,
"series_data_1" => $series,
"summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"yaxis_title" => $this->lang->line('reports_revenue'),
"xaxis_title" => $this->lang->line('reports_date'),
"show_currency" => TRUE
@@ -448,7 +452,7 @@ class Reports extends Secure_area
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['name'];
$series[] = $row['total'];
@@ -460,7 +464,7 @@ class Reports extends Secure_area
"chart_type" => "reports/graphs/hbar",
"labels_1" => $labels,
"series_data_1" => $series,
"summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"yaxis_title" => $this->lang->line('reports_items'),
"xaxis_title" => $this->lang->line('reports_revenue'),
"show_currency" => TRUE
@@ -476,13 +480,13 @@ class Reports extends Secure_area
$model = $this->Summary_categories;
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type));
$summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$labels = array();
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['category'];
$series[] = array('meta' => $row['category'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']);
@@ -508,13 +512,13 @@ class Reports extends Secure_area
$model = $this->Summary_suppliers;
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type));
$summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$labels = array();
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['supplier'];
$series[] = array('meta' => $row['supplier'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']);
@@ -540,13 +544,13 @@ class Reports extends Secure_area
$model = $this->Summary_employees;
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type));
$summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$labels = array();
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['employee'];
$series[] = array('meta' => $row['employee'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']);
@@ -572,13 +576,13 @@ class Reports extends Secure_area
$model = $this->Summary_taxes;
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type));
$summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$labels = array();
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['percent'];
$series[] = array('meta' => $row['percent'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']);
@@ -609,7 +613,7 @@ class Reports extends Secure_area
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['customer'];
$series[] = $row['total'];
@@ -621,7 +625,7 @@ class Reports extends Secure_area
"chart_type" => "reports/graphs/hbar",
"labels_1" => $labels,
"series_data_1" => $series,
"summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"yaxis_title" => $this->lang->line('reports_customers'),
"xaxis_title" => $this->lang->line('reports_revenue'),
"show_currency" => TRUE
@@ -642,7 +646,7 @@ class Reports extends Secure_area
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['discount_percent'];
$series[] = $row['count'];
@@ -654,7 +658,7 @@ class Reports extends Secure_area
"chart_type" => "reports/graphs/bar",
"labels_1" => $labels,
"series_data_1" => $series,
"summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))),
"yaxis_title" => $this->lang->line('reports_count'),
"xaxis_title" => $this->lang->line('reports_discount_percent'),
"show_currency" => FALSE
@@ -670,13 +674,13 @@ class Reports extends Secure_area
$model = $this->Summary_payments;
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type));
$summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)));
$labels = array();
$series = array();
foreach($report_data as $row)
{
$row = $this->security->xss_clean($row);
$row = $this->xss_clean($row);
$labels[] = $row['payment_type'];
$series[] = array('meta' => $row['payment_type'] . ' ' . round($row['payment_amount'] / $summary['total'] * 100, 2) . '%', 'value' => $row['payment_amount']);
@@ -703,7 +707,7 @@ class Reports extends Secure_area
$customers = array();
foreach($this->Customer->get_all()->result() as $customer)
{
$customers[$customer->person_id] = $this->security->xss_clean($customer->first_name . ' ' . $customer->last_name);
$customers[$customer->person_id] = $this->xss_clean($customer->first_name . ' ' . $customer->last_name);
}
$data['specific_input_data'] = $customers;
@@ -715,7 +719,7 @@ class Reports extends Secure_area
$this->load->model('reports/Specific_customer');
$model = $this->Specific_customer;
$headers = $this->security->xss_clean($model->getDataColumns());
$headers = $this->xss_clean($model->getDataColumns());
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type));
$summary_data = array();
@@ -723,22 +727,22 @@ class Reports extends Secure_area
foreach($report_data['summary'] as $key => $row)
{
$summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['employee_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment']));
$summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['employee_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment']));
foreach($report_data['details'][$key] as $drow)
{
$details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
$details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
}
}
$customer_info = $this->Customer->get_info($customer_id);
$data = array(
"title" => $this->security->xss_clean($customer_info->first_name . ' ' . $customer_info->last_name . ' ' . $this->lang->line('reports_report')),
"title" => $this->xss_clean($customer_info->first_name . ' ' . $customer_info->last_name . ' ' . $this->lang->line('reports_report')),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $headers,
"summary_data" => $summary_data,
"details_data" => $details_data,
"overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type)))
"overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular_details", $data);
@@ -752,7 +756,7 @@ class Reports extends Secure_area
$employees = array();
foreach($this->Employee->get_all()->result() as $employee)
{
$employees[$employee->person_id] = $this->security->xss_clean($employee->first_name . ' ' . $employee->last_name);
$employees[$employee->person_id] = $this->xss_clean($employee->first_name . ' ' . $employee->last_name);
}
$data['specific_input_data'] = $employees;
@@ -764,7 +768,7 @@ class Reports extends Secure_area
$this->load->model('reports/Specific_employee');
$model = $this->Specific_employee;
$headers = $this->security->xss_clean($model->getDataColumns());
$headers = $this->xss_clean($model->getDataColumns());
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'employee_id' => $employee_id, 'sale_type' => $sale_type));
$summary_data = array();
@@ -772,22 +776,22 @@ class Reports extends Secure_area
foreach($report_data['summary'] as $key => $row)
{
$summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment']));
$summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment']));
foreach($report_data['details'][$key] as $drow)
{
$details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
$details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
}
}
$employee_info = $this->Employee->get_info($employee_id);
$data = array(
"title" => $this->security->xss_clean($employee_info->first_name . ' ' . $employee_info->last_name . ' ' . $this->lang->line('reports_report')),
"title" => $this->xss_clean($employee_info->first_name . ' ' . $employee_info->last_name . ' ' . $this->lang->line('reports_report')),
"subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)),
"headers" => $headers,
"summary_data" => $summary_data,
"details_data" => $details_data,
"overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'employee_id' => $employee_id, 'sale_type' => $sale_type)))
"overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'employee_id' => $employee_id, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular_details", $data);
@@ -805,7 +809,7 @@ class Reports extends Secure_area
}
$data['specific_input_data'] = $discounts;
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view("reports/specific_input", $data);
}
@@ -815,7 +819,7 @@ class Reports extends Secure_area
$this->load->model('reports/Specific_discount');
$model = $this->Specific_discount;
$headers = $this->security->xss_clean($model->getDataColumns());
$headers = $this->xss_clean($model->getDataColumns());
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'discount' => $discount, 'sale_type' => $sale_type));
$summary_data = array();
@@ -823,11 +827,11 @@ class Reports extends Secure_area
foreach($report_data['summary'] as $key => $row)
{
$summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']),/*to_currency($row['profit']),*/ $row['payment_type'], $row['comment']));
$summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']),/*to_currency($row['profit']),*/ $row['payment_type'], $row['comment']));
foreach($report_data['details'][$key] as $drow)
{
$details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']),/*to_currency($drow['profit']),*/ $drow['discount_percent'].'%'));
$details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']),/*to_currency($drow['profit']),*/ $drow['discount_percent'].'%'));
}
}
@@ -837,7 +841,7 @@ class Reports extends Secure_area
"headers" => $headers,
"summary_data" => $summary_data,
"details_data" => $details_data,
"overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'discount' => $discount, 'sale_type' => $sale_type)))
"overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'discount' => $discount, 'sale_type' => $sale_type)))
);
$this->load->view("reports/tabular_details", $data);
@@ -848,17 +852,17 @@ class Reports extends Secure_area
$this->load->model('reports/Detailed_sales');
$model = $this->Detailed_sales;
$headers = $this->security->xss_clean($model->getDataColumns());
$headers = $this->xss_clean($model->getDataColumns());
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id));
$summary_data = array();
$details_data = array();
$show_locations = $this->security->xss_clean($this->Stock_location->multiple_locations());
$show_locations = $this->xss_clean($this->Stock_location->multiple_locations());
foreach($report_data['summary'] as $key => $row)
{
$summary_data[] = $this->security->xss_clean(array(
$summary_data[] = $this->xss_clean(array(
'id' => $row['sale_id'],
'sale_date' => $row['sale_date'],
'quantity' => to_quantity_decimals($row['items_purchased']),
@@ -883,7 +887,7 @@ class Reports extends Secure_area
{
$quantity_purchased .= ' [' . $this->Stock_location->get_location_name($drow['item_location']) . ']';
}
$details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], $quantity_purchased, to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
$details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], $quantity_purchased, to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%'));
}
}
@@ -894,7 +898,7 @@ class Reports extends Secure_area
"editable" => 'sales',
"summary_data" => $summary_data,
"details_data" => $details_data,
"overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id)))
"overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id)))
);
$this->load->view("reports/tabular_details", $data);
@@ -905,17 +909,17 @@ class Reports extends Secure_area
$this->load->model('reports/Detailed_receivings');
$model = $this->Detailed_receivings;
$headers = $this->security->xss_clean($model->getDataColumns());
$headers = $this->xss_clean($model->getDataColumns());
$report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id));
$summary_data = array();
$details_data = array();
$show_locations = $this->security->xss_clean($this->Stock_location->multiple_locations());
$show_locations = $this->xss_clean($this->Stock_location->multiple_locations());
foreach($report_data['summary'] as $key => $row)
{
$summary_data[] = $this->security->xss_clean(array(
$summary_data[] = $this->xss_clean(array(
'id' => $row['receiving_id'],
'receiving_date' => $row['receiving_date'],
'quantity' => to_quantity_decimals($row['items_purchased']),
@@ -941,7 +945,7 @@ class Reports extends Secure_area
{
$quantity_purchased .= ' [' . $this->Stock_location->get_location_name($drow['item_location']) . ']';
}
$details_data[$row['receiving_id']][] = $this->security->xss_clean(array($drow['item_number'], $drow['name'], $drow['category'], $quantity_purchased, to_currency($drow['total']), $drow['discount_percent'].'%'));
$details_data[$row['receiving_id']][] = $this->xss_clean(array($drow['item_number'], $drow['name'], $drow['category'], $quantity_purchased, to_currency($drow['total']), $drow['discount_percent'].'%'));
}
}
@@ -952,7 +956,7 @@ class Reports extends Secure_area
"editable" => 'receivings',
"summary_data" => $summary_data,
"details_data" => $details_data,
"overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id)))
"overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id)))
);
$this->load->view("reports/tabular_details", $data);
@@ -968,7 +972,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = /*$this->security->xss_clean*/(array($row['name'],
$tabular_data[] = $this->xss_clean(array($row['name'],
$row['item_number'],
$row['description'],
to_quantity_decimals($row['quantity']),
@@ -980,9 +984,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_inventory_low_report'),
"subtitle" => '',
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData(array()))
"summary_data" => $this->xss_clean($model->getSummaryData(array()))
);
$this->load->view("reports/tabular", $data);
@@ -996,7 +1000,7 @@ class Reports extends Secure_area
$data = array();
$data['item_count'] = $model->getItemCountDropdownArray();
$stock_locations = $this->security->xss_clean($this->Stock_location->get_allowed_locations());
$stock_locations = $this->xss_clean($this->Stock_location->get_allowed_locations());
$stock_locations['all'] = $this->lang->line('reports_all');
$data['stock_locations'] = array_reverse($stock_locations, TRUE);
@@ -1013,7 +1017,7 @@ class Reports extends Secure_area
$tabular_data = array();
foreach($report_data as $row)
{
$tabular_data[] = /*$this->security->xss_clean*/(array($row['name'],
$tabular_data[] = $this->xss_clean(array($row['name'],
$row['item_number'],
$row['description'],
to_quantity_decimals($row['quantity']),
@@ -1028,9 +1032,9 @@ class Reports extends Secure_area
$data = array(
"title" => $this->lang->line('reports_inventory_summary_report'),
"subtitle" => '',
"headers" => $this->security->xss_clean($model->getDataColumns()),
"headers" => $this->xss_clean($model->getDataColumns()),
"data" => $tabular_data,
"summary_data" => $this->security->xss_clean($model->getSummaryData($report_data))
"summary_data" => $this->xss_clean($model->getSummaryData($report_data))
);
$this->load->view("reports/tabular", $data);

10
application/controllers/Sales.php
View File

@@ -1,11 +1,13 @@
<?php
require_once ("Secure_area.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Sales extends Secure_area
require_once("Secure_Controller.php");
class Sales extends Secure_Controller
{
function __construct()
{
parent::__construct('sales');
$this->load->library('sale_lib');
$this->load->library('barcode_lib');
}
@@ -614,7 +616,7 @@ class Sales extends Secure_area
}
}
function save($sale_id)
function save($sale_id = -1)
{
$newdate = $this->input->post('date');

63
application/controllers/Secure_Controller.php Normal file
View File

@@ -0,0 +1,63 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Secure_Controller extends CI_Controller
{
private $controller_name;
/*
* Controllers that are considered secure extend Secure_Controller, optionally a $module_id can
* be set to also check if a user can access a particular module in the system.
*/
public function __construct($module_id = NULL, $submodule_id = NULL)
{
parent::__construct();
$this->load->model('Employee');
$model = $this->Employee;
if(!$model->is_logged_in())
{
redirect('login');
}
$logged_in_employee_info = $model->get_logged_in_employee_info();
if(!$model->has_module_grant($module_id, $logged_in_employee_info->person_id) ||
(isset($submodule_id) && !$model->has_module_grant($submodule_id, $logged_in_employee_info->person_id)))
{
redirect('no_access/' . $module_id . '/' . $submodule_id);
}
//load up global data
$data['allowed_modules'] = $this->Module->get_allowed_modules($logged_in_employee_info->person_id);
$data['user_info'] = $logged_in_employee_info;
$data['controller_name'] = $module_id;
$this->controller_name = $module_id;
$this->load->vars($data);
}
/*
* Get the controller name stored at construction time
*/
protected function get_controller_name()
{
return strtolower($this->controller_name);
}
/*
* Internal method to do XSS clean in the derived classes
*/
protected function xss_clean($str, $is_image = FALSE)
{
return $this->security->xss_clean($str, $is_image);
}
// this is the basic set of methods most OSPOS Controllers will implement
public function index() { return FALSE; }
public function search() { return FALSE; }
public function suggest_search() { return FALSE; }
public function view($data_item_id = -1) { return FALSE; }
public function save($data_item_id = -1) { return FALSE; }
public function delete() { return FALSE; }
}
?>

47
application/controllers/Secure_area.php
View File

@@ -1,47 +0,0 @@
<?php
class Secure_area extends CI_Controller
{
private $controller_name;
/*
Controllers that are considered secure extend Secure_area, optionally a $module_id can
be set to also check if a user can access a particular module in the system.
*/
function __construct($module_id = null, $submodule_id = null)
{
parent::__construct();
$this->load->model('Employee');
if(!$this->Employee->is_logged_in())
{
redirect('login');
}
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
if(!$this->Employee->has_module_grant($module_id,$employee_id) ||
(isset($submodule_id) && !$this->Employee->has_module_grant($submodule_id,$employee_id)))
{
redirect('no_access/' . $module_id . '/' . $submodule_id);
}
//load up global data
$logged_in_employee_info = $this->Employee->get_logged_in_employee_info();
$data['allowed_modules'] = $this->Module->get_allowed_modules($logged_in_employee_info->person_id);
$data['backup_allowed'] = false;
foreach($data['allowed_modules']->result_array() as $module)
{
$data['backup_allowed'] |= $module['module_id'] === 'config';
}
$data['user_info'] = $logged_in_employee_info;
$data['controller_name'] = $module_id;
$this->controller_name = $module_id;
$this->load->vars($data);
}
public function get_controller_name()
{
return strtolower($this->controller_name);
}
}
?>

25
application/controllers/Suppliers.php
View File

@@ -1,9 +1,10 @@
<?php
require_once ("Person_controller.php");
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Suppliers extends Person_controller
require_once("Persons.php");
class Suppliers extends Persons
{
function __construct()
public function __construct()
{
parent::__construct('suppliers');
}
@@ -13,7 +14,7 @@ class Suppliers extends Person_controller
$data['controller_name'] = $this->get_controller_name();
$data['table_headers'] = get_suppliers_manage_table_headers();
$data = $this->security->xss_clean($data);
$data = $this->xss_clean($data);
$this->load->view('people/manage', $data);
}
@@ -38,7 +39,7 @@ class Suppliers extends Person_controller
$data_rows[] = get_supplier_data_row($supplier, $this);
}
$data_rows = $this->security->xss_clean($data_rows);
$data_rows = $this->xss_clean($data_rows);
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
@@ -48,14 +49,14 @@ class Suppliers extends Person_controller
*/
public function suggest()
{
$suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->get('term'), TRUE));
$suggestions = $this->xss_clean($this->Supplier->get_search_suggestions($this->input->get('term'), TRUE));
echo json_encode($suggestions);
}
public function suggest_search()
{
$suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->post('term'), FALSE));
$suggestions = $this->xss_clean($this->Supplier->get_search_suggestions($this->input->post('term'), FALSE));
echo json_encode($suggestions);
}
@@ -68,7 +69,7 @@ class Suppliers extends Person_controller
$info = $this->Supplier->get_info($supplier_id);
foreach(get_object_vars($info) as $property => $value)
{
$info->$property = $this->security->xss_clean($value);
$info->$property = $this->xss_clean($value);
}
$data['person_info'] = $info;
@@ -102,7 +103,7 @@ class Suppliers extends Person_controller
if($this->Supplier->save_supplier($person_data, $supplier_data, $supplier_id))
{
$supplier_data = $this->security->xss_clean($supplier_data);
$supplier_data = $this->xss_clean($supplier_data);
//New supplier
if($supplier_id == -1)
@@ -118,7 +119,7 @@ class Suppliers extends Person_controller
}
else//failure
{
$supplier_data = $this->security->xss_clean($supplier_data);
$supplier_data = $this->xss_clean($supplier_data);
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('suppliers_error_adding_updating').' '.
$supplier_data['company_name'], 'id' => -1));
@@ -130,7 +131,7 @@ class Suppliers extends Person_controller
*/
public function delete()
{
$suppliers_to_delete = $this->security->xss_clean($this->input->post('ids'));
$suppliers_to_delete = $this->xss_clean($this->input->post('ids'));
if($this->Supplier->delete_list($suppliers_to_delete))
{

14
application/controllers/interfaces/Idata_controller.php
View File

@@ -1,14 +0,0 @@
<?php
/*
This interface is implemented by any controller that keeps track of data items, such
as the customers, employees, and items controllers.
*/
interface iData_controller
{
public function index();
public function suggest_search();
public function view($data_item_id=-1);
public function save($data_item_id=-1);
public function delete();
}
?>

2
application/helpers/table_helper.php
View File

@@ -20,7 +20,7 @@ function get_sales_manage_table_headers()
$headers[] = array('invoice' => '&nbsp', 'sortable' => FALSE);
}
return transform_headers(array_merge($headers, array(array( 'receipt' => '&nbsp', 'sortable' => FALSE ))));
return transform_headers(array_merge($headers, array(array('receipt' => '&nbsp', 'sortable' => FALSE))));
}
/*