From 336e10d445b6723bcc24e1623a15233197c08500 Mon Sep 17 00:00:00 2001 From: FrancescoUK Date: Wed, 8 Jun 2016 18:13:34 +0100 Subject: [PATCH] Controller class hierarchy refactoring, made xss_clean part of base Secure_Controller class (#39) --- application/controllers/Config.php | 15 +- application/controllers/Customers.php | 31 +-- application/controllers/Employees.php | 35 ++-- application/controllers/Giftcards.php | 28 +-- application/controllers/Home.php | 11 +- application/controllers/Item_kits.php | 32 +-- application/controllers/Items.php | 13 +- application/controllers/Login.php | 5 +- application/controllers/Messages.php | 17 +- application/controllers/No_access.php | 5 +- application/controllers/Person_controller.php | 31 --- application/controllers/Persons.php | 32 +++ application/controllers/Receivings.php | 11 +- application/controllers/Reports.php | 198 +++++++++--------- application/controllers/Sales.php | 10 +- application/controllers/Secure_Controller.php | 63 ++++++ application/controllers/Secure_area.php | 47 ----- application/controllers/Suppliers.php | 25 +-- .../interfaces/Idata_controller.php | 14 -- application/helpers/table_helper.php | 2 +- 20 files changed, 323 insertions(+), 302 deletions(-) delete mode 100644 application/controllers/Person_controller.php create mode 100644 application/controllers/Persons.php create mode 100644 application/controllers/Secure_Controller.php delete mode 100644 application/controllers/Secure_area.php delete mode 100644 application/controllers/interfaces/Idata_controller.php diff --git a/application/controllers/Config.php b/application/controllers/Config.php index 13e11cce1..acd5e82d6 100644 --- a/application/controllers/Config.php +++ b/application/controllers/Config.php @@ -1,9 +1,10 @@ -barcode_lib->get_list_barcodes(); $data['logo_exists'] = $this->Appconfig->get('company_logo') != ''; - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view("configs/manage", $data); } @@ -39,7 +40,7 @@ class Config extends Secure_area if (!empty($upload_data['orig_name'])) { // XSS file image sanity check - if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE) + if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE) { $batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext']; } @@ -126,7 +127,7 @@ class Config extends Secure_area { $stock_locations = $this->Stock_location->get_all()->result_array(); - $stock_locations = $this->security->xss_clean($stock_locations); + $stock_locations = $this->xss_clean($stock_locations); $this->load->view('partial/stock_locations', array('stock_locations' => $stock_locations)); } diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 282257c9b..ba47250d5 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -1,9 +1,10 @@ -get_controller_name(); $data['table_headers'] = get_people_manage_table_headers(); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view('people/manage', $data); } @@ -38,7 +39,7 @@ class Customers extends Person_controller $data_rows[] = get_person_data_row($person, $this); } - $data_rows = $this->security->xss_clean($data_rows); + $data_rows = $this->xss_clean($data_rows); echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } @@ -48,14 +49,14 @@ class Customers extends Person_controller */ public function suggest() { - $suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->get('term'), TRUE)); + $suggestions = $this->xss_clean($this->Customer->get_search_suggestions($this->input->get('term'), TRUE)); echo json_encode($suggestions); } public function suggest_search() { - $suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->post('term'), FALSE)); + $suggestions = $this->xss_clean($this->Customer->get_search_suggestions($this->input->post('term'), FALSE)); echo json_encode($suggestions); } @@ -68,11 +69,11 @@ class Customers extends Person_controller $info = $this->Customer->get_info($customer_id); foreach(get_object_vars($info) as $property => $value) { - $info->$property = $this->security->xss_clean($value); + $info->$property = $this->xss_clean($value); } $data['person_info'] = $info; - $data['total'] = $this->security->xss_clean($this->Customer->get_totals($customer_id)->total); + $data['total'] = $this->xss_clean($this->Customer->get_totals($customer_id)->total); $this->load->view("customers/form", $data); } @@ -105,8 +106,8 @@ class Customers extends Person_controller if($this->Customer->save_customer($person_data, $customer_data, $customer_id)) { - $person_data = $this->security->xss_clean($person_data); - $customer_data = $this->security->xss_clean($customer_data); + $person_data = $this->xss_clean($person_data); + $customer_data = $this->xss_clean($customer_data); //New customer if($customer_id == -1) @@ -122,7 +123,7 @@ class Customers extends Person_controller } else//failure { - $person_data = $this->security->xss_clean($person_data); + $person_data = $this->xss_clean($person_data); echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('customers_error_adding_updating').' '. $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); @@ -141,7 +142,7 @@ class Customers extends Person_controller */ public function delete() { - $customers_to_delete = $this->security->xss_clean($this->input->post('ids')); + $customers_to_delete = $this->xss_clean($this->input->post('ids')); if($this->Customer->delete_list($customers_to_delete)) { @@ -188,7 +189,7 @@ class Customers extends Person_controller while(($data = fgetcsv($handle)) !== FALSE) { // XSS file data sanity check - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $person_data = array( 'first_name' => $data[0], diff --git a/application/controllers/Employees.php b/application/controllers/Employees.php index c4f2fa205..a36e703ec 100644 --- a/application/controllers/Employees.php +++ b/application/controllers/Employees.php @@ -1,9 +1,10 @@ -get_controller_name(); $data['table_headers'] = get_people_manage_table_headers(); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view('people/manage', $data); } @@ -38,7 +39,7 @@ class Employees extends Person_controller $data_rows[] = get_person_data_row($person, $this); } - $data_rows = $this->security->xss_clean($data_rows); + $data_rows = $this->xss_clean($data_rows); echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } @@ -48,7 +49,7 @@ class Employees extends Person_controller */ public function suggest_search() { - $suggestions = $this->security->xss_clean($this->Employee->get_search_suggestions($this->input->post('term'))); + $suggestions = $this->xss_clean($this->Employee->get_search_suggestions($this->input->post('term'))); echo json_encode($suggestions); } @@ -61,15 +62,15 @@ class Employees extends Person_controller $person_info = $this->Employee->get_info($employee_id); foreach(get_object_vars($person_info) as $property => $value) { - $person_info->$property = $this->security->xss_clean($value); + $person_info->$property = $this->xss_clean($value); } $data['person_info'] = $person_info; $modules = array(); foreach($this->Module->get_all_modules()->result() as $module) { - $module->module_id = $this->security->xss_clean($module->module_id); - $module->grant = $this->security->xss_clean($this->Employee->has_grant($module->module_id, $person_info->person_id)); + $module->module_id = $this->xss_clean($module->module_id); + $module->grant = $this->xss_clean($this->Employee->has_grant($module->module_id, $person_info->person_id)); $modules[] = $module; } @@ -78,9 +79,9 @@ class Employees extends Person_controller $permissions = array(); foreach($this->Module->get_all_subpermissions()->result() as $permission) { - $permission->module_id = $this->security->xss_clean($permission->module_id); - $permission->permission_id = $this->security->xss_clean($permission->permission_id); - $permission->grant = $this->security->xss_clean($this->Employee->has_grant($permission->permission_id, $person_info->person_id)); + $permission->module_id = $this->xss_clean($permission->module_id); + $permission->permission_id = $this->xss_clean($permission->permission_id); + $permission->grant = $this->xss_clean($this->Employee->has_grant($permission->permission_id, $person_info->person_id)); $permissions[] = $permission; } @@ -125,8 +126,8 @@ class Employees extends Person_controller if($this->Employee->save_employee($person_data, $employee_data, $grants_data, $employee_id)) { - $person_data = $this->security->xss_clean($person_data); - $employee_data = $this->security->xss_clean($employee_data); + $person_data = $this->xss_clean($person_data); + $employee_data = $this->xss_clean($employee_data); //New employee if($employee_id == -1) @@ -142,7 +143,7 @@ class Employees extends Person_controller } else//failure { - $person_data = $this->security->xss_clean($person_data); + $person_data = $this->xss_clean($person_data); echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_error_adding_updating').' '. $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); @@ -154,7 +155,7 @@ class Employees extends Person_controller */ public function delete() { - $employees_to_delete = $this->security->xss_clean($this->input->post('ids')); + $employees_to_delete = $this->xss_clean($this->input->post('ids')); if($this->Employee->delete_list($employees_to_delete)) { diff --git a/application/controllers/Giftcards.php b/application/controllers/Giftcards.php index 27fca2915..188e17c0f 100644 --- a/application/controllers/Giftcards.php +++ b/application/controllers/Giftcards.php @@ -1,20 +1,20 @@ -get_controller_name(); $data['table_headers'] = get_giftcards_manage_table_headers(); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view('giftcards/manage', $data); } @@ -39,7 +39,7 @@ class Giftcards extends Secure_area implements iData_controller $data_rows[] = get_giftcard_data_row($giftcard, $this); } - $data_rows = $this->security->xss_clean($data_rows); + $data_rows = $this->xss_clean($data_rows); echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } @@ -49,14 +49,14 @@ class Giftcards extends Secure_area implements iData_controller */ public function suggest_search() { - $suggestions = $this->security->xss_clean($this->Giftcard->get_search_suggestions($this->input->post('term'))); + $suggestions = $this->xss_clean($this->Giftcard->get_search_suggestions($this->input->post('term'))); echo json_encode($suggestions); } public function get_row($row_id) { - $data_row = $this->security->xss_clean(get_giftcard_data_row($this->Giftcard->get_info($row_id), $this)); + $data_row = $this->xss_clean(get_giftcard_data_row($this->Giftcard->get_info($row_id), $this)); echo json_encode($data_row); } @@ -71,7 +71,7 @@ class Giftcards extends Secure_area implements iData_controller $data['giftcard_id'] = $giftcard_id; $data['giftcard_value'] = $giftcard_info->value; - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view("giftcards/form", $data); } @@ -87,7 +87,7 @@ class Giftcards extends Secure_area implements iData_controller if($this->Giftcard->save($giftcard_data, $giftcard_id)) { - $giftcard_data = $this->security->xss_clean($giftcard_data); + $giftcard_data = $this->xss_clean($giftcard_data); //New giftcard if($giftcard_id == -1) @@ -103,7 +103,7 @@ class Giftcards extends Secure_area implements iData_controller } else //failure { - $giftcard_data = $this->security->xss_clean($giftcard_data); + $giftcard_data = $this->xss_clean($giftcard_data); echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('giftcards_error_adding_updating').' '. $giftcard_data['giftcard_number'], 'id' => -1)); @@ -112,7 +112,7 @@ class Giftcards extends Secure_area implements iData_controller public function delete() { - $giftcards_to_delete = $this->security->xss_clean($this->input->post('ids')); + $giftcards_to_delete = $this->xss_clean($this->input->post('ids')); if($this->Giftcard->delete_list($giftcards_to_delete)) { diff --git a/application/controllers/Home.php b/application/controllers/Home.php index e6078d4ae..7688d2dd1 100644 --- a/application/controllers/Home.php +++ b/application/controllers/Home.php @@ -1,16 +1,17 @@ -load->view("home"); + $this->load->view('home'); } public function logout() diff --git a/application/controllers/Item_kits.php b/application/controllers/Item_kits.php index bf136f4b0..c10c62357 100644 --- a/application/controllers/Item_kits.php +++ b/application/controllers/Item_kits.php @@ -1,10 +1,10 @@ -Item->get_info($item_kit_item['item_id']); foreach(get_object_vars($item_info) as $property => $value) { - $item_info->$property = $this->security->xss_clean($value); + $item_info->$property = $this->xss_clean($value); } $item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity']; @@ -35,7 +35,7 @@ class Item_kits extends Secure_area implements iData_controller $data['controller_name'] = $this->get_controller_name(); $data['table_headers'] = get_item_kits_manage_table_headers(); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view('item_kits/manage', $data); } @@ -62,14 +62,14 @@ class Item_kits extends Secure_area implements iData_controller $data_rows[] = get_item_kit_data_row($item_kit, $this); } - $data_rows = $this->security->xss_clean($data_rows); + $data_rows = $this->xss_clean($data_rows); echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } public function suggest_search() { - $suggestions = $this->security->xss_clean($this->Item_kit->get_search_suggestions($this->input->post('term'))); + $suggestions = $this->xss_clean($this->Item_kit->get_search_suggestions($this->input->post('term'))); echo json_encode($suggestions); } @@ -87,16 +87,16 @@ class Item_kits extends Secure_area implements iData_controller $info = $this->Item_kit->get_info($item_kit_id); foreach(get_object_vars($info) as $property => $value) { - $info->$property = $this->security->xss_clean($value); + $info->$property = $this->xss_clean($value); } $data['item_kit_info'] = $info; $items = array(); foreach($this->Item_kit_items->get_info($item_kit_id) as $item_kit_item) { - $item['name'] = $this->security->xss_clean($this->Item->get_info($item_kit_item['item_id'])->name); - $item['item_id'] = $this->security->xss_clean($item_kit_item['item_id']); - $item['quantity'] = $this->security->xss_clean($item_kit_item['quantity']); + $item['name'] = $this->xss_clean($this->Item->get_info($item_kit_item['item_id'])->name); + $item['item_id'] = $this->xss_clean($item_kit_item['item_id']); + $item['quantity'] = $this->xss_clean($item_kit_item['quantity']); $items[] = $item; } @@ -135,14 +135,14 @@ class Item_kits extends Secure_area implements iData_controller $success = $this->Item_kit_items->save($item_kit_items, $item_kit_id); } - $item_kit_data = $this->security->xss_clean($item_kit_data); + $item_kit_data = $this->xss_clean($item_kit_data); echo json_encode(array('success' => $success, 'message' => $this->lang->line('item_kits_successful_adding').' '.$item_kit_data['name'], 'id' => $item_kit_id)); } else//failure { - $item_kit_data = $this->security->xss_clean($item_kit_data); + $item_kit_data = $this->xss_clean($item_kit_data); echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('item_kits_error_adding_updating').' '.$item_kit_data['name'], 'id' => -1)); @@ -151,7 +151,7 @@ class Item_kits extends Secure_area implements iData_controller public function delete() { - $item_kits_to_delete = $this->security->xss_clean($this->input->post('ids')); + $item_kits_to_delete = $this->xss_clean($this->input->post('ids')); if($this->Item_kit->delete_list($item_kits_to_delete)) { diff --git a/application/controllers/Items.php b/application/controllers/Items.php index 31fc7ee7b..20cf27112 100644 --- a/application/controllers/Items.php +++ b/application/controllers/Items.php @@ -1,12 +1,13 @@ -load->library('item_lib'); } @@ -332,7 +333,7 @@ class Items extends Secure_area implements iData_controller if (!empty($upload_data['orig_name'])) { // XSS file image sanity check - if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE) + if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE) { $item_data['pic_id'] = $upload_data['raw_name']; } @@ -578,7 +579,7 @@ class Items extends Secure_area implements iData_controller while (($data = fgetcsv($handle)) !== FALSE) { // XSS file data sanity check - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); if (sizeof($data) >= 23) { diff --git a/application/controllers/Login.php b/application/controllers/Login.php index 2839280eb..52f24d7ce 100644 --- a/application/controllers/Login.php +++ b/application/controllers/Login.php @@ -1,7 +1,8 @@ -Person->get_info($person_id); foreach(get_object_vars($info) as $property => $value) { - $info->$property = $this->security->xss_clean($value); + $info->$property = $this->xss_clean($value); } $data['person_info'] = $info; @@ -35,7 +36,7 @@ class Messages extends Secure_area $response = $this->sms->sendSMS($username, $password, $phone, $message, $originator); - $phone = $this->security->xss_clean($phone); + $phone = $this->xss_clean($phone); if($response) { @@ -57,8 +58,8 @@ class Messages extends Secure_area $response = $this->sms->sendSMS($username, $password, $phone, $message, $originator); - $phone = $this->security->xss_clean($phone); - $person_id = $this->security->xss_clean($person_id); + $phone = $this->xss_clean($phone); + $person_id = $this->xss_clean($person_id); if($response) { diff --git a/application/controllers/No_access.php b/application/controllers/No_access.php index 7db021fa8..d8efeea69 100644 --- a/application/controllers/No_access.php +++ b/application/controllers/No_access.php @@ -1,7 +1,8 @@ -security->xss_clean($this->Person->get_search_suggestions($this->input->post('term'))); - - echo json_encode($suggestions); - } - - /* - Gets one row for a person manage table. This is called using AJAX to update one row. - */ - public function get_row($row_id) - { - $data_row = $this->security->xss_clean(get_person_data_row($this->Person->get_info($row_id), $this)); - - echo json_encode($data_row); - } -} -?> \ No newline at end of file diff --git a/application/controllers/Persons.php b/application/controllers/Persons.php new file mode 100644 index 000000000..a5ce8de9f --- /dev/null +++ b/application/controllers/Persons.php @@ -0,0 +1,32 @@ +xss_clean($this->Person->get_search_suggestions($this->input->post('term'))); + + echo json_encode($suggestions); + } + + /* + Gets one row for a person manage table. This is called using AJAX to update one row. + */ + public function get_row($row_id) + { + $data_row = $this->xss_clean(get_person_data_row($this->Person->get_info($row_id), $this)); + + echo json_encode($data_row); + } +} +?> \ No newline at end of file diff --git a/application/controllers/Receivings.php b/application/controllers/Receivings.php index a0ee7b64c..ca008eaab 100644 --- a/application/controllers/Receivings.php +++ b/application/controllers/Receivings.php @@ -1,10 +1,13 @@ -load->library('receiving_lib'); $this->load->library('barcode_lib'); } @@ -360,7 +363,7 @@ class Receivings extends Secure_area $this->load->view("receivings/receiving",$data); } - function save($receiving_id) + function save($receiving_id = -1) { $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date')); diff --git a/application/controllers/Reports.php b/application/controllers/Reports.php index c5fba89b0..8c13201e1 100644 --- a/application/controllers/Reports.php +++ b/application/controllers/Reports.php @@ -1,22 +1,26 @@ -uri->segment(2); $exploder = explode('_', $method_name); - preg_match("/(?:inventory)|([^_.]*)(?:_graph|_row)?$/", $method_name, $matches); - preg_match("/^(.*?)([sy])?$/", array_pop($matches), $matches); - $submodule_id = $matches[1] . ((count($matches) > 2) ? $matches[2] : "s"); - $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; - // check access to report submodule - if (sizeof($exploder) > 1 && !$this->Employee->has_grant('reports_' . $submodule_id, $employee_id)) + + if(sizeof($exploder) > 1) { - redirect('no_access/reports/reports_' . $submodule_id); + preg_match("/(?:inventory)|([^_.]*)(?:_graph|_row)?$/", $method_name, $matches); + preg_match("/^(.*?)([sy])?$/", array_pop($matches), $matches); + $submodule_id = $matches[1] . ((count($matches) > 2) ? $matches[2] : "s"); + // check access to report submodule + if(!$this->Employee->has_grant('reports_' . $submodule_id, $this->Employee->get_logged_in_employee_info()->person_id)) + { + redirect('no_access/reports/reports_' . $submodule_id); + } } $this->load->helper('report'); @@ -28,7 +32,7 @@ class Reports extends Secure_area $data = array(); $data['grants'] = $this->Employee->get_employee_grants($this->session->userdata('person_id')); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view("reports/listing", $data); } @@ -40,7 +44,7 @@ class Reports extends Secure_area $report_data = $model->getDataBySaleId($sale_id); - $summary_data = $this->security->xss_clean(array( + $summary_data = $this->xss_clean(array( 'sale_id' => $report_data['sale_id'], 'sale_date' => $report_data['sale_date'], 'quantity' => to_quantity_decimals($report_data['items_purchased']), @@ -68,7 +72,7 @@ class Reports extends Secure_area $report_data = $model->getDataByReceivingId($receiving_id); - $summary_data = $this->security->xss_clean(array( + $summary_data = $this->xss_clean(array( 'receiving_id' => $report_data['receiving_id'], 'receiving_date' => $report_data['receiving_date'], 'quantity' => to_quantity_decimals($report_data['items_purchased']), @@ -85,10 +89,10 @@ class Reports extends Secure_area if($this->config->item('invoice_enable') == TRUE) { - $summary_data[]['invoice_number'] = $this->security->xss_clean($report_data['invoice_number']); + $summary_data[]['invoice_number'] = $this->xss_clean($report_data['invoice_number']); } - $summary_data[] = $this->security->xss_clean($report_data['comment']); + $summary_data[] = $this->xss_clean($report_data['comment']); echo json_encode(array($receiving_id => $summary_data)); } @@ -104,7 +108,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['sale_date'], + $tabular_data[] = $this->xss_clean(array($row['sale_date'], to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -117,9 +121,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_sales_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -136,7 +140,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['category'], + $tabular_data[] = $this->xss_clean(array($row['category'], to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -149,9 +153,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_categories_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -168,7 +172,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['customer'], + $tabular_data[] = $this->xss_clean(array($row['customer'], to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -181,9 +185,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_customers_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -200,7 +204,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['supplier'], + $tabular_data[] = $this->xss_clean(array($row['supplier'], to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -213,9 +217,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_suppliers_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -232,7 +236,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array(character_limiter($row['name'], 50), + $tabular_data[] = $this->xss_clean(array(character_limiter($row['name'], 50), to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -245,9 +249,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_items_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -264,7 +268,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['employee'], + $tabular_data[] = $this->xss_clean(array($row['employee'], to_quantity_decimals($row['quantity_purchased']), to_currency($row['subtotal']), to_currency($row['total']), @@ -277,9 +281,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_employees_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -296,7 +300,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['percent'], + $tabular_data[] = $this->xss_clean(array($row['percent'], $row['count'], to_currency($row['subtotal']), to_currency($row['total']), @@ -307,9 +311,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_taxes_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -326,7 +330,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['discount_percent'], + $tabular_data[] = $this->xss_clean(array($row['discount_percent'], $row['count'] )); } @@ -334,9 +338,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_discounts_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -353,7 +357,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = $this->security->xss_clean(array($row['payment_type'], + $tabular_data[] = $this->xss_clean(array($row['payment_type'], $row['count'], to_currency($row['payment_amount']) )); @@ -362,9 +366,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_payments_summary_report'), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) + "summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular", $data); @@ -383,7 +387,7 @@ class Reports extends Secure_area public function date_input_sales() { $data = array(); - $stock_locations = $data = $this->security->xss_clean($this->Stock_location->get_allowed_locations('sales')); + $stock_locations = $data = $this->xss_clean($this->Stock_location->get_allowed_locations('sales')); $stock_locations['all'] = $this->lang->line('reports_all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); $data['mode'] = 'sale'; @@ -394,7 +398,7 @@ class Reports extends Secure_area public function date_input_recv() { $data = array(); - $stock_locations = $data = $this->security->xss_clean($this->Stock_location->get_allowed_locations('receivings')); + $stock_locations = $data = $this->xss_clean($this->Stock_location->get_allowed_locations('receivings')); $stock_locations['all'] = $this->lang->line('reports_all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); $data['mode'] = 'receiving'; @@ -414,7 +418,7 @@ class Reports extends Secure_area $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $date = date($this->config->item('dateformat'), strtotime($row['sale_date'])); $labels[] = $date; @@ -427,7 +431,7 @@ class Reports extends Secure_area "chart_type" => "reports/graphs/line", "labels_1" => $labels, "series_data_1" => $series, - "summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), + "summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), "yaxis_title" => $this->lang->line('reports_revenue'), "xaxis_title" => $this->lang->line('reports_date'), "show_currency" => TRUE @@ -448,7 +452,7 @@ class Reports extends Secure_area $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['name']; $series[] = $row['total']; @@ -460,7 +464,7 @@ class Reports extends Secure_area "chart_type" => "reports/graphs/hbar", "labels_1" => $labels, "series_data_1" => $series, - "summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), + "summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), "yaxis_title" => $this->lang->line('reports_items'), "xaxis_title" => $this->lang->line('reports_revenue'), "show_currency" => TRUE @@ -476,13 +480,13 @@ class Reports extends Secure_area $model = $this->Summary_categories; $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)); - $summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); + $summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); $labels = array(); $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['category']; $series[] = array('meta' => $row['category'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']); @@ -508,13 +512,13 @@ class Reports extends Secure_area $model = $this->Summary_suppliers; $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)); - $summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); + $summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); $labels = array(); $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['supplier']; $series[] = array('meta' => $row['supplier'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']); @@ -540,13 +544,13 @@ class Reports extends Secure_area $model = $this->Summary_employees; $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)); - $summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); + $summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); $labels = array(); $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['employee']; $series[] = array('meta' => $row['employee'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']); @@ -572,13 +576,13 @@ class Reports extends Secure_area $model = $this->Summary_taxes; $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)); - $summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); + $summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); $labels = array(); $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['percent']; $series[] = array('meta' => $row['percent'] . ' ' . round($row['total'] / $summary['total'] * 100, 2) . '%', 'value' => $row['total']); @@ -609,7 +613,7 @@ class Reports extends Secure_area $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['customer']; $series[] = $row['total']; @@ -621,7 +625,7 @@ class Reports extends Secure_area "chart_type" => "reports/graphs/hbar", "labels_1" => $labels, "series_data_1" => $series, - "summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), + "summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), "yaxis_title" => $this->lang->line('reports_customers'), "xaxis_title" => $this->lang->line('reports_revenue'), "show_currency" => TRUE @@ -642,7 +646,7 @@ class Reports extends Secure_area $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['discount_percent']; $series[] = $row['count']; @@ -654,7 +658,7 @@ class Reports extends Secure_area "chart_type" => "reports/graphs/bar", "labels_1" => $labels, "series_data_1" => $series, - "summary_data_1" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), + "summary_data_1" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))), "yaxis_title" => $this->lang->line('reports_count'), "xaxis_title" => $this->lang->line('reports_discount_percent'), "show_currency" => FALSE @@ -670,13 +674,13 @@ class Reports extends Secure_area $model = $this->Summary_payments; $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type)); - $summary = $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); + $summary = $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type))); $labels = array(); $series = array(); foreach($report_data as $row) { - $row = $this->security->xss_clean($row); + $row = $this->xss_clean($row); $labels[] = $row['payment_type']; $series[] = array('meta' => $row['payment_type'] . ' ' . round($row['payment_amount'] / $summary['total'] * 100, 2) . '%', 'value' => $row['payment_amount']); @@ -703,7 +707,7 @@ class Reports extends Secure_area $customers = array(); foreach($this->Customer->get_all()->result() as $customer) { - $customers[$customer->person_id] = $this->security->xss_clean($customer->first_name . ' ' . $customer->last_name); + $customers[$customer->person_id] = $this->xss_clean($customer->first_name . ' ' . $customer->last_name); } $data['specific_input_data'] = $customers; @@ -715,7 +719,7 @@ class Reports extends Secure_area $this->load->model('reports/Specific_customer'); $model = $this->Specific_customer; - $headers = $this->security->xss_clean($model->getDataColumns()); + $headers = $this->xss_clean($model->getDataColumns()); $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type)); $summary_data = array(); @@ -723,22 +727,22 @@ class Reports extends Secure_area foreach($report_data['summary'] as $key => $row) { - $summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['employee_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment'])); + $summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['employee_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment'])); foreach($report_data['details'][$key] as $drow) { - $details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); + $details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); } } $customer_info = $this->Customer->get_info($customer_id); $data = array( - "title" => $this->security->xss_clean($customer_info->first_name . ' ' . $customer_info->last_name . ' ' . $this->lang->line('reports_report')), + "title" => $this->xss_clean($customer_info->first_name . ' ' . $customer_info->last_name . ' ' . $this->lang->line('reports_report')), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), "headers" => $headers, "summary_data" => $summary_data, "details_data" => $details_data, - "overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type))) + "overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular_details", $data); @@ -752,7 +756,7 @@ class Reports extends Secure_area $employees = array(); foreach($this->Employee->get_all()->result() as $employee) { - $employees[$employee->person_id] = $this->security->xss_clean($employee->first_name . ' ' . $employee->last_name); + $employees[$employee->person_id] = $this->xss_clean($employee->first_name . ' ' . $employee->last_name); } $data['specific_input_data'] = $employees; @@ -764,7 +768,7 @@ class Reports extends Secure_area $this->load->model('reports/Specific_employee'); $model = $this->Specific_employee; - $headers = $this->security->xss_clean($model->getDataColumns()); + $headers = $this->xss_clean($model->getDataColumns()); $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'employee_id' => $employee_id, 'sale_type' => $sale_type)); $summary_data = array(); @@ -772,22 +776,22 @@ class Reports extends Secure_area foreach($report_data['summary'] as $key => $row) { - $summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment'])); + $summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']), to_currency($row['cost']), to_currency($row['profit']), $row['payment_type'], $row['comment'])); foreach($report_data['details'][$key] as $drow) { - $details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); + $details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); } } $employee_info = $this->Employee->get_info($employee_id); $data = array( - "title" => $this->security->xss_clean($employee_info->first_name . ' ' . $employee_info->last_name . ' ' . $this->lang->line('reports_report')), + "title" => $this->xss_clean($employee_info->first_name . ' ' . $employee_info->last_name . ' ' . $this->lang->line('reports_report')), "subtitle" => date($this->config->item('dateformat'), strtotime($start_date)) . '-' . date($this->config->item('dateformat'), strtotime($end_date)), "headers" => $headers, "summary_data" => $summary_data, "details_data" => $details_data, - "overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'employee_id' => $employee_id, 'sale_type' => $sale_type))) + "overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'employee_id' => $employee_id, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular_details", $data); @@ -805,7 +809,7 @@ class Reports extends Secure_area } $data['specific_input_data'] = $discounts; - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view("reports/specific_input", $data); } @@ -815,7 +819,7 @@ class Reports extends Secure_area $this->load->model('reports/Specific_discount'); $model = $this->Specific_discount; - $headers = $this->security->xss_clean($model->getDataColumns()); + $headers = $this->xss_clean($model->getDataColumns()); $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'discount' => $discount, 'sale_type' => $sale_type)); $summary_data = array(); @@ -823,11 +827,11 @@ class Reports extends Secure_area foreach($report_data['summary'] as $key => $row) { - $summary_data[] = $this->security->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']),/*to_currency($row['profit']),*/ $row['payment_type'], $row['comment'])); + $summary_data[] = $this->xss_clean(array(anchor('sales/receipt/'.$row['sale_id'], 'POS '.$row['sale_id'], array('target'=>'_blank')), $row['sale_date'], to_quantity_decimals($row['items_purchased']), $row['customer_name'], to_currency($row['subtotal']), to_currency($row['total']), to_currency($row['tax']),/*to_currency($row['profit']),*/ $row['payment_type'], $row['comment'])); foreach($report_data['details'][$key] as $drow) { - $details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']),/*to_currency($drow['profit']),*/ $drow['discount_percent'].'%')); + $details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], to_quantity_decimals($drow['quantity_purchased']), to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']),/*to_currency($drow['profit']),*/ $drow['discount_percent'].'%')); } } @@ -837,7 +841,7 @@ class Reports extends Secure_area "headers" => $headers, "summary_data" => $summary_data, "details_data" => $details_data, - "overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'discount' => $discount, 'sale_type' => $sale_type))) + "overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date,'discount' => $discount, 'sale_type' => $sale_type))) ); $this->load->view("reports/tabular_details", $data); @@ -848,17 +852,17 @@ class Reports extends Secure_area $this->load->model('reports/Detailed_sales'); $model = $this->Detailed_sales; - $headers = $this->security->xss_clean($model->getDataColumns()); + $headers = $this->xss_clean($model->getDataColumns()); $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id)); $summary_data = array(); $details_data = array(); - $show_locations = $this->security->xss_clean($this->Stock_location->multiple_locations()); + $show_locations = $this->xss_clean($this->Stock_location->multiple_locations()); foreach($report_data['summary'] as $key => $row) { - $summary_data[] = $this->security->xss_clean(array( + $summary_data[] = $this->xss_clean(array( 'id' => $row['sale_id'], 'sale_date' => $row['sale_date'], 'quantity' => to_quantity_decimals($row['items_purchased']), @@ -883,7 +887,7 @@ class Reports extends Secure_area { $quantity_purchased .= ' [' . $this->Stock_location->get_location_name($drow['item_location']) . ']'; } - $details_data[$row['sale_id']][] = $this->security->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], $quantity_purchased, to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); + $details_data[$row['sale_id']][] = $this->xss_clean(array($drow['name'], $drow['category'], $drow['serialnumber'], $drow['description'], $quantity_purchased, to_currency($drow['subtotal']), to_currency($drow['total']), to_currency($drow['tax']), to_currency($drow['cost']), to_currency($drow['profit']), $drow['discount_percent'].'%')); } } @@ -894,7 +898,7 @@ class Reports extends Secure_area "editable" => 'sales', "summary_data" => $summary_data, "details_data" => $details_data, - "overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id))) + "overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type, 'location_id' => $location_id))) ); $this->load->view("reports/tabular_details", $data); @@ -905,17 +909,17 @@ class Reports extends Secure_area $this->load->model('reports/Detailed_receivings'); $model = $this->Detailed_receivings; - $headers = $this->security->xss_clean($model->getDataColumns()); + $headers = $this->xss_clean($model->getDataColumns()); $report_data = $model->getData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id)); $summary_data = array(); $details_data = array(); - $show_locations = $this->security->xss_clean($this->Stock_location->multiple_locations()); + $show_locations = $this->xss_clean($this->Stock_location->multiple_locations()); foreach($report_data['summary'] as $key => $row) { - $summary_data[] = $this->security->xss_clean(array( + $summary_data[] = $this->xss_clean(array( 'id' => $row['receiving_id'], 'receiving_date' => $row['receiving_date'], 'quantity' => to_quantity_decimals($row['items_purchased']), @@ -941,7 +945,7 @@ class Reports extends Secure_area { $quantity_purchased .= ' [' . $this->Stock_location->get_location_name($drow['item_location']) . ']'; } - $details_data[$row['receiving_id']][] = $this->security->xss_clean(array($drow['item_number'], $drow['name'], $drow['category'], $quantity_purchased, to_currency($drow['total']), $drow['discount_percent'].'%')); + $details_data[$row['receiving_id']][] = $this->xss_clean(array($drow['item_number'], $drow['name'], $drow['category'], $quantity_purchased, to_currency($drow['total']), $drow['discount_percent'].'%')); } } @@ -952,7 +956,7 @@ class Reports extends Secure_area "editable" => 'receivings', "summary_data" => $summary_data, "details_data" => $details_data, - "overall_summary_data" => $this->security->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id))) + "overall_summary_data" => $this->xss_clean($model->getSummaryData(array('start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id))) ); $this->load->view("reports/tabular_details", $data); @@ -968,7 +972,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = /*$this->security->xss_clean*/(array($row['name'], + $tabular_data[] = $this->xss_clean(array($row['name'], $row['item_number'], $row['description'], to_quantity_decimals($row['quantity']), @@ -980,9 +984,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_inventory_low_report'), "subtitle" => '', - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData(array())) + "summary_data" => $this->xss_clean($model->getSummaryData(array())) ); $this->load->view("reports/tabular", $data); @@ -996,7 +1000,7 @@ class Reports extends Secure_area $data = array(); $data['item_count'] = $model->getItemCountDropdownArray(); - $stock_locations = $this->security->xss_clean($this->Stock_location->get_allowed_locations()); + $stock_locations = $this->xss_clean($this->Stock_location->get_allowed_locations()); $stock_locations['all'] = $this->lang->line('reports_all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); @@ -1013,7 +1017,7 @@ class Reports extends Secure_area $tabular_data = array(); foreach($report_data as $row) { - $tabular_data[] = /*$this->security->xss_clean*/(array($row['name'], + $tabular_data[] = $this->xss_clean(array($row['name'], $row['item_number'], $row['description'], to_quantity_decimals($row['quantity']), @@ -1028,9 +1032,9 @@ class Reports extends Secure_area $data = array( "title" => $this->lang->line('reports_inventory_summary_report'), "subtitle" => '', - "headers" => $this->security->xss_clean($model->getDataColumns()), + "headers" => $this->xss_clean($model->getDataColumns()), "data" => $tabular_data, - "summary_data" => $this->security->xss_clean($model->getSummaryData($report_data)) + "summary_data" => $this->xss_clean($model->getSummaryData($report_data)) ); $this->load->view("reports/tabular", $data); diff --git a/application/controllers/Sales.php b/application/controllers/Sales.php index 35bda87e3..ab4637602 100644 --- a/application/controllers/Sales.php +++ b/application/controllers/Sales.php @@ -1,11 +1,13 @@ -load->library('sale_lib'); $this->load->library('barcode_lib'); } @@ -614,7 +616,7 @@ class Sales extends Secure_area } } - function save($sale_id) + function save($sale_id = -1) { $newdate = $this->input->post('date'); diff --git a/application/controllers/Secure_Controller.php b/application/controllers/Secure_Controller.php new file mode 100644 index 000000000..7e136d544 --- /dev/null +++ b/application/controllers/Secure_Controller.php @@ -0,0 +1,63 @@ +load->model('Employee'); + $model = $this->Employee; + + if(!$model->is_logged_in()) + { + redirect('login'); + } + + $logged_in_employee_info = $model->get_logged_in_employee_info(); + if(!$model->has_module_grant($module_id, $logged_in_employee_info->person_id) || + (isset($submodule_id) && !$model->has_module_grant($submodule_id, $logged_in_employee_info->person_id))) + { + redirect('no_access/' . $module_id . '/' . $submodule_id); + } + + //load up global data + $data['allowed_modules'] = $this->Module->get_allowed_modules($logged_in_employee_info->person_id); + $data['user_info'] = $logged_in_employee_info; + $data['controller_name'] = $module_id; + $this->controller_name = $module_id; + + $this->load->vars($data); + } + + /* + * Get the controller name stored at construction time + */ + protected function get_controller_name() + { + return strtolower($this->controller_name); + } + + /* + * Internal method to do XSS clean in the derived classes + */ + protected function xss_clean($str, $is_image = FALSE) + { + return $this->security->xss_clean($str, $is_image); + } + + // this is the basic set of methods most OSPOS Controllers will implement + public function index() { return FALSE; } + public function search() { return FALSE; } + public function suggest_search() { return FALSE; } + public function view($data_item_id = -1) { return FALSE; } + public function save($data_item_id = -1) { return FALSE; } + public function delete() { return FALSE; } +} +?> \ No newline at end of file diff --git a/application/controllers/Secure_area.php b/application/controllers/Secure_area.php deleted file mode 100644 index c8bd3ecea..000000000 --- a/application/controllers/Secure_area.php +++ /dev/null @@ -1,47 +0,0 @@ -load->model('Employee'); - - if(!$this->Employee->is_logged_in()) - { - redirect('login'); - } - $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; - if(!$this->Employee->has_module_grant($module_id,$employee_id) || - (isset($submodule_id) && !$this->Employee->has_module_grant($submodule_id,$employee_id))) - { - redirect('no_access/' . $module_id . '/' . $submodule_id); - } - - //load up global data - $logged_in_employee_info = $this->Employee->get_logged_in_employee_info(); - $data['allowed_modules'] = $this->Module->get_allowed_modules($logged_in_employee_info->person_id); - $data['backup_allowed'] = false; - foreach($data['allowed_modules']->result_array() as $module) - { - $data['backup_allowed'] |= $module['module_id'] === 'config'; - } - $data['user_info'] = $logged_in_employee_info; - $data['controller_name'] = $module_id; - $this->controller_name = $module_id; - - $this->load->vars($data); - } - - public function get_controller_name() - { - return strtolower($this->controller_name); - } -} -?> \ No newline at end of file diff --git a/application/controllers/Suppliers.php b/application/controllers/Suppliers.php index 53a9cfd95..b01e49d40 100644 --- a/application/controllers/Suppliers.php +++ b/application/controllers/Suppliers.php @@ -1,9 +1,10 @@ -get_controller_name(); $data['table_headers'] = get_suppliers_manage_table_headers(); - $data = $this->security->xss_clean($data); + $data = $this->xss_clean($data); $this->load->view('people/manage', $data); } @@ -38,7 +39,7 @@ class Suppliers extends Person_controller $data_rows[] = get_supplier_data_row($supplier, $this); } - $data_rows = $this->security->xss_clean($data_rows); + $data_rows = $this->xss_clean($data_rows); echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } @@ -48,14 +49,14 @@ class Suppliers extends Person_controller */ public function suggest() { - $suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->get('term'), TRUE)); + $suggestions = $this->xss_clean($this->Supplier->get_search_suggestions($this->input->get('term'), TRUE)); echo json_encode($suggestions); } public function suggest_search() { - $suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->post('term'), FALSE)); + $suggestions = $this->xss_clean($this->Supplier->get_search_suggestions($this->input->post('term'), FALSE)); echo json_encode($suggestions); } @@ -68,7 +69,7 @@ class Suppliers extends Person_controller $info = $this->Supplier->get_info($supplier_id); foreach(get_object_vars($info) as $property => $value) { - $info->$property = $this->security->xss_clean($value); + $info->$property = $this->xss_clean($value); } $data['person_info'] = $info; @@ -102,7 +103,7 @@ class Suppliers extends Person_controller if($this->Supplier->save_supplier($person_data, $supplier_data, $supplier_id)) { - $supplier_data = $this->security->xss_clean($supplier_data); + $supplier_data = $this->xss_clean($supplier_data); //New supplier if($supplier_id == -1) @@ -118,7 +119,7 @@ class Suppliers extends Person_controller } else//failure { - $supplier_data = $this->security->xss_clean($supplier_data); + $supplier_data = $this->xss_clean($supplier_data); echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('suppliers_error_adding_updating').' '. $supplier_data['company_name'], 'id' => -1)); @@ -130,7 +131,7 @@ class Suppliers extends Person_controller */ public function delete() { - $suppliers_to_delete = $this->security->xss_clean($this->input->post('ids')); + $suppliers_to_delete = $this->xss_clean($this->input->post('ids')); if($this->Supplier->delete_list($suppliers_to_delete)) { diff --git a/application/controllers/interfaces/Idata_controller.php b/application/controllers/interfaces/Idata_controller.php deleted file mode 100644 index c366cc498..000000000 --- a/application/controllers/interfaces/Idata_controller.php +++ /dev/null @@ -1,14 +0,0 @@ - \ No newline at end of file diff --git a/application/helpers/table_helper.php b/application/helpers/table_helper.php index 60f6b664d..79b199db0 100644 --- a/application/helpers/table_helper.php +++ b/application/helpers/table_helper.php @@ -20,7 +20,7 @@ function get_sales_manage_table_headers() $headers[] = array('invoice' => ' ', 'sortable' => FALSE); } - return transform_headers(array_merge($headers, array(array( 'receipt' => ' ', 'sortable' => FALSE )))); + return transform_headers(array_merge($headers, array(array('receipt' => ' ', 'sortable' => FALSE)))); } /*