mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-11 19:50:25 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS vulnerabilities in invoice_email.php view

Browse Source
This commit is contained in:
jekkos
2026-03-04 17:53:18 +00:00
parent 87a0606141
commit 3c217bbddd
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Views/sales/invoice_email.php
View File

@@ -30,7 +30,7 @@
<body>
<?php
if (isset($error_message)) {
echo '<div class="alert alert-dismissible alert-danger">' . $error_message . '</div>';
echo '<div class="alert alert-dismissible alert-danger">' . esc($error_message) . '</div>';
exit;
}
?>
@@ -98,7 +98,7 @@
if ($item['print_option'] == PRINT_YES) {
?>
<tr class="item-row">
<td><?= $item['item_number'] ?></td>
<td><?= esc($item['item_number']) ?></td>
<td class="item-name"><?= esc($item['name']) ?></td>
<td><?= to_quantity_decimals($item['quantity']) ?></td>
<td><?= to_currency($item['price']) ?></td>
@@ -179,8 +179,8 @@
<?= nl2br(esc($config['return_policy'])) ?>
</div>
<div id="barcode">
<img alt=<?= '$sale_id' ?> src="data:image/svg+xml;base64,<?= base64_encode($barcode) ?>"><br>
<?= $sale_id ?>
<img alt="<?= esc($sale_id) ?>" src="data:image/svg+xml;base64,<?= base64_encode($barcode) ?>"><br>
<?= esc($sale_id) ?>
</div>
</div>
</div>