mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-07-11 15:36:13 -04:00
For #3730. This replaces FILTER_SANITIZE_STRING with FILTER_SANITIZE_FULL_SPECIAL_CHARS.
This commit is contained in:
@@ -33,11 +33,11 @@ class Attributes extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$attributes = $this->attribute->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->attribute->get_found_rows($search);
|
||||
@@ -88,7 +88,7 @@ class Attributes extends Secure_Controller
|
||||
{
|
||||
$definition_flags = 0;
|
||||
|
||||
$flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_STRING);
|
||||
$flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
foreach($flags as $flag)
|
||||
{
|
||||
@@ -211,7 +211,7 @@ class Attributes extends Secure_Controller
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->attribute->delete_definition_list($attributes_to_delete))
|
||||
{
|
||||
|
||||
@@ -37,19 +37,19 @@ class Cashups extends Secure_Controller
|
||||
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$filters = [
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), //TODO: Is this the best way to filter dates
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING),
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), //TODO: Is this the best way to filter dates
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'is_deleted' => FALSE
|
||||
];
|
||||
|
||||
// check if any filter is set in the multiselect dropdown
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using.
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using.
|
||||
$filters = array_merge($filters, $filledup);
|
||||
$cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->cashup->get_found_rows($search, $filters);
|
||||
@@ -188,7 +188,7 @@ class Cashups extends Secure_Controller
|
||||
|
||||
public function postSave(int $cashup_id = NEW_ENTRY): void
|
||||
{
|
||||
$open_date = $this->request->getPost('open_date', FILTER_SANITIZE_STRING);
|
||||
$open_date = $this->request->getPost('open_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
|
||||
|
||||
$close_date = $this->request->getPost('close_date', FILTER_SANITIZE_NUMBER_INT);
|
||||
@@ -205,7 +205,7 @@ class Cashups extends Secure_Controller
|
||||
'closed_amount_check' => parse_decimals($this->request->getPost('closed_amount_check', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'closed_amount_total' => parse_decimals($this->request->getPost('closed_amount_total', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'note' => $this->request->getPost('note') != NULL,
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'open_employee_id' => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'close_employee_id' => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'deleted' => $this->request->getPost('deleted') != NULL
|
||||
@@ -231,7 +231,7 @@ class Cashups extends Secure_Controller
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->cashup->delete_list($cash_ups_to_delete))
|
||||
{
|
||||
|
||||
@@ -329,13 +329,13 @@ class Config extends Secure_Controller
|
||||
$upload_success = !empty($upload_data['error']);
|
||||
|
||||
$batch_save_data = [
|
||||
'company' => $this->request->getPost('company', FILTER_SANITIZE_STRING),
|
||||
'address' => $this->request->getPost('address', FILTER_SANITIZE_STRING),
|
||||
'phone' => $this->request->getPost('phone', FILTER_SANITIZE_STRING),
|
||||
'company' => $this->request->getPost('company', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address' => $this->request->getPost('address', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'phone' => $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'email' => $this->request->getPost('email', FILTER_SANITIZE_EMAIL),
|
||||
'fax' => $this->request->getPost('fax', FILTER_SANITIZE_STRING),
|
||||
'fax' => $this->request->getPost('fax', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'website' => $this->request->getPost('website', FILTER_SANITIZE_URL),
|
||||
'return_policy' => $this->request->getPost('return_policy', FILTER_SANITIZE_STRING)
|
||||
'return_policy' => $this->request->getPost('return_policy', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if(!empty($upload_data['orig_name']) && $upload_data['raw_name'] === TRUE)
|
||||
@@ -397,8 +397,8 @@ class Config extends Secure_Controller
|
||||
public function postSaveGeneral(): void
|
||||
{
|
||||
$batch_save_data = [
|
||||
'theme' => $this->request->getPost('theme', FILTER_SANITIZE_STRING),
|
||||
'login_form' => $this->request->getPost('login_form', FILTER_SANITIZE_STRING),
|
||||
'theme' => $this->request->getPost('theme', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'login_form' => $this->request->getPost('login_form', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'default_sales_discount_type' => $this->request->getPost('default_sales_discount_type') != NULL,
|
||||
'default_sales_discount' => $this->request->getPost('default_sales_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
|
||||
'default_receivings_discount_type' => $this->request->getPost('default_receivings_discount_type') != NULL,
|
||||
@@ -411,14 +411,14 @@ class Config extends Secure_Controller
|
||||
'image_max_width' => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT),
|
||||
'image_max_height' => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT),
|
||||
'image_max_size' => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT),
|
||||
'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types', FILTER_SANITIZE_STRING)),
|
||||
'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types', FILTER_SANITIZE_FULL_SPECIAL_CHARS)),
|
||||
'gcaptcha_enable' => $this->request->getPost('gcaptcha_enable') != NULL,
|
||||
'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key', FILTER_SANITIZE_STRING),
|
||||
'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key', FILTER_SANITIZE_STRING),
|
||||
'suggestions_first_column' => $this->request->getPost('suggestions_first_column', FILTER_SANITIZE_STRING),
|
||||
'suggestions_second_column' => $this->request->getPost('suggestions_second_column', FILTER_SANITIZE_STRING),
|
||||
'suggestions_third_column' => $this->request->getPost('suggestions_third_column', FILTER_SANITIZE_STRING),
|
||||
'giftcard_number' => $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING),
|
||||
'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'suggestions_first_column' => $this->request->getPost('suggestions_first_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'suggestions_second_column' => $this->request->getPost('suggestions_second_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'suggestions_third_column' => $this->request->getPost('suggestions_third_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'giftcard_number' => $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'derive_sale_quantity' => $this->request->getPost('derive_sale_quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION) != NULL,
|
||||
'multi_pack_enabled' => $this->request->getPost('multi_pack_enabled') != NULL,
|
||||
'include_hsn' => $this->request->getPost('include_hsn') != NULL,
|
||||
@@ -452,8 +452,8 @@ class Config extends Secure_Controller
|
||||
*/
|
||||
public function postCheckNumberLocale(): void
|
||||
{
|
||||
$number_locale = $this->request->getPost('number_locale', FILTER_SANITIZE_STRING);
|
||||
$save_number_locale = $this->request->getPost('save_number_locale', FILTER_SANITIZE_STRING);
|
||||
$number_locale = $this->request->getPost('number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$save_number_locale = $this->request->getPost('save_number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$fmt = new NumberFormatter($number_locale, NumberFormatter::CURRENCY);
|
||||
if($number_locale != $save_number_locale)
|
||||
@@ -464,8 +464,8 @@ class Config extends Secure_Controller
|
||||
}
|
||||
else
|
||||
{
|
||||
$currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING);
|
||||
$currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code', FILTER_SANITIZE_STRING);
|
||||
$currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
}
|
||||
|
||||
if($this->request->getPost('thousands_separator') == 'false')
|
||||
@@ -490,25 +490,25 @@ class Config extends Secure_Controller
|
||||
*/
|
||||
public function postSaveLocale(): void
|
||||
{
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING));
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
$batch_save_data = [
|
||||
'currency_symbol' => $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING),
|
||||
'currency_code' => $this->request->getPost('currency_code', FILTER_SANITIZE_STRING),
|
||||
'currency_symbol' => $this->request->getPost('currency_symbol', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'currency_code' => $this->request->getPost('currency_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'language_code' => $exploded[0],
|
||||
'language' => $exploded[1],
|
||||
'timezone' => $this->request->getPost('timezone', FILTER_SANITIZE_STRING),
|
||||
'dateformat' => $this->request->getPost('dateformat', FILTER_SANITIZE_STRING),
|
||||
'timeformat' => $this->request->getPost('timeformat', FILTER_SANITIZE_STRING),
|
||||
'timezone' => $this->request->getPost('timezone', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'dateformat' => $this->request->getPost('dateformat', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'timeformat' => $this->request->getPost('timeformat', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'thousands_separator' => !empty($this->request->getPost('thousands_separator', FILTER_SANITIZE_NUMBER_INT)),
|
||||
'number_locale' => $this->request->getPost('number_locale', FILTER_SANITIZE_STRING),
|
||||
'number_locale' => $this->request->getPost('number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'currency_decimals' => $this->request->getPost('currency_decimals', FILTER_SANITIZE_NUMBER_INT),
|
||||
'tax_decimals' => $this->request->getPost('tax_decimals', FILTER_SANITIZE_NUMBER_INT),
|
||||
'quantity_decimals' => $this->request->getPost('quantity_decimals', FILTER_SANITIZE_NUMBER_INT),
|
||||
'country_codes' => $this->request->getPost('country_codes', FILTER_SANITIZE_STRING),
|
||||
'payment_options_order' => $this->request->getPost('payment_options_order', FILTER_SANITIZE_STRING),
|
||||
'country_codes' => $this->request->getPost('country_codes', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'payment_options_order' => $this->request->getPost('payment_options_order', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'date_or_time_format' => $this->request->getPost('date_or_time_format', FILTER_SANITIZE_NUMBER_INT),
|
||||
'cash_decimals' => $this->request->getPost('cash_decimals', FILTER_SANITIZE_NUMBER_INT),
|
||||
'cash_rounding_code' => $this->request->getPost('cash_rounding_code', FILTER_SANITIZE_STRING),
|
||||
'cash_rounding_code' => $this->request->getPost('cash_rounding_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'financial_year' => $this->request->getPost('financial_year', FILTER_SANITIZE_NUMBER_INT)
|
||||
];
|
||||
|
||||
@@ -534,14 +534,14 @@ class Config extends Secure_Controller
|
||||
}
|
||||
|
||||
$batch_save_data = [
|
||||
'protocol' => $this->request->getPost('protocol', FILTER_SANITIZE_STRING),
|
||||
'mailpath' => $this->request->getPost('mailpath', FILTER_SANITIZE_STRING),
|
||||
'smtp_host' => $this->request->getPost('smtp_host', FILTER_SANITIZE_STRING),
|
||||
'smtp_user' => $this->request->getPost('smtp_user', FILTER_SANITIZE_STRING),
|
||||
'protocol' => $this->request->getPost('protocol', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'mailpath' => $this->request->getPost('mailpath', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'smtp_host' => $this->request->getPost('smtp_host', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'smtp_user' => $this->request->getPost('smtp_user', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'smtp_pass' => $password,
|
||||
'smtp_port' => $this->request->getPost('smtp_port', FILTER_SANITIZE_NUMBER_INT),
|
||||
'smtp_timeout' => $this->request->getPost('smtp_timeout', FILTER_SANITIZE_NUMBER_INT),
|
||||
'smtp_crypto' => $this->request->getPost('smtp_crypto', FILTER_SANITIZE_STRING)
|
||||
'smtp_crypto' => $this->request->getPost('smtp_crypto', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$success = $this->appconfig->batch_save($batch_save_data);
|
||||
@@ -562,10 +562,10 @@ class Config extends Secure_Controller
|
||||
}
|
||||
|
||||
$batch_save_data = [
|
||||
'msg_msg' => $this->request->getPost('msg_msg', FILTER_SANITIZE_STRING),
|
||||
'msg_uid' => $this->request->getPost('msg_uid', FILTER_SANITIZE_STRING),
|
||||
'msg_msg' => $this->request->getPost('msg_msg', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'msg_uid' => $this->request->getPost('msg_uid', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'msg_pwd' => $password,
|
||||
'msg_src' => $this->request->getPost('msg_src', FILTER_SANITIZE_STRING)
|
||||
'msg_src' => $this->request->getPost('msg_src', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$success = $this->appconfig->batch_save($batch_save_data);
|
||||
@@ -605,7 +605,7 @@ class Config extends Secure_Controller
|
||||
public function ajax_check_mailchimp_api_key(): void
|
||||
{
|
||||
// load mailchimp lists associated to the given api key, already XSS cleaned in the private function
|
||||
$lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING));
|
||||
$lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
$success = count($lists) > 0;
|
||||
|
||||
echo json_encode ([
|
||||
@@ -625,14 +625,14 @@ class Config extends Secure_Controller
|
||||
|
||||
if(check_encryption()) //TODO: Hungarian notation
|
||||
{
|
||||
$api_key_unencrypted = $this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING);
|
||||
$api_key_unencrypted = $this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
if(!empty($api_key_unencrypted))
|
||||
{
|
||||
$api_key = $this->encrypter->encrypt($api_key_unencrypted);
|
||||
$api_key_unencrypted = "";
|
||||
}
|
||||
|
||||
$list_id_unencrypted = $this->request->getPost('mailchimp_list_id', FILTER_SANITIZE_STRING);
|
||||
$list_id_unencrypted = $this->request->getPost('mailchimp_list_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
if(!empty($list_id_unencrypted))
|
||||
{
|
||||
$list_id = $this->encrypter->encrypt($list_id_unencrypted);
|
||||
@@ -691,7 +691,7 @@ class Config extends Secure_Controller
|
||||
$this->db->transStart();
|
||||
|
||||
$not_to_delete = [];
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value)
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value)
|
||||
{
|
||||
if(strstr($key, 'stock_location'))
|
||||
{
|
||||
@@ -741,7 +741,7 @@ class Config extends Secure_Controller
|
||||
if($dinner_table_enable)
|
||||
{
|
||||
$not_to_delete = [];
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) //TODO: Not sure if this is the best way to filter the array
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value) //TODO: Not sure if this is the best way to filter the array
|
||||
{
|
||||
if(strstr($key, 'dinner_table') && $key != 'dinner_table_enable')
|
||||
{
|
||||
@@ -785,14 +785,14 @@ class Config extends Secure_Controller
|
||||
|
||||
$batch_save_data = [
|
||||
'default_tax_1_rate' => parse_tax($this->request->getPost('default_tax_1_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'default_tax_1_name' => $this->request->getPost('default_tax_1_name', FILTER_SANITIZE_STRING),
|
||||
'default_tax_1_name' => $this->request->getPost('default_tax_1_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'default_tax_2_rate' => parse_tax($this->request->getPost('default_tax_2_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'default_tax_2_name' => $this->request->getPost('default_tax_2_name', FILTER_SANITIZE_STRING),
|
||||
'default_tax_2_name' => $this->request->getPost('default_tax_2_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_included' => $this->request->getPost('tax_included') != NULL,
|
||||
'use_destination_based_tax' => $this->request->getPost('use_destination_based_tax') != NULL,
|
||||
'default_tax_code' => $this->request->getPost('default_tax_code', FILTER_SANITIZE_STRING),
|
||||
'default_tax_category' => $this->request->getPost('default_tax_category', FILTER_SANITIZE_STRING),
|
||||
'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction', FILTER_SANITIZE_STRING),
|
||||
'default_tax_code' => $this->request->getPost('default_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'default_tax_category' => $this->request->getPost('default_tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
|
||||
];
|
||||
|
||||
@@ -822,7 +822,7 @@ class Config extends Secure_Controller
|
||||
{
|
||||
$not_to_delete = [];
|
||||
$array_save = [];
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value)
|
||||
foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value)
|
||||
{
|
||||
if(strstr($key, 'customer_reward') && $key != 'customer_reward_enable')
|
||||
{
|
||||
@@ -872,21 +872,21 @@ class Config extends Secure_Controller
|
||||
public function postSaveBarcode(): void
|
||||
{
|
||||
$batch_save_data = [
|
||||
'barcode_type' => $this->request->getPost('barcode_type', FILTER_SANITIZE_STRING),
|
||||
'barcode_type' => $this->request->getPost('barcode_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_width' => $this->request->getPost('barcode_width', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_height' => $this->request->getPost('barcode_height', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_font' => $this->request->getPost('barcode_font', FILTER_SANITIZE_STRING),
|
||||
'barcode_font' => $this->request->getPost('barcode_font', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_font_size' => $this->request->getPost('barcode_font_size', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_first_row' => $this->request->getPost('barcode_first_row', FILTER_SANITIZE_STRING),
|
||||
'barcode_second_row' => $this->request->getPost('barcode_second_row', FILTER_SANITIZE_STRING),
|
||||
'barcode_third_row' => $this->request->getPost('barcode_third_row', FILTER_SANITIZE_STRING),
|
||||
'barcode_first_row' => $this->request->getPost('barcode_first_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_second_row' => $this->request->getPost('barcode_second_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_third_row' => $this->request->getPost('barcode_third_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_num_in_row' => $this->request->getPost('barcode_num_in_row', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_page_width' => $this->request->getPost('barcode_page_width', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_page_cellspacing' => $this->request->getPost('barcode_page_cellspacing', FILTER_SANITIZE_NUMBER_INT),
|
||||
'barcode_generate_if_empty' => $this->request->getPost('barcode_generate_if_empty') != NULL,
|
||||
'allow_duplicate_barcodes' => $this->request->getPost('allow_duplicate_barcodes') != NULL,
|
||||
'barcode_content' => $this->request->getPost('barcode_content', FILTER_SANITIZE_STRING),
|
||||
'barcode_formats' => json_encode($this->request->getPost('barcode_formats', FILTER_SANITIZE_STRING))
|
||||
'barcode_content' => $this->request->getPost('barcode_content', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'barcode_formats' => json_encode($this->request->getPost('barcode_formats', FILTER_SANITIZE_FULL_SPECIAL_CHARS))
|
||||
];
|
||||
|
||||
$success = $this->appconfig->batch_save($batch_save_data);
|
||||
@@ -900,11 +900,11 @@ class Config extends Secure_Controller
|
||||
public function postSaveReceipt(): void
|
||||
{
|
||||
$batch_save_data = [
|
||||
'receipt_template' => $this->request->getPost('receipt_template', FILTER_SANITIZE_STRING),
|
||||
'receipt_template' => $this->request->getPost('receipt_template', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'receipt_font_size' => $this->request->getPost('receipt_font_size', FILTER_SANITIZE_NUMBER_INT),
|
||||
'print_delay_autoreturn' => $this->request->getPost('print_delay_autoreturn', FILTER_SANITIZE_NUMBER_INT),
|
||||
'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour', FILTER_SANITIZE_STRING),
|
||||
'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour', FILTER_SANITIZE_STRING),
|
||||
'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'receipt_show_company_name' => $this->request->getPost('receipt_show_company_name') != NULL,
|
||||
'receipt_show_taxes' => ($this->request->getPost('receipt_show_taxes') != NULL),
|
||||
'receipt_show_tax_ind' => ($this->request->getPost('receipt_show_tax_ind') != NULL),
|
||||
@@ -932,19 +932,19 @@ class Config extends Secure_Controller
|
||||
{
|
||||
$batch_save_data = [
|
||||
'invoice_enable' => $this->request->getPost('invoice_enable') != NULL,
|
||||
'sales_invoice_format' => $this->request->getPost('sales_invoice_format', FILTER_SANITIZE_STRING),
|
||||
'sales_quote_format' => $this->request->getPost('sales_quote_format', FILTER_SANITIZE_STRING),
|
||||
'recv_invoice_format' => $this->request->getPost('recv_invoice_format', FILTER_SANITIZE_STRING),
|
||||
'invoice_default_comments' => $this->request->getPost('invoice_default_comments', FILTER_SANITIZE_STRING),
|
||||
'invoice_email_message' => $this->request->getPost('invoice_email_message', FILTER_SANITIZE_STRING),
|
||||
'line_sequence' => $this->request->getPost('line_sequence', FILTER_SANITIZE_STRING),
|
||||
'sales_invoice_format' => $this->request->getPost('sales_invoice_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'sales_quote_format' => $this->request->getPost('sales_quote_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'recv_invoice_format' => $this->request->getPost('recv_invoice_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'invoice_default_comments' => $this->request->getPost('invoice_default_comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'invoice_email_message' => $this->request->getPost('invoice_email_message', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'line_sequence' => $this->request->getPost('line_sequence', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'last_used_invoice_number' => $this->request->getPost('last_used_invoice_number', FILTER_SANITIZE_NUMBER_INT),
|
||||
'last_used_quote_number' => $this->request->getPost('last_used_quote_number', FILTER_SANITIZE_NUMBER_INT),
|
||||
'quote_default_comments' => $this->request->getPost('quote_default_comments', FILTER_SANITIZE_STRING),
|
||||
'quote_default_comments' => $this->request->getPost('quote_default_comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'work_order_enable' => $this->request->getPost('work_order_enable') != NULL,
|
||||
'work_order_format' => $this->request->getPost('work_order_format', FILTER_SANITIZE_STRING),
|
||||
'work_order_format' => $this->request->getPost('work_order_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT),
|
||||
'invoice_type' => $this->request->getPost('invoice_type', FILTER_SANITIZE_STRING)
|
||||
'invoice_type' => $this->request->getPost('invoice_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$success = $this->appconfig->batch_save($batch_save_data);
|
||||
|
||||
@@ -93,11 +93,11 @@ class Customers extends Persons
|
||||
*/
|
||||
public function getSearch()
|
||||
{
|
||||
$search = $this->request->getGet('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getGet('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getGet('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$customers = $this->customer->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->customer->get_found_rows($search);
|
||||
@@ -131,14 +131,14 @@ class Customers extends Persons
|
||||
*/
|
||||
public function getSuggest(): void
|
||||
{
|
||||
$suggestions = $this->customer->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25,TRUE);
|
||||
$suggestions = $this->customer->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25,TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$suggestions = $this->customer->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), 25, FALSE);
|
||||
$suggestions = $this->customer->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, FALSE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -270,8 +270,8 @@ class Customers extends Persons
|
||||
*/
|
||||
public function postSave(int $customer_id = NEW_ENTRY): void
|
||||
{
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING);
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING);
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
|
||||
|
||||
// format first and last name properly
|
||||
@@ -283,26 +283,26 @@ class Customers extends Persons
|
||||
'last_name' => $last_name,
|
||||
'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
|
||||
'email' => $email,
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING)
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date', FILTER_SANITIZE_STRING));
|
||||
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
$customer_data = [
|
||||
'consent' => $this->request->getPost('consent') != NULL,
|
||||
'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING),
|
||||
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_STRING),
|
||||
'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name', FILTER_SANITIZE_STRING),
|
||||
'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'discount' => $this->request->getPost('discount') == '' ? 0.00 : $this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
|
||||
'discount_type' => $this->request->getPost('discount_type') == NULL ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
|
||||
'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id', FILTER_SANITIZE_STRING),
|
||||
'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'taxable' => $this->request->getPost('taxable') != NULL,
|
||||
'date' => $date_formatter->format('Y-m-d H:i:s'),
|
||||
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
@@ -312,7 +312,7 @@ class Customers extends Persons
|
||||
if($this->customer->save_customer($person_data, $customer_data, $customer_id))
|
||||
{
|
||||
// save customer to Mailchimp selected list //TODO: addOrUpdateMember should be refactored... potentially pass an array or object instead of 6 parameters.
|
||||
$mailchimp_status = $this->request->getPost('mailchimp_status', FILTER_SANITIZE_STRING);
|
||||
$mailchimp_status = $this->request->getPost('mailchimp_status', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->mailchimp_lib->addOrUpdateMember(
|
||||
$this->_list_id,
|
||||
$email,
|
||||
@@ -375,7 +375,7 @@ class Customers extends Persons
|
||||
*/
|
||||
public function postDelete(): void
|
||||
{
|
||||
$customers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$customers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$customers_info = $this->customer->get_multiple_info($customers_to_delete);
|
||||
|
||||
$count = 0;
|
||||
|
||||
@@ -24,11 +24,11 @@ class Employees extends Persons
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$employees = $this->employee->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->employee->get_found_rows($search);
|
||||
@@ -47,14 +47,14 @@ class Employees extends Persons
|
||||
*/
|
||||
public function suggest(): void
|
||||
{
|
||||
$suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25, TRUE);
|
||||
$suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -100,8 +100,8 @@ class Employees extends Persons
|
||||
*/
|
||||
public function postSave(int $employee_id = NEW_ENTRY): void
|
||||
{
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: duplicated code
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING);
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: duplicated code
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
|
||||
|
||||
// format first and last name properly
|
||||
@@ -113,26 +113,26 @@ class Employees extends Persons
|
||||
'last_name' => $last_name,
|
||||
'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
|
||||
'email' => $email,
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING)
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$grants_array = [];
|
||||
foreach($this->module->get_all_permissions()->getResult() as $permission)
|
||||
{
|
||||
$grants = [];
|
||||
$grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_STRING) : '';
|
||||
$grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
|
||||
|
||||
if($grant == $permission->permission_id)
|
||||
{
|
||||
$grants['permission_id'] = $permission->permission_id;
|
||||
$grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_STRING) : '--';
|
||||
$grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
|
||||
$grants_array[] = $grants;
|
||||
}
|
||||
}
|
||||
@@ -140,9 +140,9 @@ class Employees extends Persons
|
||||
//Password has been changed OR first time password set
|
||||
if($this->request->getPost('password') != '' && ENVIRONMENT != 'testing')
|
||||
{
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING));
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
$employee_data = [
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING),
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
|
||||
'hash_version' => 2,
|
||||
'language_code' => $exploded[0],
|
||||
@@ -151,9 +151,9 @@ class Employees extends Persons
|
||||
}
|
||||
else //Password not changed
|
||||
{
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING));
|
||||
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
$employee_data = [
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING),
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'language_code' => $exploded[0],
|
||||
'language' => $exploded[1]
|
||||
];
|
||||
@@ -194,7 +194,7 @@ class Employees extends Persons
|
||||
*/
|
||||
public function postDelete(): void
|
||||
{
|
||||
$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->employee->delete_list($employees_to_delete)) //TODO: this is passing a string, but delete_list expects an array
|
||||
{
|
||||
@@ -215,7 +215,7 @@ class Employees extends Persons
|
||||
*/
|
||||
public function check_username($employee_id): void
|
||||
{
|
||||
$exists = $this->employee->username_exists($employee_id, $this->request->getVar('username', FILTER_SANITIZE_STRING));
|
||||
$exists = $this->employee->username_exists($employee_id, $this->request->getVar('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
echo !$exists ? 'true' : 'false';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -38,14 +38,14 @@ class Expenses extends Secure_Controller
|
||||
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$filters = [
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING),
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING),
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'only_cash' => FALSE,
|
||||
'only_due' => FALSE,
|
||||
'only_check' => FALSE,
|
||||
@@ -55,7 +55,7 @@ class Expenses extends Secure_Controller
|
||||
];
|
||||
|
||||
// check if any filter is set in the multiselect dropdown
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: variable naming does not match standard
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: variable naming does not match standard
|
||||
$filters = array_merge($filters, $filledup);
|
||||
$expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->expense->get_found_rows($search, $filters);
|
||||
@@ -136,19 +136,19 @@ class Expenses extends Secure_Controller
|
||||
public function postSave(int $expense_id = NEW_ENTRY): void
|
||||
{
|
||||
$config = config('OSPOS')->settings;
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING);
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
|
||||
|
||||
$expense_data = [
|
||||
'date' => $date_formatter->format('Y-m-d H:i:s'),
|
||||
'supplier_id' => $this->request->getPost('supplier_id') == '' ? NULL : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_STRING),
|
||||
'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'amount' => parse_decimals($this->request->getPost('amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'tax_amount' => parse_decimals($this->request->getPost('tax_amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
|
||||
'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_STRING),
|
||||
'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'deleted' => $this->request->getPost('deleted') != NULL
|
||||
];
|
||||
@@ -180,7 +180,7 @@ class Expenses extends Secure_Controller
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->expense->delete_list($expenses_to_delete))
|
||||
{
|
||||
|
||||
@@ -28,11 +28,11 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->expense_category->get_found_rows($search);
|
||||
@@ -63,8 +63,8 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u
|
||||
public function postSave(int $expense_category_id = NEW_ENTRY): void
|
||||
{
|
||||
$expense_category_data = [
|
||||
'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_STRING),
|
||||
'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_STRING)
|
||||
'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if($this->expense_category->save_value($expense_category_data, $expense_category_id)) //TODO: Reflection exception
|
||||
@@ -99,7 +99,7 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->expense_category->delete_list($expense_category_to_delete)) //TODO: Convert to ternary notation.
|
||||
{
|
||||
|
||||
@@ -28,11 +28,11 @@ class Giftcards extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->giftcard->get_found_rows($search);
|
||||
@@ -52,14 +52,14 @@ class Giftcards extends Secure_Controller
|
||||
|
||||
public function getSuggest(): void
|
||||
{
|
||||
$suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE);
|
||||
$suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -96,7 +96,7 @@ class Giftcards extends Secure_Controller
|
||||
|
||||
public function postSave(int $giftcard_id = NEW_ENTRY): void
|
||||
{
|
||||
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING);
|
||||
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '')
|
||||
{
|
||||
@@ -153,7 +153,7 @@ class Giftcards extends Secure_Controller
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->giftcard->delete_list($giftcards_to_delete))
|
||||
{
|
||||
|
||||
@@ -45,10 +45,10 @@ class Home extends Secure_Controller
|
||||
{
|
||||
if($this->request->getPost('current_password') != '' && $employee_id != -1)
|
||||
{
|
||||
if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_STRING), $this->request->getPost('current_password')))
|
||||
if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password')))
|
||||
{
|
||||
$employee_data = [
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING),
|
||||
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
|
||||
'hash_version' => 2
|
||||
];
|
||||
|
||||
@@ -76,11 +76,11 @@ class Item_kits extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->item_kit->get_found_rows($search);
|
||||
@@ -98,7 +98,7 @@ class Item_kits extends Secure_Controller
|
||||
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -153,14 +153,14 @@ class Item_kits extends Secure_Controller
|
||||
public function postSave(int $item_kit_id = NEW_ENTRY): void
|
||||
{
|
||||
$item_kit_data = [
|
||||
'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING),
|
||||
'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING),
|
||||
'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'item_id' => $this->request->getPost('kit_item_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'kit_discount' => $this->request->getPost('kit_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
|
||||
'kit_discount_type' => $this->request->getPost('kit_discount_type') == NULL ? PERCENT : $this->request->getPost('kit_discount_type', FILTER_SANITIZE_NUMBER_INT),
|
||||
'price_option' => $this->request->getPost('price_option', FILTER_SANITIZE_NUMBER_INT),
|
||||
'print_option' => $this->request->getPost('print_option', FILTER_SANITIZE_NUMBER_INT),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING)
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if($this->item_kit->save_value($item_kit_data, $item_kit_id))
|
||||
@@ -220,7 +220,7 @@ class Item_kits extends Secure_Controller
|
||||
|
||||
public function postDelete(): void
|
||||
{
|
||||
$item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING);
|
||||
$item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($this->item_kit->delete_list($item_kits_to_delete))
|
||||
{
|
||||
@@ -237,7 +237,7 @@ class Item_kits extends Secure_Controller
|
||||
|
||||
public function check_item_number(): void
|
||||
{
|
||||
$exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
|
||||
$exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
|
||||
echo !$exists ? 'true' : 'false';
|
||||
}
|
||||
|
||||
|
||||
@@ -89,19 +89,19 @@ class Items extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$this->item_lib->set_item_location($this->request->getVar('stock_location', FILTER_SANITIZE_NUMBER_INT));
|
||||
$this->item_lib->set_item_location($this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT));
|
||||
|
||||
$definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS);
|
||||
|
||||
$filters = [
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING),
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING),
|
||||
'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'stock_location_id' => $this->item_lib->get_item_location(),
|
||||
'empty_upc' => FALSE,
|
||||
'low_inventory' => FALSE,
|
||||
@@ -114,7 +114,7 @@ class Items extends Secure_Controller
|
||||
];
|
||||
|
||||
//Check if any filter is set in the multiselect dropdown
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: filled up does not meet naming standards
|
||||
$filledup = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: filled up does not meet naming standards
|
||||
$filters = array_merge($filters, $filledup);
|
||||
$items = $this->item->search($search, $filters, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->item->get_found_rows($search, $filters);
|
||||
@@ -182,28 +182,28 @@ class Items extends Secure_Controller
|
||||
'is_deleted' => $this->request->getPost('is_deleted') !== NULL
|
||||
];
|
||||
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), $options, FALSE);
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $options, FALSE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest(): void
|
||||
{
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_low_sell(): void
|
||||
{
|
||||
$suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_kits(): void
|
||||
{
|
||||
$suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -213,7 +213,7 @@ class Items extends Secure_Controller
|
||||
*/
|
||||
public function getSuggestCategory(): void
|
||||
{
|
||||
$suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -223,7 +223,7 @@ class Items extends Secure_Controller
|
||||
*/
|
||||
public function getSuggestLocation(): void
|
||||
{
|
||||
$suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -604,9 +604,9 @@ class Items extends Secure_Controller
|
||||
|
||||
//Save item data
|
||||
$item_data = [
|
||||
'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING),
|
||||
'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING),
|
||||
'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'item_type' => $item_type,
|
||||
'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type', FILTER_SANITIZE_NUMBER_INT)),
|
||||
'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT)),
|
||||
@@ -618,10 +618,10 @@ class Items extends Secure_Controller
|
||||
'allow_alt_description' => $this->request->getPost('allow_alt_description') !== NULL,
|
||||
'is_serialized' => $this->request->getPost('is_serialized') !== NULL,
|
||||
'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : $this->request->getPost('qty_per_pack', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
|
||||
'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_STRING),
|
||||
'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : $this->request->getPost('low_sell_item_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'deleted' => $this->request->getPost('is_deleted') !== NULL,
|
||||
'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_STRING)
|
||||
'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if($item_data['item_type'] == ITEM_TEMP)
|
||||
@@ -673,7 +673,7 @@ class Items extends Secure_Controller
|
||||
if(!$use_destination_based_tax)
|
||||
{
|
||||
$items_taxes_data = [];
|
||||
$tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING);
|
||||
$tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT);
|
||||
|
||||
$tax_name_index = 0;
|
||||
@@ -815,7 +815,7 @@ class Items extends Secure_Controller
|
||||
*/
|
||||
public function postCheckItemNumber(): void
|
||||
{
|
||||
$exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT));
|
||||
$exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT));
|
||||
echo !$exists ? 'true' : 'false';
|
||||
}
|
||||
|
||||
@@ -824,9 +824,9 @@ class Items extends Secure_Controller
|
||||
*/
|
||||
public function check_kit_exists(): void //TODO: This function appears to be never called in the code. Need to confirm.
|
||||
{
|
||||
if($this->request->getPost('item_number', FILTER_SANITIZE_STRING) === NEW_ENTRY)
|
||||
if($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) === NEW_ENTRY)
|
||||
{
|
||||
$exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_STRING)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed.
|
||||
$exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed.
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -856,7 +856,7 @@ class Items extends Secure_Controller
|
||||
'trans_items' => $item_id,
|
||||
'trans_user' => $employee_id,
|
||||
'trans_location' => $location_id,
|
||||
'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_STRING),
|
||||
'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'trans_inventory' => parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
|
||||
];
|
||||
|
||||
@@ -906,7 +906,7 @@ class Items extends Secure_Controller
|
||||
if(empty($item_data) || $this->item->update_multiple($item_data, $items_to_update))
|
||||
{
|
||||
$items_taxes_data = [];
|
||||
$tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING);
|
||||
$tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
$tax_updated = FALSE;
|
||||
|
||||
|
||||
@@ -44,8 +44,8 @@ class Messages extends Secure_Controller
|
||||
|
||||
public function send(): void
|
||||
{
|
||||
$phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING);
|
||||
$message = $this->request->getPost('message', FILTER_SANITIZE_STRING);
|
||||
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$response = $this->sms_lib->sendSMS($phone, $message);
|
||||
|
||||
@@ -67,8 +67,8 @@ class Messages extends Secure_Controller
|
||||
*/
|
||||
public function send_form(int $person_id = NEW_ENTRY): void
|
||||
{
|
||||
$phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING);
|
||||
$message = $this->request->getPost('message', FILTER_SANITIZE_STRING);
|
||||
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$response = $this->sms_lib->sendSMS($phone, $message);
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ abstract class Persons extends Secure_Controller
|
||||
*/
|
||||
public function suggest(): void
|
||||
{
|
||||
$suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
@@ -55,8 +55,8 @@ class Receivings extends Secure_Controller
|
||||
*/
|
||||
public function getItemSearch(): void
|
||||
{
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING)));
|
||||
$suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -67,8 +67,8 @@ class Receivings extends Secure_Controller
|
||||
*/
|
||||
public function getStockItemSearch(): void
|
||||
{
|
||||
$suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING)));
|
||||
$suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE);
|
||||
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -90,14 +90,14 @@ class Receivings extends Secure_Controller
|
||||
|
||||
public function change_mode(): void
|
||||
{
|
||||
$stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_STRING);
|
||||
$stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
if((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) &&
|
||||
(!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination()))
|
||||
{
|
||||
$this->receiving_lib->clear_reference();
|
||||
$mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING);
|
||||
$mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->receiving_lib->set_mode($mode);
|
||||
}
|
||||
elseif($this->stock_location->is_allowed_location($stock_source, 'receivings'))
|
||||
@@ -111,7 +111,7 @@ class Receivings extends Secure_Controller
|
||||
|
||||
public function set_comment(): void
|
||||
{
|
||||
$this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING));
|
||||
$this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -125,7 +125,7 @@ class Receivings extends Secure_Controller
|
||||
|
||||
public function set_reference(): void
|
||||
{
|
||||
$this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_STRING));
|
||||
$this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
}
|
||||
|
||||
public function add(): void
|
||||
@@ -133,7 +133,7 @@ class Receivings extends Secure_Controller
|
||||
$data = [];
|
||||
|
||||
$mode = $this->receiving_lib->get_mode();
|
||||
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING);
|
||||
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
|
||||
$quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity;
|
||||
$item_location = $this->receiving_lib->get_stock_source();
|
||||
@@ -170,8 +170,8 @@ class Receivings extends Secure_Controller
|
||||
$this->validator->setRule('quantity', 'lang:items_quantity', 'required|numeric');
|
||||
$this->validator->setRule('discount', 'lang:items_discount', 'required|numeric');
|
||||
|
||||
$description = $this->request->getPost('description', FILTER_SANITIZE_STRING); //TODO: Duplicated code
|
||||
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING);
|
||||
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicated code
|
||||
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
||||
$quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
||||
$discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT);
|
||||
@@ -276,7 +276,7 @@ class Receivings extends Secure_Controller
|
||||
$data['mode'] = $this->receiving_lib->get_mode();
|
||||
$data['comment'] = $this->receiving_lib->get_comment();
|
||||
$data['reference'] = $this->receiving_lib->get_reference();
|
||||
$data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING);
|
||||
$data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
|
||||
$data['stock_location'] = $this->receiving_lib->get_stock_source();
|
||||
if($this->request->getPost('amount_tendered') != NULL)
|
||||
@@ -445,7 +445,7 @@ class Receivings extends Secure_Controller
|
||||
*/
|
||||
public function save(int $receiving_id = -1): void //TODO: Replace -1 with a constant
|
||||
{
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); //TODO: newdate does not follow naming conventions
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: newdate does not follow naming conventions
|
||||
|
||||
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
|
||||
$receiving_time = $date_formatter->format('Y-m-d H:i:s');
|
||||
@@ -454,8 +454,8 @@ class Receivings extends Secure_Controller
|
||||
'receiving_time' => $receiving_time,
|
||||
'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : NULL,
|
||||
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
|
||||
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING),
|
||||
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_STRING) : NULL
|
||||
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL
|
||||
];
|
||||
|
||||
$this->inventory->update('RECV '.$receiving_id, ['trans_date' => $receiving_time]);
|
||||
|
||||
@@ -105,17 +105,17 @@ class Sales extends Secure_Controller
|
||||
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$filters = [
|
||||
'sale_type' => 'all',
|
||||
'location_id' => 'all',
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING),
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING),
|
||||
'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'only_cash' => FALSE,
|
||||
'only_due' => FALSE,
|
||||
'only_check' => FALSE,
|
||||
@@ -125,7 +125,7 @@ class Sales extends Secure_Controller
|
||||
];
|
||||
|
||||
// check if any filter is set in the multiselect dropdown
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: Variable does not meet naming conventions
|
||||
$filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: Variable does not meet naming conventions
|
||||
$filters = array_merge($filters, $filledup);
|
||||
|
||||
$sales = $this->sale->search($search, $filters, $limit, $offset, $sort, $order);
|
||||
@@ -154,7 +154,7 @@ class Sales extends Secure_Controller
|
||||
public function getItemSearch(): void
|
||||
{
|
||||
$suggestions = [];
|
||||
$receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_STRING) : NULL;
|
||||
$receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL;
|
||||
|
||||
if($this->sale_lib->get_mode() == 'return' && $this->sale->is_valid_receipt($receipt))
|
||||
{
|
||||
@@ -169,7 +169,7 @@ class Sales extends Secure_Controller
|
||||
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_STRING) : NULL;
|
||||
$search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL;
|
||||
|
||||
$suggestions = $this->sale->get_search_suggestions($search);
|
||||
|
||||
@@ -197,7 +197,7 @@ class Sales extends Secure_Controller
|
||||
|
||||
public function postChange_mode(): void
|
||||
{
|
||||
$mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING);
|
||||
$mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->sale_lib->set_mode($mode);
|
||||
|
||||
if($mode == 'sale')
|
||||
@@ -281,7 +281,7 @@ class Sales extends Secure_Controller
|
||||
|
||||
public function set_comment(): void
|
||||
{
|
||||
$this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING));
|
||||
$this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -295,7 +295,7 @@ class Sales extends Secure_Controller
|
||||
|
||||
public function set_payment_type(): void //TODO: This function does not appear to be called anywhere in the code.
|
||||
{
|
||||
$this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_STRING));
|
||||
$this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
$this->_reload(); //TODO: Hungarian notation.
|
||||
}
|
||||
|
||||
@@ -319,7 +319,7 @@ class Sales extends Secure_Controller
|
||||
*/
|
||||
public function set_email_receipt(): void
|
||||
{
|
||||
$this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_STRING));
|
||||
$this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -330,7 +330,7 @@ class Sales extends Secure_Controller
|
||||
{
|
||||
$data = [];
|
||||
|
||||
$payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING);
|
||||
$payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
//TODO: See the code block below. This too needs to be ternary notation.
|
||||
if($payment_type !== lang('Sales.giftcard'))
|
||||
@@ -481,7 +481,7 @@ class Sales extends Secure_Controller
|
||||
}
|
||||
}
|
||||
|
||||
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING);
|
||||
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
|
||||
$mode = $this->sale_lib->get_mode();
|
||||
$quantity = ($mode == 'return') ? -$quantity : $quantity;
|
||||
@@ -573,11 +573,11 @@ class Sales extends Secure_Controller
|
||||
if($this->validate($rules))
|
||||
{
|
||||
|
||||
$description = $this->request->getPost('description', FILTER_SANITIZE_STRING);
|
||||
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING);
|
||||
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
||||
$quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
||||
$discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_STRING);
|
||||
$discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$discount = $discount_type ? parse_quantity($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) : parse_decimals($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
||||
|
||||
$item_location = $this->request->getPost('location', FILTER_SANITIZE_NUMBER_INT);
|
||||
@@ -1409,7 +1409,7 @@ class Sales extends Secure_Controller
|
||||
*/
|
||||
public function save(int $sale_id = NEW_ENTRY): void
|
||||
{
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING);
|
||||
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
|
||||
|
||||
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
|
||||
@@ -1419,8 +1419,8 @@ class Sales extends Secure_Controller
|
||||
'sale_time' => $sale_time,
|
||||
'customer_id' => $this->request->getPost('customer_id') != '' ? $this->request->getPost('customer_id', FILTER_SANITIZE_NUMBER_INT) : NULL,
|
||||
'employee_id' => $this->request->getPost('employee_id') != '' ? $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT) : NULL,
|
||||
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING),
|
||||
'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING) : NULL
|
||||
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL
|
||||
];
|
||||
|
||||
// In order to maintain tradition the only element that can change on prior payments is the payment type
|
||||
@@ -1430,9 +1430,9 @@ class Sales extends Secure_Controller
|
||||
for($i = 0; $i < $number_of_payments; ++$i)
|
||||
{
|
||||
$payment_id = $this->request->getPost("payment_id_$i", FILTER_SANITIZE_NUMBER_INT);
|
||||
$payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_STRING);
|
||||
$payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$payment_amount = $this->request->getPost("payment_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
$refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_STRING);
|
||||
$refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$cash_refund = $this->request->getPost("refund_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
|
||||
$cash_adjustment = $payment_type == lang('Sales.cash_adjustment') ? CASH_ADJUSTMENT_TRUE : CASH_ADJUSTMENT_FALSE;
|
||||
@@ -1468,7 +1468,7 @@ class Sales extends Secure_Controller
|
||||
|
||||
$payment_id = NEW_ENTRY;
|
||||
$payment_amount = $this->request->getPost('payment_amount_new', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
$payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_STRING);
|
||||
$payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if($payment_type != PAYMENT_TYPE_UNASSIGNED && $payment_amount <> 0)
|
||||
{
|
||||
@@ -1639,7 +1639,7 @@ class Sales extends Secure_Controller
|
||||
public function check_invoice_number(): void
|
||||
{
|
||||
$sale_id = $this->request->getPost('sale_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING);
|
||||
$invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$exists = !empty($invoice_number) && $this->sale->check_invoice_number_exists($invoice_number, $sale_id);
|
||||
echo !$exists ? 'true' : 'false';
|
||||
}
|
||||
@@ -1666,7 +1666,7 @@ class Sales extends Secure_Controller
|
||||
public function change_item_number(): void
|
||||
{
|
||||
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$item_number = $this->request->getPost('item_number', FILTER_SANITIZE_STRING);
|
||||
$item_number = $this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$this->item->update_item_number($item_id, $item_number);
|
||||
$cart = $this->sale_lib->get_cart();
|
||||
$x = $this->search_cart_for_item_id($item_id, $cart);
|
||||
@@ -1680,7 +1680,7 @@ class Sales extends Secure_Controller
|
||||
public function change_item_name(): void
|
||||
{
|
||||
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$name = $this->request->getPost('item_name', FILTER_SANITIZE_STRING);
|
||||
$name = $this->request->getPost('item_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$this->item->update_item_name($item_id, $name);
|
||||
|
||||
@@ -1698,7 +1698,7 @@ class Sales extends Secure_Controller
|
||||
public function change_item_description(): void
|
||||
{
|
||||
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$description = $this->request->getPost('item_description', FILTER_SANITIZE_STRING);
|
||||
$description = $this->request->getPost('item_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$this->item->update_item_description($item_id, $description);
|
||||
|
||||
|
||||
@@ -72,7 +72,7 @@ class Secure_Controller extends BaseController
|
||||
{
|
||||
$result = TRUE;
|
||||
|
||||
foreach($this->request->getVar(NULL, FILTER_SANITIZE_STRING) as $str)
|
||||
foreach($this->request->getVar(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $str)
|
||||
{
|
||||
$result &= parse_decimals($str);
|
||||
}
|
||||
|
||||
@@ -46,11 +46,11 @@ class Suppliers extends Persons
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->supplier->get_found_rows($search);
|
||||
@@ -72,14 +72,14 @@ class Suppliers extends Persons
|
||||
*/
|
||||
public function suggest(): void
|
||||
{
|
||||
$suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE);
|
||||
$suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
|
||||
public function suggest_search()
|
||||
{
|
||||
$suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), FALSE);
|
||||
$suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), FALSE);
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -105,8 +105,8 @@ class Suppliers extends Persons
|
||||
*/
|
||||
public function postSave(int $supplier_id = NEW_ENTRY): void
|
||||
{
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: Duplicate code
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING);
|
||||
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicate code
|
||||
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
|
||||
|
||||
// format first and last name properly
|
||||
@@ -116,23 +116,23 @@ class Suppliers extends Persons
|
||||
$person_data = [
|
||||
'first_name' => $first_name,
|
||||
'last_name' => $last_name,
|
||||
'gender' => $this->request->getPost('gender', FILTER_SANITIZE_STRING),
|
||||
'gender' => $this->request->getPost('gender', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'email' => $email,
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING)
|
||||
'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
$supplier_data = [
|
||||
'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_STRING),
|
||||
'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_STRING),
|
||||
'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING),
|
||||
'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING),
|
||||
'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
|
||||
];
|
||||
|
||||
|
||||
@@ -28,11 +28,11 @@ class Tax_categories extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->tax_category->get_found_rows($search);
|
||||
@@ -64,8 +64,8 @@ class Tax_categories extends Secure_Controller
|
||||
public function postSave(int $tax_category_id = NEW_ENTRY): void
|
||||
{
|
||||
$tax_category_data = [
|
||||
'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_STRING),
|
||||
'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_STRING),
|
||||
'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT)
|
||||
];
|
||||
|
||||
|
||||
@@ -35,11 +35,11 @@ class Tax_codes extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->tax_code->get_found_rows($search);
|
||||
@@ -72,10 +72,10 @@ class Tax_codes extends Secure_Controller
|
||||
public function postSave(int $tax_code_id = NEW_ENTRY): void
|
||||
{
|
||||
$tax_code_data = [
|
||||
'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_STRING),
|
||||
'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING)
|
||||
'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if($this->tax_code->save($tax_code_data))
|
||||
|
||||
@@ -31,11 +31,11 @@ class Tax_jurisdictions extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
|
||||
$total_rows = $this->tax_jurisdiction->get_found_rows($search);
|
||||
@@ -67,8 +67,8 @@ class Tax_jurisdictions extends Secure_Controller
|
||||
public function postSave(int $jurisdiction_id = NEW_ENTRY): void
|
||||
{
|
||||
$tax_jurisdiction_data = [
|
||||
'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING),
|
||||
'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING)
|
||||
'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
||||
'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
|
||||
];
|
||||
|
||||
if($this->tax_jurisdiction->save_value($tax_jurisdiction_data))
|
||||
|
||||
@@ -79,11 +79,11 @@ class Taxes extends Secure_Controller
|
||||
*/
|
||||
public function getSearch(): void
|
||||
{
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_STRING);
|
||||
$search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT);
|
||||
$offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_STRING);
|
||||
$sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);
|
||||
|
||||
@@ -103,7 +103,7 @@ class Taxes extends Secure_Controller
|
||||
*/
|
||||
public function suggest_search(): void
|
||||
{
|
||||
$suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); //TODO: There is no get_search_suggestions function in the tax model
|
||||
$suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: There is no get_search_suggestions function in the tax model
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -113,7 +113,7 @@ class Taxes extends Secure_Controller
|
||||
*/
|
||||
public function suggest_tax_categories(): void
|
||||
{
|
||||
$suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -419,7 +419,7 @@ class Taxes extends Secure_Controller
|
||||
*/
|
||||
public function getSuggestTaxCodes(): void
|
||||
{
|
||||
$suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING));
|
||||
$suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
||||
|
||||
echo json_encode($suggestions);
|
||||
}
|
||||
@@ -431,10 +431,10 @@ class Taxes extends Secure_Controller
|
||||
public function save_tax_codes(): void
|
||||
{
|
||||
$tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_STRING);
|
||||
$tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING);
|
||||
$city = $this->request->getPost('city', FILTER_SANITIZE_STRING);
|
||||
$state = $this->request->getPost('state', FILTER_SANITIZE_STRING);
|
||||
$tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
$array_save = []; //TODO: the naming of this variable is not good.
|
||||
foreach($tax_code_id as $key=>$val)
|
||||
@@ -459,10 +459,10 @@ class Taxes extends Secure_Controller
|
||||
public function save_tax_jurisdictions(): void
|
||||
{
|
||||
$jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING);
|
||||
$tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_STRING);
|
||||
$jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT);
|
||||
$reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING);
|
||||
$reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
|
||||
$cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
@@ -506,7 +506,7 @@ class Taxes extends Secure_Controller
|
||||
public function save_tax_categories(): void
|
||||
{
|
||||
$tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
|
||||
$tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_STRING);
|
||||
$tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
$array_save= [];
|
||||
|
||||
Reference in New Issue
Block a user