diff --git a/app/Controllers/Attributes.php b/app/Controllers/Attributes.php index af928a1f2..277b9ac08 100644 --- a/app/Controllers/Attributes.php +++ b/app/Controllers/Attributes.php @@ -33,11 +33,11 @@ class Attributes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $attributes = $this->attribute->search($search, $limit, $offset, $sort, $order); $total_rows = $this->attribute->get_found_rows($search); @@ -88,7 +88,7 @@ class Attributes extends Secure_Controller { $definition_flags = 0; - $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_STRING); + $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS); foreach($flags as $flag) { @@ -211,7 +211,7 @@ class Attributes extends Secure_Controller public function postDelete(): void { - $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->attribute->delete_definition_list($attributes_to_delete)) { diff --git a/app/Controllers/Cashups.php b/app/Controllers/Cashups.php index 665f42bc2..79ffa7bd1 100644 --- a/app/Controllers/Cashups.php +++ b/app/Controllers/Cashups.php @@ -37,19 +37,19 @@ class Cashups extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), //TODO: Is this the best way to filter dates - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), //TODO: Is this the best way to filter dates + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'is_deleted' => FALSE ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using. + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using. $filters = array_merge($filters, $filledup); $cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->cashup->get_found_rows($search, $filters); @@ -188,7 +188,7 @@ class Cashups extends Secure_Controller public function postSave(int $cashup_id = NEW_ENTRY): void { - $open_date = $this->request->getPost('open_date', FILTER_SANITIZE_STRING); + $open_date = $this->request->getPost('open_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date); $close_date = $this->request->getPost('close_date', FILTER_SANITIZE_NUMBER_INT); @@ -205,7 +205,7 @@ class Cashups extends Secure_Controller 'closed_amount_check' => parse_decimals($this->request->getPost('closed_amount_check', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'closed_amount_total' => parse_decimals($this->request->getPost('closed_amount_total', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'note' => $this->request->getPost('note') != NULL, - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'open_employee_id' => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT), 'close_employee_id' => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT), 'deleted' => $this->request->getPost('deleted') != NULL @@ -231,7 +231,7 @@ class Cashups extends Secure_Controller public function postDelete(): void { - $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->cashup->delete_list($cash_ups_to_delete)) { diff --git a/app/Controllers/Config.php b/app/Controllers/Config.php index 6fe666bda..34219c00c 100644 --- a/app/Controllers/Config.php +++ b/app/Controllers/Config.php @@ -329,13 +329,13 @@ class Config extends Secure_Controller $upload_success = !empty($upload_data['error']); $batch_save_data = [ - 'company' => $this->request->getPost('company', FILTER_SANITIZE_STRING), - 'address' => $this->request->getPost('address', FILTER_SANITIZE_STRING), - 'phone' => $this->request->getPost('phone', FILTER_SANITIZE_STRING), + 'company' => $this->request->getPost('company', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address' => $this->request->getPost('address', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'phone' => $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'email' => $this->request->getPost('email', FILTER_SANITIZE_EMAIL), - 'fax' => $this->request->getPost('fax', FILTER_SANITIZE_STRING), + 'fax' => $this->request->getPost('fax', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'website' => $this->request->getPost('website', FILTER_SANITIZE_URL), - 'return_policy' => $this->request->getPost('return_policy', FILTER_SANITIZE_STRING) + 'return_policy' => $this->request->getPost('return_policy', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if(!empty($upload_data['orig_name']) && $upload_data['raw_name'] === TRUE) @@ -397,8 +397,8 @@ class Config extends Secure_Controller public function postSaveGeneral(): void { $batch_save_data = [ - 'theme' => $this->request->getPost('theme', FILTER_SANITIZE_STRING), - 'login_form' => $this->request->getPost('login_form', FILTER_SANITIZE_STRING), + 'theme' => $this->request->getPost('theme', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'login_form' => $this->request->getPost('login_form', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'default_sales_discount_type' => $this->request->getPost('default_sales_discount_type') != NULL, 'default_sales_discount' => $this->request->getPost('default_sales_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'default_receivings_discount_type' => $this->request->getPost('default_receivings_discount_type') != NULL, @@ -411,14 +411,14 @@ class Config extends Secure_Controller 'image_max_width' => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT), 'image_max_height' => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT), 'image_max_size' => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT), - 'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types', FILTER_SANITIZE_STRING)), + 'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types', FILTER_SANITIZE_FULL_SPECIAL_CHARS)), 'gcaptcha_enable' => $this->request->getPost('gcaptcha_enable') != NULL, - 'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key', FILTER_SANITIZE_STRING), - 'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key', FILTER_SANITIZE_STRING), - 'suggestions_first_column' => $this->request->getPost('suggestions_first_column', FILTER_SANITIZE_STRING), - 'suggestions_second_column' => $this->request->getPost('suggestions_second_column', FILTER_SANITIZE_STRING), - 'suggestions_third_column' => $this->request->getPost('suggestions_third_column', FILTER_SANITIZE_STRING), - 'giftcard_number' => $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING), + 'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'suggestions_first_column' => $this->request->getPost('suggestions_first_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'suggestions_second_column' => $this->request->getPost('suggestions_second_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'suggestions_third_column' => $this->request->getPost('suggestions_third_column', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'giftcard_number' => $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'derive_sale_quantity' => $this->request->getPost('derive_sale_quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION) != NULL, 'multi_pack_enabled' => $this->request->getPost('multi_pack_enabled') != NULL, 'include_hsn' => $this->request->getPost('include_hsn') != NULL, @@ -452,8 +452,8 @@ class Config extends Secure_Controller */ public function postCheckNumberLocale(): void { - $number_locale = $this->request->getPost('number_locale', FILTER_SANITIZE_STRING); - $save_number_locale = $this->request->getPost('save_number_locale', FILTER_SANITIZE_STRING); + $number_locale = $this->request->getPost('number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $save_number_locale = $this->request->getPost('save_number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $fmt = new NumberFormatter($number_locale, NumberFormatter::CURRENCY); if($number_locale != $save_number_locale) @@ -464,8 +464,8 @@ class Config extends Secure_Controller } else { - $currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING); - $currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code', FILTER_SANITIZE_STRING); + $currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS); } if($this->request->getPost('thousands_separator') == 'false') @@ -490,25 +490,25 @@ class Config extends Secure_Controller */ public function postSaveLocale(): void { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $batch_save_data = [ - 'currency_symbol' => $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING), - 'currency_code' => $this->request->getPost('currency_code', FILTER_SANITIZE_STRING), + 'currency_symbol' => $this->request->getPost('currency_symbol', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'currency_code' => $this->request->getPost('currency_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'language_code' => $exploded[0], 'language' => $exploded[1], - 'timezone' => $this->request->getPost('timezone', FILTER_SANITIZE_STRING), - 'dateformat' => $this->request->getPost('dateformat', FILTER_SANITIZE_STRING), - 'timeformat' => $this->request->getPost('timeformat', FILTER_SANITIZE_STRING), + 'timezone' => $this->request->getPost('timezone', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'dateformat' => $this->request->getPost('dateformat', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'timeformat' => $this->request->getPost('timeformat', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'thousands_separator' => !empty($this->request->getPost('thousands_separator', FILTER_SANITIZE_NUMBER_INT)), - 'number_locale' => $this->request->getPost('number_locale', FILTER_SANITIZE_STRING), + 'number_locale' => $this->request->getPost('number_locale', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'currency_decimals' => $this->request->getPost('currency_decimals', FILTER_SANITIZE_NUMBER_INT), 'tax_decimals' => $this->request->getPost('tax_decimals', FILTER_SANITIZE_NUMBER_INT), 'quantity_decimals' => $this->request->getPost('quantity_decimals', FILTER_SANITIZE_NUMBER_INT), - 'country_codes' => $this->request->getPost('country_codes', FILTER_SANITIZE_STRING), - 'payment_options_order' => $this->request->getPost('payment_options_order', FILTER_SANITIZE_STRING), + 'country_codes' => $this->request->getPost('country_codes', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'payment_options_order' => $this->request->getPost('payment_options_order', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'date_or_time_format' => $this->request->getPost('date_or_time_format', FILTER_SANITIZE_NUMBER_INT), 'cash_decimals' => $this->request->getPost('cash_decimals', FILTER_SANITIZE_NUMBER_INT), - 'cash_rounding_code' => $this->request->getPost('cash_rounding_code', FILTER_SANITIZE_STRING), + 'cash_rounding_code' => $this->request->getPost('cash_rounding_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'financial_year' => $this->request->getPost('financial_year', FILTER_SANITIZE_NUMBER_INT) ]; @@ -534,14 +534,14 @@ class Config extends Secure_Controller } $batch_save_data = [ - 'protocol' => $this->request->getPost('protocol', FILTER_SANITIZE_STRING), - 'mailpath' => $this->request->getPost('mailpath', FILTER_SANITIZE_STRING), - 'smtp_host' => $this->request->getPost('smtp_host', FILTER_SANITIZE_STRING), - 'smtp_user' => $this->request->getPost('smtp_user', FILTER_SANITIZE_STRING), + 'protocol' => $this->request->getPost('protocol', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'mailpath' => $this->request->getPost('mailpath', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'smtp_host' => $this->request->getPost('smtp_host', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'smtp_user' => $this->request->getPost('smtp_user', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'smtp_pass' => $password, 'smtp_port' => $this->request->getPost('smtp_port', FILTER_SANITIZE_NUMBER_INT), 'smtp_timeout' => $this->request->getPost('smtp_timeout', FILTER_SANITIZE_NUMBER_INT), - 'smtp_crypto' => $this->request->getPost('smtp_crypto', FILTER_SANITIZE_STRING) + 'smtp_crypto' => $this->request->getPost('smtp_crypto', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -562,10 +562,10 @@ class Config extends Secure_Controller } $batch_save_data = [ - 'msg_msg' => $this->request->getPost('msg_msg', FILTER_SANITIZE_STRING), - 'msg_uid' => $this->request->getPost('msg_uid', FILTER_SANITIZE_STRING), + 'msg_msg' => $this->request->getPost('msg_msg', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'msg_uid' => $this->request->getPost('msg_uid', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'msg_pwd' => $password, - 'msg_src' => $this->request->getPost('msg_src', FILTER_SANITIZE_STRING) + 'msg_src' => $this->request->getPost('msg_src', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -605,7 +605,7 @@ class Config extends Secure_Controller public function ajax_check_mailchimp_api_key(): void { // load mailchimp lists associated to the given api key, already XSS cleaned in the private function - $lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING)); + $lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $success = count($lists) > 0; echo json_encode ([ @@ -625,14 +625,14 @@ class Config extends Secure_Controller if(check_encryption()) //TODO: Hungarian notation { - $api_key_unencrypted = $this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING); + $api_key_unencrypted = $this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if(!empty($api_key_unencrypted)) { $api_key = $this->encrypter->encrypt($api_key_unencrypted); $api_key_unencrypted = ""; } - $list_id_unencrypted = $this->request->getPost('mailchimp_list_id', FILTER_SANITIZE_STRING); + $list_id_unencrypted = $this->request->getPost('mailchimp_list_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if(!empty($list_id_unencrypted)) { $list_id = $this->encrypter->encrypt($list_id_unencrypted); @@ -691,7 +691,7 @@ class Config extends Secure_Controller $this->db->transStart(); $not_to_delete = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) + foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value) { if(strstr($key, 'stock_location')) { @@ -741,7 +741,7 @@ class Config extends Secure_Controller if($dinner_table_enable) { $not_to_delete = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) //TODO: Not sure if this is the best way to filter the array + foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value) //TODO: Not sure if this is the best way to filter the array { if(strstr($key, 'dinner_table') && $key != 'dinner_table_enable') { @@ -785,14 +785,14 @@ class Config extends Secure_Controller $batch_save_data = [ 'default_tax_1_rate' => parse_tax($this->request->getPost('default_tax_1_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'default_tax_1_name' => $this->request->getPost('default_tax_1_name', FILTER_SANITIZE_STRING), + 'default_tax_1_name' => $this->request->getPost('default_tax_1_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'default_tax_2_rate' => parse_tax($this->request->getPost('default_tax_2_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'default_tax_2_name' => $this->request->getPost('default_tax_2_name', FILTER_SANITIZE_STRING), + 'default_tax_2_name' => $this->request->getPost('default_tax_2_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_included' => $this->request->getPost('tax_included') != NULL, 'use_destination_based_tax' => $this->request->getPost('use_destination_based_tax') != NULL, - 'default_tax_code' => $this->request->getPost('default_tax_code', FILTER_SANITIZE_STRING), - 'default_tax_category' => $this->request->getPost('default_tax_category', FILTER_SANITIZE_STRING), - 'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction', FILTER_SANITIZE_STRING), + 'default_tax_code' => $this->request->getPost('default_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'default_tax_category' => $this->request->getPost('default_tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT) ]; @@ -822,7 +822,7 @@ class Config extends Secure_Controller { $not_to_delete = []; $array_save = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) + foreach($this->request->getPost(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $key => $value) { if(strstr($key, 'customer_reward') && $key != 'customer_reward_enable') { @@ -872,21 +872,21 @@ class Config extends Secure_Controller public function postSaveBarcode(): void { $batch_save_data = [ - 'barcode_type' => $this->request->getPost('barcode_type', FILTER_SANITIZE_STRING), + 'barcode_type' => $this->request->getPost('barcode_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'barcode_width' => $this->request->getPost('barcode_width', FILTER_SANITIZE_NUMBER_INT), 'barcode_height' => $this->request->getPost('barcode_height', FILTER_SANITIZE_NUMBER_INT), - 'barcode_font' => $this->request->getPost('barcode_font', FILTER_SANITIZE_STRING), + 'barcode_font' => $this->request->getPost('barcode_font', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'barcode_font_size' => $this->request->getPost('barcode_font_size', FILTER_SANITIZE_NUMBER_INT), - 'barcode_first_row' => $this->request->getPost('barcode_first_row', FILTER_SANITIZE_STRING), - 'barcode_second_row' => $this->request->getPost('barcode_second_row', FILTER_SANITIZE_STRING), - 'barcode_third_row' => $this->request->getPost('barcode_third_row', FILTER_SANITIZE_STRING), + 'barcode_first_row' => $this->request->getPost('barcode_first_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'barcode_second_row' => $this->request->getPost('barcode_second_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'barcode_third_row' => $this->request->getPost('barcode_third_row', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'barcode_num_in_row' => $this->request->getPost('barcode_num_in_row', FILTER_SANITIZE_NUMBER_INT), 'barcode_page_width' => $this->request->getPost('barcode_page_width', FILTER_SANITIZE_NUMBER_INT), 'barcode_page_cellspacing' => $this->request->getPost('barcode_page_cellspacing', FILTER_SANITIZE_NUMBER_INT), 'barcode_generate_if_empty' => $this->request->getPost('barcode_generate_if_empty') != NULL, 'allow_duplicate_barcodes' => $this->request->getPost('allow_duplicate_barcodes') != NULL, - 'barcode_content' => $this->request->getPost('barcode_content', FILTER_SANITIZE_STRING), - 'barcode_formats' => json_encode($this->request->getPost('barcode_formats', FILTER_SANITIZE_STRING)) + 'barcode_content' => $this->request->getPost('barcode_content', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'barcode_formats' => json_encode($this->request->getPost('barcode_formats', FILTER_SANITIZE_FULL_SPECIAL_CHARS)) ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -900,11 +900,11 @@ class Config extends Secure_Controller public function postSaveReceipt(): void { $batch_save_data = [ - 'receipt_template' => $this->request->getPost('receipt_template', FILTER_SANITIZE_STRING), + 'receipt_template' => $this->request->getPost('receipt_template', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'receipt_font_size' => $this->request->getPost('receipt_font_size', FILTER_SANITIZE_NUMBER_INT), 'print_delay_autoreturn' => $this->request->getPost('print_delay_autoreturn', FILTER_SANITIZE_NUMBER_INT), - 'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour', FILTER_SANITIZE_STRING), - 'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour', FILTER_SANITIZE_STRING), + 'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'receipt_show_company_name' => $this->request->getPost('receipt_show_company_name') != NULL, 'receipt_show_taxes' => ($this->request->getPost('receipt_show_taxes') != NULL), 'receipt_show_tax_ind' => ($this->request->getPost('receipt_show_tax_ind') != NULL), @@ -932,19 +932,19 @@ class Config extends Secure_Controller { $batch_save_data = [ 'invoice_enable' => $this->request->getPost('invoice_enable') != NULL, - 'sales_invoice_format' => $this->request->getPost('sales_invoice_format', FILTER_SANITIZE_STRING), - 'sales_quote_format' => $this->request->getPost('sales_quote_format', FILTER_SANITIZE_STRING), - 'recv_invoice_format' => $this->request->getPost('recv_invoice_format', FILTER_SANITIZE_STRING), - 'invoice_default_comments' => $this->request->getPost('invoice_default_comments', FILTER_SANITIZE_STRING), - 'invoice_email_message' => $this->request->getPost('invoice_email_message', FILTER_SANITIZE_STRING), - 'line_sequence' => $this->request->getPost('line_sequence', FILTER_SANITIZE_STRING), + 'sales_invoice_format' => $this->request->getPost('sales_invoice_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'sales_quote_format' => $this->request->getPost('sales_quote_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'recv_invoice_format' => $this->request->getPost('recv_invoice_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'invoice_default_comments' => $this->request->getPost('invoice_default_comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'invoice_email_message' => $this->request->getPost('invoice_email_message', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'line_sequence' => $this->request->getPost('line_sequence', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'last_used_invoice_number' => $this->request->getPost('last_used_invoice_number', FILTER_SANITIZE_NUMBER_INT), 'last_used_quote_number' => $this->request->getPost('last_used_quote_number', FILTER_SANITIZE_NUMBER_INT), - 'quote_default_comments' => $this->request->getPost('quote_default_comments', FILTER_SANITIZE_STRING), + 'quote_default_comments' => $this->request->getPost('quote_default_comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'work_order_enable' => $this->request->getPost('work_order_enable') != NULL, - 'work_order_format' => $this->request->getPost('work_order_format', FILTER_SANITIZE_STRING), + 'work_order_format' => $this->request->getPost('work_order_format', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT), - 'invoice_type' => $this->request->getPost('invoice_type', FILTER_SANITIZE_STRING) + 'invoice_type' => $this->request->getPost('invoice_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $success = $this->appconfig->batch_save($batch_save_data); diff --git a/app/Controllers/Customers.php b/app/Controllers/Customers.php index 85151de34..86cf59b64 100644 --- a/app/Controllers/Customers.php +++ b/app/Controllers/Customers.php @@ -93,11 +93,11 @@ class Customers extends Persons */ public function getSearch() { - $search = $this->request->getGet('search', FILTER_SANITIZE_STRING); + $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getGet('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $customers = $this->customer->search($search, $limit, $offset, $sort, $order); $total_rows = $this->customer->get_found_rows($search); @@ -131,14 +131,14 @@ class Customers extends Persons */ public function getSuggest(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25,TRUE); + $suggestions = $this->customer->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25,TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), 25, FALSE); + $suggestions = $this->customer->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, FALSE); echo json_encode($suggestions); } @@ -270,8 +270,8 @@ class Customers extends Persons */ public function postSave(int $customer_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -283,26 +283,26 @@ class Customers extends Persons 'last_name' => $last_name, 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; - $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date', FILTER_SANITIZE_STRING)); + $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $customer_data = [ 'consent' => $this->request->getPost('consent') != NULL, - 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING), - 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_STRING), - 'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name', FILTER_SANITIZE_STRING), + 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'discount' => $this->request->getPost('discount') == '' ? 0.00 : $this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'discount_type' => $this->request->getPost('discount_type') == NULL ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT), - 'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id', FILTER_SANITIZE_STRING), + 'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'taxable' => $this->request->getPost('taxable') != NULL, 'date' => $date_formatter->format('Y-m-d H:i:s'), 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), @@ -312,7 +312,7 @@ class Customers extends Persons if($this->customer->save_customer($person_data, $customer_data, $customer_id)) { // save customer to Mailchimp selected list //TODO: addOrUpdateMember should be refactored... potentially pass an array or object instead of 6 parameters. - $mailchimp_status = $this->request->getPost('mailchimp_status', FILTER_SANITIZE_STRING); + $mailchimp_status = $this->request->getPost('mailchimp_status', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->mailchimp_lib->addOrUpdateMember( $this->_list_id, $email, @@ -375,7 +375,7 @@ class Customers extends Persons */ public function postDelete(): void { - $customers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $customers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $customers_info = $this->customer->get_multiple_info($customers_to_delete); $count = 0; diff --git a/app/Controllers/Employees.php b/app/Controllers/Employees.php index 8025cff21..ae10f7b6a 100644 --- a/app/Controllers/Employees.php +++ b/app/Controllers/Employees.php @@ -24,11 +24,11 @@ class Employees extends Persons */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $employees = $this->employee->search($search, $limit, $offset, $sort, $order); $total_rows = $this->employee->get_found_rows($search); @@ -47,14 +47,14 @@ class Employees extends Persons */ public function suggest(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25, TRUE); + $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -100,8 +100,8 @@ class Employees extends Persons */ public function postSave(int $employee_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: duplicated code - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: duplicated code + $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -113,26 +113,26 @@ class Employees extends Persons 'last_name' => $last_name, 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $grants_array = []; foreach($this->module->get_all_permissions()->getResult() as $permission) { $grants = []; - $grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_STRING) : ''; + $grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : ''; if($grant == $permission->permission_id) { $grants['permission_id'] = $permission->permission_id; - $grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_STRING) : '--'; + $grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--'; $grants_array[] = $grants; } } @@ -140,9 +140,9 @@ class Employees extends Persons //Password has been changed OR first time password set if($this->request->getPost('password') != '' && ENVIRONMENT != 'testing') { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT), 'hash_version' => 2, 'language_code' => $exploded[0], @@ -151,9 +151,9 @@ class Employees extends Persons } else //Password not changed { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'language_code' => $exploded[0], 'language' => $exploded[1] ]; @@ -194,7 +194,7 @@ class Employees extends Persons */ public function postDelete(): void { - $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->employee->delete_list($employees_to_delete)) //TODO: this is passing a string, but delete_list expects an array { @@ -215,7 +215,7 @@ class Employees extends Persons */ public function check_username($employee_id): void { - $exists = $this->employee->username_exists($employee_id, $this->request->getVar('username', FILTER_SANITIZE_STRING)); + $exists = $this->employee->username_exists($employee_id, $this->request->getVar('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo !$exists ? 'true' : 'false'; } } diff --git a/app/Controllers/Expenses.php b/app/Controllers/Expenses.php index eba38e35a..6819da6b7 100644 --- a/app/Controllers/Expenses.php +++ b/app/Controllers/Expenses.php @@ -38,14 +38,14 @@ class Expenses extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'only_cash' => FALSE, 'only_due' => FALSE, 'only_check' => FALSE, @@ -55,7 +55,7 @@ class Expenses extends Secure_Controller ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: variable naming does not match standard + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: variable naming does not match standard $filters = array_merge($filters, $filledup); $expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->expense->get_found_rows($search, $filters); @@ -136,19 +136,19 @@ class Expenses extends Secure_Controller public function postSave(int $expense_id = NEW_ENTRY): void { $config = config('OSPOS')->settings; - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate); $expense_data = [ 'date' => $date_formatter->format('Y-m-d H:i:s'), 'supplier_id' => $this->request->getPost('supplier_id') == '' ? NULL : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT), - 'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_STRING), + 'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'amount' => parse_decimals($this->request->getPost('amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'tax_amount' => parse_decimals($this->request->getPost('tax_amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_STRING), + 'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), 'deleted' => $this->request->getPost('deleted') != NULL ]; @@ -180,7 +180,7 @@ class Expenses extends Secure_Controller public function postDelete(): void { - $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->expense->delete_list($expenses_to_delete)) { diff --git a/app/Controllers/Expenses_categories.php b/app/Controllers/Expenses_categories.php index 32a6083c4..ea1716ffd 100644 --- a/app/Controllers/Expenses_categories.php +++ b/app/Controllers/Expenses_categories.php @@ -28,11 +28,11 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order); $total_rows = $this->expense_category->get_found_rows($search); @@ -63,8 +63,8 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u public function postSave(int $expense_category_id = NEW_ENTRY): void { $expense_category_data = [ - 'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_STRING), - 'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_STRING) + 'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->expense_category->save_value($expense_category_data, $expense_category_id)) //TODO: Reflection exception @@ -99,7 +99,7 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u public function postDelete(): void { - $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->expense_category->delete_list($expense_category_to_delete)) //TODO: Convert to ternary notation. { diff --git a/app/Controllers/Giftcards.php b/app/Controllers/Giftcards.php index b64c63814..beda092fb 100644 --- a/app/Controllers/Giftcards.php +++ b/app/Controllers/Giftcards.php @@ -28,11 +28,11 @@ class Giftcards extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order); $total_rows = $this->giftcard->get_found_rows($search); @@ -52,14 +52,14 @@ class Giftcards extends Secure_Controller public function getSuggest(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE); + $suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -96,7 +96,7 @@ class Giftcards extends Secure_Controller public function postSave(int $giftcard_id = NEW_ENTRY): void { - $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING); + $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') { @@ -153,7 +153,7 @@ class Giftcards extends Secure_Controller public function postDelete(): void { - $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->giftcard->delete_list($giftcards_to_delete)) { diff --git a/app/Controllers/Home.php b/app/Controllers/Home.php index 3cecb5a26..aebd34c46 100644 --- a/app/Controllers/Home.php +++ b/app/Controllers/Home.php @@ -45,10 +45,10 @@ class Home extends Secure_Controller { if($this->request->getPost('current_password') != '' && $employee_id != -1) { - if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_STRING), $this->request->getPost('current_password'))) + if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) { $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT), 'hash_version' => 2 ]; diff --git a/app/Controllers/Item_kits.php b/app/Controllers/Item_kits.php index 4f8e43680..d84b54c3a 100644 --- a/app/Controllers/Item_kits.php +++ b/app/Controllers/Item_kits.php @@ -76,11 +76,11 @@ class Item_kits extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order); $total_rows = $this->item_kit->get_found_rows($search); @@ -98,7 +98,7 @@ class Item_kits extends Secure_Controller public function suggest_search(): void { - $suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -153,14 +153,14 @@ class Item_kits extends Secure_Controller public function postSave(int $item_kit_id = NEW_ENTRY): void { $item_kit_data = [ - 'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING), - 'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING), + 'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id' => $this->request->getPost('kit_item_id', FILTER_SANITIZE_NUMBER_INT), 'kit_discount' => $this->request->getPost('kit_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'kit_discount_type' => $this->request->getPost('kit_discount_type') == NULL ? PERCENT : $this->request->getPost('kit_discount_type', FILTER_SANITIZE_NUMBER_INT), 'price_option' => $this->request->getPost('price_option', FILTER_SANITIZE_NUMBER_INT), 'print_option' => $this->request->getPost('print_option', FILTER_SANITIZE_NUMBER_INT), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING) + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->item_kit->save_value($item_kit_data, $item_kit_id)) @@ -220,7 +220,7 @@ class Item_kits extends Secure_Controller public function postDelete(): void { - $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->item_kit->delete_list($item_kits_to_delete)) { @@ -237,7 +237,7 @@ class Item_kits extends Secure_Controller public function check_item_number(): void { - $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT)); + $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT)); echo !$exists ? 'true' : 'false'; } diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index 052604514..5ae81815b 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -89,19 +89,19 @@ class Items extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); - $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); - $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); + $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); + $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); - $this->item_lib->set_item_location($this->request->getVar('stock_location', FILTER_SANITIZE_NUMBER_INT)); + $this->item_lib->set_item_location($this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT)); $definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'stock_location_id' => $this->item_lib->get_item_location(), 'empty_upc' => FALSE, 'low_inventory' => FALSE, @@ -114,7 +114,7 @@ class Items extends Secure_Controller ]; //Check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: filled up does not meet naming standards + $filledup = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: filled up does not meet naming standards $filters = array_merge($filters, $filledup); $items = $this->item->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->item->get_found_rows($search, $filters); @@ -182,28 +182,28 @@ class Items extends Secure_Controller 'is_deleted' => $this->request->getPost('is_deleted') !== NULL ]; - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), $options, FALSE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $options, FALSE); echo json_encode($suggestions); } public function suggest(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } public function suggest_low_sell(): void { - $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } public function suggest_kits(): void { - $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } @@ -213,7 +213,7 @@ class Items extends Secure_Controller */ public function getSuggestCategory(): void { - $suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -223,7 +223,7 @@ class Items extends Secure_Controller */ public function getSuggestLocation(): void { - $suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -604,9 +604,9 @@ class Items extends Secure_Controller //Save item data $item_data = [ - 'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), - 'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING), + 'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_type' => $item_type, 'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type', FILTER_SANITIZE_NUMBER_INT)), 'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT)), @@ -618,10 +618,10 @@ class Items extends Secure_Controller 'allow_alt_description' => $this->request->getPost('allow_alt_description') !== NULL, 'is_serialized' => $this->request->getPost('is_serialized') !== NULL, 'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : $this->request->getPost('qty_per_pack', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), - 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_STRING), + 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : $this->request->getPost('low_sell_item_id', FILTER_SANITIZE_NUMBER_INT), 'deleted' => $this->request->getPost('is_deleted') !== NULL, - 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_STRING) + 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($item_data['item_type'] == ITEM_TEMP) @@ -673,7 +673,7 @@ class Items extends Secure_Controller if(!$use_destination_based_tax) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING); + $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT); $tax_name_index = 0; @@ -815,7 +815,7 @@ class Items extends Secure_Controller */ public function postCheckItemNumber(): void { - $exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT)); + $exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT)); echo !$exists ? 'true' : 'false'; } @@ -824,9 +824,9 @@ class Items extends Secure_Controller */ public function check_kit_exists(): void //TODO: This function appears to be never called in the code. Need to confirm. { - if($this->request->getPost('item_number', FILTER_SANITIZE_STRING) === NEW_ENTRY) + if($this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) === NEW_ENTRY) { - $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_STRING)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. + $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. } else { @@ -856,7 +856,7 @@ class Items extends Secure_Controller 'trans_items' => $item_id, 'trans_user' => $employee_id, 'trans_location' => $location_id, - 'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_STRING), + 'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'trans_inventory' => parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) ]; @@ -906,7 +906,7 @@ class Items extends Secure_Controller if(empty($item_data) || $this->item->update_multiple($item_data, $items_to_update)) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING); + $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); $tax_updated = FALSE; diff --git a/app/Controllers/Messages.php b/app/Controllers/Messages.php index 938fc8224..a87550af7 100644 --- a/app/Controllers/Messages.php +++ b/app/Controllers/Messages.php @@ -44,8 +44,8 @@ class Messages extends Secure_Controller public function send(): void { - $phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING); - $message = $this->request->getPost('message', FILTER_SANITIZE_STRING); + $phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $response = $this->sms_lib->sendSMS($phone, $message); @@ -67,8 +67,8 @@ class Messages extends Secure_Controller */ public function send_form(int $person_id = NEW_ENTRY): void { - $phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING); - $message = $this->request->getPost('message', FILTER_SANITIZE_STRING); + $phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $response = $this->sms_lib->sendSMS($phone, $message); diff --git a/app/Controllers/Persons.php b/app/Controllers/Persons.php index 4b245554e..0147cb191 100644 --- a/app/Controllers/Persons.php +++ b/app/Controllers/Persons.php @@ -28,7 +28,7 @@ abstract class Persons extends Secure_Controller */ public function suggest(): void { - $suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } diff --git a/app/Controllers/Receivings.php b/app/Controllers/Receivings.php index 6dd022b23..fec59fe0f 100644 --- a/app/Controllers/Receivings.php +++ b/app/Controllers/Receivings.php @@ -55,8 +55,8 @@ class Receivings extends Secure_Controller */ public function getItemSearch(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING))); + $suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); echo json_encode($suggestions); } @@ -67,8 +67,8 @@ class Receivings extends Secure_Controller */ public function getStockItemSearch(): void { - $suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING))); + $suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); echo json_encode($suggestions); } @@ -90,14 +90,14 @@ class Receivings extends Secure_Controller public function change_mode(): void { - $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_STRING); + $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT); if((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) && (!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())) { $this->receiving_lib->clear_reference(); - $mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING); + $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->receiving_lib->set_mode($mode); } elseif($this->stock_location->is_allowed_location($stock_source, 'receivings')) @@ -111,7 +111,7 @@ class Receivings extends Secure_Controller public function set_comment(): void { - $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING)); + $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -125,7 +125,7 @@ class Receivings extends Secure_Controller public function set_reference(): void { - $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_STRING)); + $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } public function add(): void @@ -133,7 +133,7 @@ class Receivings extends Secure_Controller $data = []; $mode = $this->receiving_lib->get_mode(); - $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING); + $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt); $quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity; $item_location = $this->receiving_lib->get_stock_source(); @@ -170,8 +170,8 @@ class Receivings extends Secure_Controller $this->validator->setRule('quantity', 'lang:items_quantity', 'required|numeric'); $this->validator->setRule('discount', 'lang:items_discount', 'required|numeric'); - $description = $this->request->getPost('description', FILTER_SANITIZE_STRING); //TODO: Duplicated code - $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicated code + $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT); @@ -276,7 +276,7 @@ class Receivings extends Secure_Controller $data['mode'] = $this->receiving_lib->get_mode(); $data['comment'] = $this->receiving_lib->get_comment(); $data['reference'] = $this->receiving_lib->get_reference(); - $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING); + $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['show_stock_locations'] = $this->stock_location->show_locations('receivings'); $data['stock_location'] = $this->receiving_lib->get_stock_source(); if($this->request->getPost('amount_tendered') != NULL) @@ -445,7 +445,7 @@ class Receivings extends Secure_Controller */ public function save(int $receiving_id = -1): void //TODO: Replace -1 with a constant { - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); //TODO: newdate does not follow naming conventions + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: newdate does not follow naming conventions $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate); $receiving_time = $date_formatter->format('Y-m-d H:i:s'); @@ -454,8 +454,8 @@ class Receivings extends Secure_Controller 'receiving_time' => $receiving_time, 'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : NULL, 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), - 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING), - 'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_STRING) : NULL + 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL ]; $this->inventory->update('RECV '.$receiving_id, ['trans_date' => $receiving_time]); diff --git a/app/Controllers/Sales.php b/app/Controllers/Sales.php index cef276a21..b84dd1675 100644 --- a/app/Controllers/Sales.php +++ b/app/Controllers/Sales.php @@ -105,17 +105,17 @@ class Sales extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ 'sale_type' => 'all', 'location_id' => 'all', - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'only_cash' => FALSE, 'only_due' => FALSE, 'only_check' => FALSE, @@ -125,7 +125,7 @@ class Sales extends Secure_Controller ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: Variable does not meet naming conventions + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: Variable does not meet naming conventions $filters = array_merge($filters, $filledup); $sales = $this->sale->search($search, $filters, $limit, $offset, $sort, $order); @@ -154,7 +154,7 @@ class Sales extends Secure_Controller public function getItemSearch(): void { $suggestions = []; - $receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_STRING) : NULL; + $receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL; if($this->sale_lib->get_mode() == 'return' && $this->sale->is_valid_receipt($receipt)) { @@ -169,7 +169,7 @@ class Sales extends Secure_Controller public function suggest_search(): void { - $search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_STRING) : NULL; + $search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL; $suggestions = $this->sale->get_search_suggestions($search); @@ -197,7 +197,7 @@ class Sales extends Secure_Controller public function postChange_mode(): void { - $mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING); + $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->sale_lib->set_mode($mode); if($mode == 'sale') @@ -281,7 +281,7 @@ class Sales extends Secure_Controller public function set_comment(): void { - $this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -295,7 +295,7 @@ class Sales extends Secure_Controller public function set_payment_type(): void //TODO: This function does not appear to be called anywhere in the code. { - $this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $this->_reload(); //TODO: Hungarian notation. } @@ -319,7 +319,7 @@ class Sales extends Secure_Controller */ public function set_email_receipt(): void { - $this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -330,7 +330,7 @@ class Sales extends Secure_Controller { $data = []; - $payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: See the code block below. This too needs to be ternary notation. if($payment_type !== lang('Sales.giftcard')) @@ -481,7 +481,7 @@ class Sales extends Secure_Controller } } - $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING); + $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt); $mode = $this->sale_lib->get_mode(); $quantity = ($mode == 'return') ? -$quantity : $quantity; @@ -573,11 +573,11 @@ class Sales extends Secure_Controller if($this->validate($rules)) { - $description = $this->request->getPost('description', FILTER_SANITIZE_STRING); - $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); - $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_STRING); + $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $discount = $discount_type ? parse_quantity($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) : parse_decimals($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $item_location = $this->request->getPost('location', FILTER_SANITIZE_NUMBER_INT); @@ -1409,7 +1409,7 @@ class Sales extends Secure_Controller */ public function save(int $sale_id = NEW_ENTRY): void { - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $employee_id = $this->employee->get_logged_in_employee_info()->person_id; $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate); @@ -1419,8 +1419,8 @@ class Sales extends Secure_Controller 'sale_time' => $sale_time, 'customer_id' => $this->request->getPost('customer_id') != '' ? $this->request->getPost('customer_id', FILTER_SANITIZE_NUMBER_INT) : NULL, 'employee_id' => $this->request->getPost('employee_id') != '' ? $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT) : NULL, - 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING), - 'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING) : NULL + 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL ]; // In order to maintain tradition the only element that can change on prior payments is the payment type @@ -1430,9 +1430,9 @@ class Sales extends Secure_Controller for($i = 0; $i < $number_of_payments; ++$i) { $payment_id = $this->request->getPost("payment_id_$i", FILTER_SANITIZE_NUMBER_INT); - $payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS); $payment_amount = $this->request->getPost("payment_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); - $refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_STRING); + $refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS); $cash_refund = $this->request->getPost("refund_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); $cash_adjustment = $payment_type == lang('Sales.cash_adjustment') ? CASH_ADJUSTMENT_TRUE : CASH_ADJUSTMENT_FALSE; @@ -1468,7 +1468,7 @@ class Sales extends Secure_Controller $payment_id = NEW_ENTRY; $payment_amount = $this->request->getPost('payment_amount_new', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); - $payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($payment_type != PAYMENT_TYPE_UNASSIGNED && $payment_amount <> 0) { @@ -1639,7 +1639,7 @@ class Sales extends Secure_Controller public function check_invoice_number(): void { $sale_id = $this->request->getPost('sale_id', FILTER_SANITIZE_NUMBER_INT); - $invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING); + $invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $exists = !empty($invoice_number) && $this->sale->check_invoice_number_exists($invoice_number, $sale_id); echo !$exists ? 'true' : 'false'; } @@ -1666,7 +1666,7 @@ class Sales extends Secure_Controller public function change_item_number(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $item_number = $this->request->getPost('item_number', FILTER_SANITIZE_STRING); + $item_number = $this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_number($item_id, $item_number); $cart = $this->sale_lib->get_cart(); $x = $this->search_cart_for_item_id($item_id, $cart); @@ -1680,7 +1680,7 @@ class Sales extends Secure_Controller public function change_item_name(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $name = $this->request->getPost('item_name', FILTER_SANITIZE_STRING); + $name = $this->request->getPost('item_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_name($item_id, $name); @@ -1698,7 +1698,7 @@ class Sales extends Secure_Controller public function change_item_description(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $description = $this->request->getPost('item_description', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('item_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_description($item_id, $description); diff --git a/app/Controllers/Secure_Controller.php b/app/Controllers/Secure_Controller.php index 17459a080..a50affabe 100644 --- a/app/Controllers/Secure_Controller.php +++ b/app/Controllers/Secure_Controller.php @@ -72,7 +72,7 @@ class Secure_Controller extends BaseController { $result = TRUE; - foreach($this->request->getVar(NULL, FILTER_SANITIZE_STRING) as $str) + foreach($this->request->getVar(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $str) { $result &= parse_decimals($str); } diff --git a/app/Controllers/Suppliers.php b/app/Controllers/Suppliers.php index 763c8e795..db503b2f5 100644 --- a/app/Controllers/Suppliers.php +++ b/app/Controllers/Suppliers.php @@ -46,11 +46,11 @@ class Suppliers extends Persons */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order); $total_rows = $this->supplier->get_found_rows($search); @@ -72,14 +72,14 @@ class Suppliers extends Persons */ public function suggest(): void { - $suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE); + $suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); echo json_encode($suggestions); } public function suggest_search() { - $suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), FALSE); + $suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), FALSE); echo json_encode($suggestions); } @@ -105,8 +105,8 @@ class Suppliers extends Persons */ public function postSave(int $supplier_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: Duplicate code - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicate code + $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -116,23 +116,23 @@ class Suppliers extends Persons $person_data = [ 'first_name' => $first_name, 'last_name' => $last_name, - 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_STRING), + 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $supplier_data = [ - 'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_STRING), - 'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_STRING), - 'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING), - 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING), + 'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT) ]; diff --git a/app/Controllers/Tax_categories.php b/app/Controllers/Tax_categories.php index 848869301..7419683ea 100644 --- a/app/Controllers/Tax_categories.php +++ b/app/Controllers/Tax_categories.php @@ -28,11 +28,11 @@ class Tax_categories extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_category->get_found_rows($search); @@ -64,8 +64,8 @@ class Tax_categories extends Secure_Controller public function postSave(int $tax_category_id = NEW_ENTRY): void { $tax_category_data = [ - 'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_STRING), - 'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_STRING), + 'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT) ]; diff --git a/app/Controllers/Tax_codes.php b/app/Controllers/Tax_codes.php index 606b551b7..6123905f9 100644 --- a/app/Controllers/Tax_codes.php +++ b/app/Controllers/Tax_codes.php @@ -35,11 +35,11 @@ class Tax_codes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_code->get_found_rows($search); @@ -72,10 +72,10 @@ class Tax_codes extends Secure_Controller public function postSave(int $tax_code_id = NEW_ENTRY): void { $tax_code_data = [ - 'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_STRING), - 'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING) + 'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->tax_code->save($tax_code_data)) diff --git a/app/Controllers/Tax_jurisdictions.php b/app/Controllers/Tax_jurisdictions.php index d621e0483..455a0b5cf 100644 --- a/app/Controllers/Tax_jurisdictions.php +++ b/app/Controllers/Tax_jurisdictions.php @@ -31,11 +31,11 @@ class Tax_jurisdictions extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_jurisdiction->get_found_rows($search); @@ -67,8 +67,8 @@ class Tax_jurisdictions extends Secure_Controller public function postSave(int $jurisdiction_id = NEW_ENTRY): void { $tax_jurisdiction_data = [ - 'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING), - 'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING) + 'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) diff --git a/app/Controllers/Taxes.php b/app/Controllers/Taxes.php index 06e103781..c26c67d04 100644 --- a/app/Controllers/Taxes.php +++ b/app/Controllers/Taxes.php @@ -79,11 +79,11 @@ class Taxes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order); @@ -103,7 +103,7 @@ class Taxes extends Secure_Controller */ public function suggest_search(): void { - $suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); //TODO: There is no get_search_suggestions function in the tax model + $suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: There is no get_search_suggestions function in the tax model echo json_encode($suggestions); } @@ -113,7 +113,7 @@ class Taxes extends Secure_Controller */ public function suggest_tax_categories(): void { - $suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -419,7 +419,7 @@ class Taxes extends Secure_Controller */ public function getSuggestTaxCodes(): void { - $suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -431,10 +431,10 @@ class Taxes extends Secure_Controller public function save_tax_codes(): void { $tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT); - $tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_STRING); - $tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING); - $city = $this->request->getPost('city', FILTER_SANITIZE_STRING); - $state = $this->request->getPost('state', FILTER_SANITIZE_STRING); + $tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $array_save = []; //TODO: the naming of this variable is not good. foreach($tax_code_id as $key=>$val) @@ -459,10 +459,10 @@ class Taxes extends Secure_Controller public function save_tax_jurisdictions(): void { $jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT); - $jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING); - $tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_STRING); + $jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT); - $reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING); + $reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT); $cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT); @@ -506,7 +506,7 @@ class Taxes extends Secure_Controller public function save_tax_categories(): void { $tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); - $tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_STRING); + $tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT); $array_save= [];