mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-24 07:21:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): Escape attribute value in register

Browse Source
This commit is contained in:
jekkos
2026-06-19 22:12:29 +02:00
parent e6388deed8
commit 6342d4513a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Views/sales/register.php
View File

@@ -179,7 +179,7 @@ helper('url');
<?php } else { ?>
<td><?= esc($item['item_number']) ?></td>
<td style="text-align: center;">
<?= esc($item['name']) . ' ' . implode(' ', [$item['attribute_values'], $item['attribute_dtvalues']]) ?>
<?= esc($item['name']) . ' ' . esc(implode(' ', [$item['attribute_values'], $item['attribute_dtvalues']])) ?>
<br>
<?php if ($item['stock_type'] == '0'): echo '[' . to_quantity_decimals($item['in_stock']) . ' in ' . esc($item['stock_name']) . ']';
endif; ?>