From 68a2489e13352f1670bc84a61e502431a86b89f9 Mon Sep 17 00:00:00 2001 From: objecttothis Date: Fri, 8 May 2020 15:58:37 +0400 Subject: [PATCH] Add Save logic - Corrected minimum image size value in migration script - Added save logic to save_general() in Config controller - Added logic in the index() of the Config controller to properly prep allowed_image_types data --- application/controllers/Config.php | 309 +++++++++--------- application/controllers/Items.php | 12 +- .../20200508000000_image_upload_defaults.php | 2 +- application/views/configs/general_config.php | 14 +- 4 files changed, 176 insertions(+), 161 deletions(-) diff --git a/application/controllers/Config.php b/application/controllers/Config.php index 20f523384..666ac99a7 100644 --- a/application/controllers/Config.php +++ b/application/controllers/Config.php @@ -7,11 +7,11 @@ class Config extends Secure_Controller public function __construct() { parent::__construct('config'); - + $this->load->library('barcode_lib'); $this->load->library('sale_lib'); } - + /* * This function loads all the licenses starting with the first one being OSPOS one */ @@ -21,9 +21,9 @@ class Config extends Secure_Controller $bower = FALSE; $composer = FALSE; $license = array(); - + $license[$i]['title'] = 'Open Source Point Of Sale ' . $this->config->item('application_version'); - + if(file_exists('license/LICENSE')) { $license[$i]['text'] = $this->xss_clean(file_get_contents('license/LICENSE', NULL, NULL, 0, 2000)); @@ -32,10 +32,10 @@ class Config extends Secure_Controller { $license[$i]['text'] = 'LICENSE file must be in OSPOS license directory. You are not allowed to use OSPOS application until the distribution copy of LICENSE file is present.'; } - + // read all the files in the dir license $dir = new DirectoryIterator('license'); - + foreach($dir as $fileinfo) { // license files must be in couples: .version (name & version) & .license (license text) @@ -44,13 +44,13 @@ class Config extends Secure_Controller if($fileinfo->getExtension() == 'version') { ++$i; - + $basename = 'license/' . $fileinfo->getBasename('.version'); - + $license[$i]['title'] = $this->xss_clean(file_get_contents($basename . '.version', NULL, NULL, 0, 100)); - + $license_text_file = $basename . '.license'; - + if(file_exists($license_text_file)) { $license[$i]['text'] = $this->xss_clean(file_get_contents($license_text_file , NULL, NULL, 0, 2000)); @@ -72,17 +72,17 @@ class Config extends Secure_Controller } } } - + // attach the licenses from the LICENSES file generated by bower if($composer) { ++$i; $license[$i]['title'] = 'Composer Libraries'; $license[$i]['text'] = ''; - + $file = file_get_contents('license/composer.LICENSES'); $array = json_decode($file, TRUE); - + foreach($array as $key => $val) { if(is_array($val) && $key == 'dependencies') @@ -92,18 +92,18 @@ class Config extends Secure_Controller if(is_array($val1)) { $license[$i]['text'] .= 'component: ' . $key1 . "\n"; - + foreach($val1 as $key2 => $val2) { if(is_array($val2)) { $license[$i]['text'] .= $key2 . ': '; - + foreach($val2 as $key3 => $val3) { $license[$i]['text'] .= $val3 . ' '; } - + $license[$i]['text'] .= "\n"; } else @@ -111,7 +111,7 @@ class Config extends Secure_Controller $license[$i]['text'] .= $key2 . ': ' . $val2 . "\n"; } } - + $license[$i]['text'] .= "\n"; } else @@ -121,37 +121,37 @@ class Config extends Secure_Controller } } } - + $license[$i]['text'] = $this->xss_clean($license[$i]['text']); } - + // attach the licenses from the LICENSES file generated by bower if($bower) { ++$i; $license[$i]['title'] = 'JS Plugins'; $license[$i]['text'] = ''; - + $file = file_get_contents('license/bower.LICENSES'); $array = json_decode($file, TRUE); - + foreach($array as $key => $val) { if(is_array($val)) { $license[$i]['text'] .= 'component: ' . $key . "\n"; - + foreach($val as $key1 => $val1) { if(is_array($val1)) { $license[$i]['text'] .= $key1 . ': '; - + foreach($val1 as $key2 => $val2) { $license[$i]['text'] .= $val2 . ' '; } - + $license[$i]['text'] .= "\n"; } else @@ -159,27 +159,27 @@ class Config extends Secure_Controller $license[$i]['text'] .= $key1 . ': ' . $val1 . "\n"; } } - + $license[$i]['text'] .= "\n"; } } - + $license[$i]['text'] = $this->xss_clean($license[$i]['text']); } - + return $license; } - + /* * This function loads all the available themes in the dist/bootswatch directory */ private function _themes() { $themes = array(); - + // read all themes in the dist folder $dir = new DirectoryIterator('dist/bootswatch'); - + foreach($dir as $dirinfo) { if($dirinfo->isDir() && !$dirinfo->isDot() && $dirinfo->getFileName() != 'fonts') @@ -188,12 +188,12 @@ class Config extends Secure_Controller $themes[$file] = $file; } } - + asort($themes); - + return $themes; } - + public function index() { $data['stock_locations'] = $this->Stock_location->get_all()->result_array(); @@ -210,15 +210,24 @@ class Config extends Secure_Controller $data['tax_jurisdiction_options'] = $this->tax_lib->get_tax_jurisdiction_options(); $data['show_office_group'] = $this->Module->get_show_office_group(); $data['currency_code'] = $this->config->item('currency_code'); - + $data = $this->xss_clean($data); - + // load all the license statements, they are already XSS cleaned in the private function $data['licenses'] = $this->_licenses(); // load all the themes, already XSS cleaned in the private function $data['themes'] = $this->_themes(); - - $data['mailchimp'] = array(); + + //Load General related fields + $image_allowed_types = array('jpg','jpeg','gif','svg','webp','bmp','png','tif','tiff'); + $data['image_allowed_types'] = array_combine($image_allowed_types,$image_allowed_types); + + $data['selected_image_allowed_types'] = explode('|',$this->config->item('image_allowed_types')); + + //Load Integrations Related fields + $data['mailchimp'] = array(); + $data['clcdesq'] = array(); + if($this->_check_encryption()) { $data['mailchimp']['api_key'] = $this->encryption->decrypt($this->config->item('mailchimp_api_key')); @@ -229,18 +238,20 @@ class Config extends Secure_Controller $data['mailchimp']['api_key'] = ''; $data['mailchimp']['list_id'] = ''; } - + // load mailchimp lists associated to the given api key, already XSS cleaned in the private function $data['mailchimp']['lists'] = $this->_mailchimp(); - + + $data['selected_image_allowed_types'] = explode('|',$this->config->item('image_allowed_types')); + $this->load->view("configs/manage", $data); } - + public function save_info() { $upload_success = $this->_handle_logo_upload(); $upload_data = $this->upload->data(); - + $batch_save_data = array( 'company' => $this->input->post('company'), 'address' => $this->input->post('address'), @@ -250,7 +261,7 @@ class Config extends Secure_Controller 'website' => $this->input->post('website'), 'return_policy' => $this->input->post('return_policy') ); - + if(!empty($upload_data['orig_name'])) { // XSS file image sanity check @@ -259,18 +270,18 @@ class Config extends Secure_Controller $batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext']; } } - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $upload_success && $result ? TRUE : FALSE; $message = $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'); $message = $upload_success ? $message : strip_tags($this->upload->display_errors()); - + echo json_encode(array( 'success' => $success, 'message' => $message )); } - + public function save_general() { $batch_save_data = array( @@ -284,6 +295,10 @@ class Config extends Secure_Controller 'lines_per_page' => $this->input->post('lines_per_page'), 'notify_horizontal_position' => $this->input->post('notify_horizontal_position'), 'notify_vertical_position' => $this->input->post('notify_vertical_position'), + 'image_max_width' => $this->input->post('image_max_width'), + 'image_max_height' => $this->input->post('image_max_height'), + 'image_max_size' => $this->input->post('image_max_size'), + 'image_allowed_types' => implode('|', $this->input->post('image_allowed_types')), 'gcaptcha_enable' => $this->input->post('gcaptcha_enable') != NULL, 'gcaptcha_secret_key' => $this->input->post('gcaptcha_secret_key'), 'gcaptcha_site_key' => $this->input->post('gcaptcha_site_key'), @@ -295,12 +310,12 @@ class Config extends Secure_Controller 'multi_pack_enabled' => $this->input->post('multi_pack_enabled') != NULL, 'include_hsn' => $this->input->post('include_hsn') != NULL ); - + $this->Module->set_show_office_group($this->input->post('show_office_group') != NULL); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') @@ -365,25 +380,25 @@ class Config extends Secure_Controller 'cash_rounding_code' => $this->input->post('cash_rounding_code'), 'financial_year' => $this->input->post('financial_year') ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_email() { $password = ''; - + if($this->_check_encryption()) { $password = $this->encryption->encrypt($this->input->post('smtp_pass')); } - + $batch_save_data = array( 'protocol' => $this->input->post('protocol'), 'mailpath' => $this->input->post('mailpath'), @@ -394,50 +409,50 @@ class Config extends Secure_Controller 'smtp_timeout' => $this->input->post('smtp_timeout'), 'smtp_crypto' => $this->input->post('smtp_crypto') ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_message() { $password = ''; - + if($this->_check_encryption()) { $password = $this->encryption->encrypt($this->input->post('msg_pwd')); } - + $batch_save_data = array( 'msg_msg' => $this->input->post('msg_msg'), 'msg_uid' => $this->input->post('msg_uid'), 'msg_pwd' => $password, 'msg_src' => $this->input->post('msg_src') ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + /* * This function fetches all the available lists from Mailchimp for the given API key */ private function _mailchimp($api_key = '') { $this->load->library('mailchimp_lib', array('api_key' => $api_key)); - + $result = array(); - + if(($lists = $this->mailchimp_lib->getLists()) !== FALSE) { if(is_array($lists) && !empty($lists['lists']) && is_array($lists['lists'])) @@ -449,10 +464,10 @@ class Config extends Secure_Controller } } } - + return $result; } - + /* AJAX call from mailchimp config form to fetch the Mailchimp lists when a valid API key is inserted */ @@ -461,75 +476,75 @@ class Config extends Secure_Controller // load mailchimp lists associated to the given api key, already XSS cleaned in the private function $lists = $this->_mailchimp($this->input->post('mailchimp_api_key')); $success = count($lists) > 0 ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_mailchimp_key_' . ($success ? '' : 'un') . 'successfully'), 'mailchimp_lists' => $lists )); } - + public function save_mailchimp() { $api_key = ''; $list_id = ''; - + if($this->_check_encryption()) { $api_key = $this->encryption->encrypt($this->input->post('mailchimp_api_key')); $list_id = $this->encryption->encrypt($this->input->post('mailchimp_list_id')); } - + $batch_save_data = array( 'mailchimp_api_key' => $api_key, 'mailchimp_list_id' => $list_id ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function ajax_stock_locations() { $stock_locations = $this->Stock_location->get_all()->result_array(); - + $stock_locations = $this->xss_clean($stock_locations); - + $this->load->view('partial/stock_locations', array('stock_locations' => $stock_locations)); } - + public function ajax_dinner_tables() { $dinner_tables = $this->Dinner_table->get_all()->result_array(); - + $dinner_tables = $this->xss_clean($dinner_tables); - + $this->load->view('partial/dinner_tables', array('dinner_tables' => $dinner_tables)); } - + public function ajax_tax_categories() { $tax_categories = $this->Tax->get_all_tax_categories()->result_array(); - + $tax_categories = $this->xss_clean($tax_categories); - + $this->load->view('partial/tax_categories', array('tax_categories' => $tax_categories)); } - + public function ajax_customer_rewards() { $customer_rewards = $this->Customer_rewards->get_all()->result_array(); - + $customer_rewards = $this->xss_clean($customer_rewards); - + $this->load->view('partial/customer_rewards', array('customer_rewards' => $customer_rewards)); } - + private function _clear_session_state() { $this->sale_lib->clear_sale_location(); @@ -540,18 +555,18 @@ class Config extends Secure_Controller $this->receiving_lib->clear_stock_destination(); $this->receiving_lib->clear_all(); } - + public function save_locations() { $this->db->trans_start(); - + $not_to_delete = array(); foreach($this->input->post() as $key => $value) { if(strstr($key, 'stock_location')) { $location_id = preg_replace("/.*?_(\d+)$/", "$1", $key); - + // save or update $location_data = array('location_name' => $value); if($this->Stock_location->save($location_data, $location_id)) @@ -562,10 +577,10 @@ class Config extends Secure_Controller } } } - + // all locations not available in post will be deleted now $deleted_locations = $this->Stock_location->get_all()->result_array(); - + foreach($deleted_locations as $location => $location_data) { if(!in_array($location_data['location_id'], $not_to_delete)) @@ -573,25 +588,25 @@ class Config extends Secure_Controller $this->Stock_location->delete($location_data['location_id']); } } - + $this->db->trans_complete(); - + $success = $this->db->trans_status(); - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_tables() { $this->db->trans_start(); - + $dinner_table_enable = $this->input->post('dinner_table_enable') != NULL; - + $this->Appconfig->save('dinner_table_enable', $dinner_table_enable); - + if($dinner_table_enable) { $not_to_delete = array(); @@ -609,10 +624,10 @@ class Config extends Secure_Controller } } } - + // all tables not available in post will be deleted now $deleted_tables = $this->Dinner_table->get_all()->result_array(); - + foreach($deleted_tables as $dinner_tables => $table) { if(!in_array($table['dinner_table_id'], $not_to_delete)) @@ -621,17 +636,17 @@ class Config extends Secure_Controller } } } - + $this->db->trans_complete(); - + $success = $this->db->trans_status(); - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_tax() { $this->db->trans_start(); @@ -652,25 +667,25 @@ class Config extends Secure_Controller $success = $this->Appconfig->batch_save($batch_save_data) ? TRUE : FALSE; $this->db->trans_complete(); - + $success &= $this->db->trans_status(); - + $message = $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'); - + echo json_encode(array( 'success' => $success, 'message' => $message )); } - + public function save_rewards() { $this->db->trans_start(); - + $customer_reward_enable = $this->input->post('customer_reward_enable') != NULL; - + $this->Appconfig->save('customer_reward_enable', $customer_reward_enable); - + if($customer_reward_enable) { $not_to_delete = array(); @@ -689,7 +704,7 @@ class Config extends Secure_Controller $array_save[$customer_reward_id]['points_percent'] = $value; } } - + if(!empty($array_save)) { foreach($array_save as $key => $value) @@ -699,10 +714,10 @@ class Config extends Secure_Controller $this->Customer_rewards->save($package_data, $key); } } - + // all packages not available in post will be deleted now $deleted_packages = $this->Customer_rewards->get_all()->result_array(); - + foreach($deleted_packages as $customer_rewards => $reward_category) { if(!in_array($reward_category['package_id'], $not_to_delete)) @@ -711,17 +726,17 @@ class Config extends Secure_Controller } } } - + $this->db->trans_complete(); - + $success = $this->db->trans_status(); - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_barcode() { $batch_save_data = array( @@ -741,16 +756,16 @@ class Config extends Secure_Controller 'barcode_content' => $this->input->post('barcode_content'), 'barcode_formats' => json_encode($this->input->post('barcode_formats')) ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_receipt() { $batch_save_data = array ( @@ -776,13 +791,13 @@ class Config extends Secure_Controller $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function save_invoice() { $batch_save_data = array ( @@ -802,10 +817,10 @@ class Config extends Secure_Controller 'last_used_work_order_number' => $this->input->post('last_used_work_order_number'), 'invoice_type' => $this->input->post('invoice_type') ); - + $result = $this->Appconfig->batch_save($batch_save_data); $success = $result ? TRUE : FALSE; - + // Update the register mode with the latest change so that if the user // switches immediately back to the register the mode reflects the change if($success == TRUE) @@ -819,24 +834,24 @@ class Config extends Secure_Controller $this->sale_lib->set_mode('sale'); } } - + echo json_encode(array( 'success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully') )); } - + public function remove_logo() { $result = $this->Appconfig->batch_save(array('company_logo' => '')); - + echo json_encode(array('success' => $result)); } - + private function _handle_logo_upload() { $this->load->helper('directory'); - + // load upload library $config = array('upload_path' => './uploads/', 'allowed_types' => 'gif|jpg|png', @@ -846,37 +861,37 @@ class Config extends Secure_Controller 'file_name' => 'company_logo'); $this->load->library('upload', $config); $this->upload->do_upload('company_logo'); - + return strlen($this->upload->display_errors()) == 0 || !strcmp($this->upload->display_errors(), '

'.$this->lang->line('upload_no_file_selected').'

'); } - + private function _check_encryption() { $encryption_key = $this->config->item('encryption_key'); - + // check if the encryption_key config item is the default one if($encryption_key == '' || $encryption_key == 'YOUR KEY') { // Config path $config_path = APPPATH . 'config/config.php'; - + // Open the file $config = file_get_contents($config_path); - + // $key will be assigned a 32-byte (256-bit) hex-encoded random key $key = bin2hex($this->encryption->create_key(32)); - + // set the encryption key in the config item $this->config->set_item('encryption_key', $key); - + // replace the empty placeholder with a real randomly generated encryption key $config = preg_replace("/(.*encryption_key.*)('');/", "$1'$key';", $config); - + $result = FALSE; - + // Chmod the file @chmod($config_path, 0777); - + // Verify file permissions if(is_writable($config_path)) { @@ -884,33 +899,33 @@ class Config extends Secure_Controller $handle = @fopen($config_path, 'w+'); // Write the file $result = (fwrite($handle, $config) === FALSE) ? FALSE : TRUE; - + fclose($handle); } - + // Chmod the file @chmod($config_path, 0444); - + return $result; } - + return TRUE; } - + public function backup_db() { $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; if($this->Employee->has_module_grant('config', $employee_id)) { $this->load->dbutil(); - + $prefs = array( 'format' => 'zip', 'filename' => 'ospos.sql' ); - + $backup = $this->dbutil->backup($prefs); - + $file_name = 'ospos-' . date("Y-m-d-H-i-s") .'.zip'; $save = 'uploads/' . $file_name; $this->load->helper('download'); @@ -918,7 +933,7 @@ class Config extends Secure_Controller { ob_end_clean(); } - + force_download($file_name, $backup); } else diff --git a/application/controllers/Items.php b/application/controllers/Items.php index d75f54643..25a85747a 100644 --- a/application/controllers/Items.php +++ b/application/controllers/Items.php @@ -301,7 +301,7 @@ class Items extends Secure_Controller $data['logo_exists'] = $item_info->pic_filename != ''; $ext = pathinfo($item_info->pic_filename, PATHINFO_EXTENSION); - + if($ext == '') { //If file extension is not found guess it (legacy) @@ -669,11 +669,11 @@ class Items extends Secure_Controller { //Load upload library $config = array('upload_path' => './uploads/item_pics/', - 'allowed_types' => $this->config->item('image_allowed_types'), - 'max_size' => $this->config->item('image_max_size'), - 'max_width' => $this->config->item('image_max_width'), - 'max_height' => $this->config->item('image_max_height')); - $this->load->library('upload', $config); + 'image_allowed_types' => $this->config->item('image_allowed_types'), + 'image_max_size' => $this->config->item('image_max_size'), + 'image_max_width' => $this->config->item('image_max_width'), + 'image_max_height' => $this->config->item('image_max_height')); + $this->load->library('upload', $config); $this->upload->do_upload('item_image'); return strlen($this->upload->display_errors()) == 0 || !strcmp($this->upload->display_errors(), '

'.$this->lang->line('upload_no_file_selected').'

'); diff --git a/application/migrations/20200508000000_image_upload_defaults.php b/application/migrations/20200508000000_image_upload_defaults.php index 5a395a577..4590e285e 100644 --- a/application/migrations/20200508000000_image_upload_defaults.php +++ b/application/migrations/20200508000000_image_upload_defaults.php @@ -12,7 +12,7 @@ class Migration_image_upload_defaults extends CI_Migration $image_values = array( array('key' => 'image_allowed_types', 'value' => 'gif|jpg|png'), array('key' => 'image_max_height', 'value' => '480'), - array('key' => 'image_max_size', 'value' => '100'), + array('key' => 'image_max_size', 'value' => '128'), array('key' => 'image_max_width', 'value' => '640')); $this->db->insert_batch('app_config', $image_values); diff --git a/application/views/configs/general_config.php b/application/views/configs/general_config.php index 99ecfb8e1..0af5fad66 100644 --- a/application/views/configs/general_config.php +++ b/application/views/configs/general_config.php @@ -137,8 +137,8 @@
'max_image_width', - 'id' => 'max_image_width', + 'name' => 'image_max_width', + 'id' => 'image_max_width', 'class' => 'form-control input-sm required', 'type' => 'number', 'min' => 128, @@ -154,8 +154,8 @@
'max_image_height', - 'id' => 'max_image_height', + 'name' => 'image_max_height', + 'id' => 'image_max_height', 'class' => 'form-control input-sm required', 'type' => 'number', 'min' => 128, @@ -171,8 +171,8 @@
'max_image_size', - 'id' => 'max_image_size', + 'name' => 'image_max_size', + 'id' => 'image_max_size', 'class' => 'form-control input-sm required', 'type' => 'number', 'min' => 128, @@ -187,7 +187,7 @@
lang->line('config_image_allowed_file_types');?> - 'image_allowed_types', 'class'=>'selectpicker show-menu-arrow', 'data-none-selected-text'=>$this->lang->line('common_none_selected_text'),