mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-24 16:28:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Removed any XSS filtering from input->post and input->get (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-05-30 16:50:19 +01:00
parent b904540aed
commit 6e9830705f
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/controllers/Giftcards.php
View File

@@ -70,9 +70,9 @@ class Giftcards extends Secure_area implements iData_controller
{
$giftcard_data = array(
'record_time' => date('Y-m-d H:i:s'),
'giftcard_number'=>$this->input->post('giftcard_number', TRUE),
'value'=>$this->input->post('value', TRUE),
'person_id'=>$this->input->post('person_id', TRUE) ? $this->input->post('person_id') : null
'giftcard_number'=>$this->input->post('giftcard_number'),
'value'=>$this->input->post('value'),
'person_id'=>$this->input->post('person_id') ? $this->input->post('person_id') : null
);
if( $this->Giftcard->save( $giftcard_data, $giftcard_id ) )

4
application/controllers/Receivings.php
View File

@@ -362,11 +362,11 @@ class Receivings extends Secure_area
function save($receiving_id)
{
$date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date', TRUE));
$date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date'));
$receiving_data = array(
'receiving_time' => $date_formatter->format('Y-m-d H:i:s'),
'supplier_id' => $this->input->post('supplier_id', TRUE) ? $this->input->post('supplier_id') : null,
'supplier_id' => $this->input->post('supplier_id') ? $this->input->post('supplier_id') : null,
'employee_id' => $this->input->post('employee_id'),
'comment' => $this->input->post('comment'),
'invoice_number' => $this->input->post('invoice_number')

4
application/controllers/Sales.php
View File

@@ -136,10 +136,10 @@ class Sales extends Secure_area
function change_mode()
{
$stock_location = $this->input->post("stock_location");
$stock_location = $this->input->post('stock_location');
if (!$stock_location || $stock_location == $this->sale_lib->get_sale_location())
{
$mode = $this->input->post("mode");
$mode = $this->input->post('mode');
$this->sale_lib->set_mode($mode);
}
else if ($this->Stock_location->is_allowed_location($stock_location, 'sales'))