From 6e9830705f16badf1e3672f8099e6d01f0a4b981 Mon Sep 17 00:00:00 2001 From: FrancescoUK Date: Mon, 30 May 2016 16:50:19 +0100 Subject: [PATCH] Removed any XSS filtering from input->post and input->get (#39) --- application/controllers/Giftcards.php | 6 +++--- application/controllers/Receivings.php | 4 ++-- application/controllers/Sales.php | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/application/controllers/Giftcards.php b/application/controllers/Giftcards.php index f5d7bfbb3..6272d71f5 100644 --- a/application/controllers/Giftcards.php +++ b/application/controllers/Giftcards.php @@ -70,9 +70,9 @@ class Giftcards extends Secure_area implements iData_controller { $giftcard_data = array( 'record_time' => date('Y-m-d H:i:s'), - 'giftcard_number'=>$this->input->post('giftcard_number', TRUE), - 'value'=>$this->input->post('value', TRUE), - 'person_id'=>$this->input->post('person_id', TRUE) ? $this->input->post('person_id') : null + 'giftcard_number'=>$this->input->post('giftcard_number'), + 'value'=>$this->input->post('value'), + 'person_id'=>$this->input->post('person_id') ? $this->input->post('person_id') : null ); if( $this->Giftcard->save( $giftcard_data, $giftcard_id ) ) diff --git a/application/controllers/Receivings.php b/application/controllers/Receivings.php index efe594ad5..a0ee7b64c 100644 --- a/application/controllers/Receivings.php +++ b/application/controllers/Receivings.php @@ -362,11 +362,11 @@ class Receivings extends Secure_area function save($receiving_id) { - $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date', TRUE)); + $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date')); $receiving_data = array( 'receiving_time' => $date_formatter->format('Y-m-d H:i:s'), - 'supplier_id' => $this->input->post('supplier_id', TRUE) ? $this->input->post('supplier_id') : null, + 'supplier_id' => $this->input->post('supplier_id') ? $this->input->post('supplier_id') : null, 'employee_id' => $this->input->post('employee_id'), 'comment' => $this->input->post('comment'), 'invoice_number' => $this->input->post('invoice_number') diff --git a/application/controllers/Sales.php b/application/controllers/Sales.php index 8a690f509..0aa828599 100644 --- a/application/controllers/Sales.php +++ b/application/controllers/Sales.php @@ -136,10 +136,10 @@ class Sales extends Secure_area function change_mode() { - $stock_location = $this->input->post("stock_location"); + $stock_location = $this->input->post('stock_location'); if (!$stock_location || $stock_location == $this->sale_lib->get_sale_location()) { - $mode = $this->input->post("mode"); + $mode = $this->input->post('mode'); $this->sale_lib->set_mode($mode); } else if ($this->Stock_location->is_allowed_location($stock_location, 'sales'))