mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-10 18:09:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add escape flag for XSS mitigation (#3379)

Browse Source
This commit is contained in:
jekkos
2022-04-12 23:00:10 +02:00
committed by jekkos
parent 3e60b74c4c
commit 9331d82313
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
application/helpers/tabular_helper.php
View File

@@ -42,6 +42,7 @@ function transform_headers($array, $readonly = FALSE, $editable = TRUE)
$result[] = array('field' => key($element), $result[] = array('field' => key($element),
'title' => current($element), 'title' => current($element),
'switchable' => isset($element['switchable']) ? $element['switchable'] : !preg_match('(^$|&nbsp)', current($element)), 'switchable' => isset($element['switchable']) ? $element['switchable'] : !preg_match('(^$|&nbsp)', current($element)),
'escape' => key($element) != "edit" && !(isset($element['escape']) && !$element['escape']),
'sortable' => isset($element['sortable']) ? $element['sortable'] : current($element) != '', 'sortable' => isset($element['sortable']) ? $element['sortable'] : current($element) != '',
'checkbox' => isset($element['checkbox']) ? $element['checkbox'] : FALSE, 'checkbox' => isset($element['checkbox']) ? $element['checkbox'] : FALSE,
'class' => isset($element['checkbox']) || preg_match('(^$|&nbsp)', current($element)) ? 'print_hide' : '', 'class' => isset($element['checkbox']) || preg_match('(^$|&nbsp)', current($element)) ? 'print_hide' : '',
@@ -72,10 +73,10 @@ function get_sales_manage_table_headers()
if($CI->config->item('invoice_enable') == TRUE) if($CI->config->item('invoice_enable') == TRUE)
{ {
$headers[] = array('invoice_number' => $CI->lang->line('sales_invoice_number')); $headers[] = array('invoice_number' => $CI->lang->line('sales_invoice_number'));
$headers[] = array('invoice' => '&nbsp', 'sortable' => FALSE); $headers[] = array('invoice' => '&nbsp', 'sortable' => FALSE, 'escape' => FALSE);
} }
$headers[] = array('receipt' => '&nbsp', 'sortable' => FALSE); $headers[] = array('receipt' => '&nbsp', 'sortable' => FALSE, 'escape' => FALSE);
return transform_headers($headers); return transform_headers($headers);
} }
@@ -350,8 +351,8 @@ function get_items_manage_table_headers()
$headers[] = array($definition_id => $definition_name, 'sortable' => FALSE); $headers[] = array($definition_id => $definition_name, 'sortable' => FALSE);
} }
$headers[] = array('inventory' => ''); $headers[] = array('inventory' => '', 'escape' => FALSE);
$headers[] = array('stock' => ''); $headers[] = array('stock' => '', 'escape' => FALSE);
return transform_headers($headers); return transform_headers($headers);
} }