Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

- Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers
- Sanitize attribute data in tables
- Sanitize item data with controller function.

Signed-off-by: objecttothis <objecttothis@gmail.com>

Sanitize Item data

- Sanitize category and item_number before display in forms.
- refactor check in pic_filename for empty to be best practices compliant.
- Added TODO

Signed-off-by: objecttothis <objecttothis@gmail.com>

Minor changes

- Refactored for code clarity.
- Removed extra blank lines.
- Minor reformatting.
- Added PHPdocs
- bumped bootstrap-table to 1.23.2

Signed-off-by: objecttothis <objecttothis@gmail.com>

Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

- Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers
- Sanitize attribute data in tables
- Sanitize item data with controller function.

Signed-off-by: objecttothis <objecttothis@gmail.com>

Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

Sanitize Item data

- Sanitize category and item_number before display in forms.
- refactor check in pic_filename for empty to be best practices compliant.
- Added TODO

Signed-off-by: objecttothis <objecttothis@gmail.com>

Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

Removed unnecessary use statement

Signed-off-by: objecttothis <objecttothis@gmail.com>

app/Config/Events.php

@@ -5,7 +5,6 @@ namespace Config;
 use App\Events\Db_log;
 use App\Events\Load_config;
 use App\Events\Method;
-use App\Events\PurifyOutput;
 use CodeIgniter\Events\Events;
 use CodeIgniter\Exceptions\FrameworkException;
 use CodeIgniter\HotReloader\HotReloader;

app/Controllers/Items.php

@@ -269,8 +269,7 @@ class Items extends Secure_Controller
 	 */
 	public function getView(int $item_id = NEW_ENTRY): void	//TODO: Long function. Perhaps we need to refactor out some methods.
 	{
-		// Set default values
-		if($item_id == null) $item_id = NEW_ENTRY;
+		$item_id ??= NEW_ENTRY;
 
 		if($item_id === NEW_ENTRY)
 		{
@@ -398,7 +397,6 @@ class Items extends Secure_Controller
 			$data['image_path']	= '';
 		}
 
-
 		$stock_locations = $this->stock_location->get_undeleted_all()->getResultArray();
 
 		foreach($stock_locations as $location)
@@ -1455,6 +1453,7 @@ class Items extends Secure_Controller
 	 */
 	private function sanitizeItemData(array $data): array
 	{
+		$data['item_info']->name = Services::htmlPurifier()->purify($data['item_info']->name);
 		$data['item_info']->category = Services::htmlPurifier()->purify($data['item_info']->category);
 		$data['item_info']->item_number = Services::htmlPurifier()->purify($data['item_info']->item_number);
 		$data['item_info']->description = Services::htmlPurifier()->purify($data['item_info']->description);
@@ -1464,6 +1463,7 @@ class Items extends Secure_Controller
 
 	/**
 	 * Sanitizes TEXT type attribute values to remove unsafe HTML tags and javascript.
+	 * Table data is not sanitized here.
 	 * This is not meant to replace CI4 sanitization.
 	 *
 	 * @param array $data Attribute data to sanitize.