From 951279aabe37b784801b7248aa1217f5d4c4c2dd Mon Sep 17 00:00:00 2001 From: objecttothis Date: Mon, 1 Jul 2024 16:12:43 +0400 Subject: [PATCH] Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis - Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers - Sanitize attribute data in tables - Sanitize item data with controller function. Signed-off-by: objecttothis Sanitize Item data - Sanitize category and item_number before display in forms. - refactor check in pic_filename for empty to be best practices compliant. - Added TODO Signed-off-by: objecttothis Minor changes - Refactored for code clarity. - Removed extra blank lines. - Minor reformatting. - Added PHPdocs - bumped bootstrap-table to 1.23.2 Signed-off-by: objecttothis Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis - Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers - Sanitize attribute data in tables - Sanitize item data with controller function. Signed-off-by: objecttothis Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis Sanitize Item data - Sanitize category and item_number before display in forms. - refactor check in pic_filename for empty to be best practices compliant. - Added TODO Signed-off-by: objecttothis Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis Removed unnecessary use statement Signed-off-by: objecttothis --- app/Config/Events.php | 1 - app/Controllers/Items.php | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/app/Config/Events.php b/app/Config/Events.php index 457b5aae0..bd84b5962 100644 --- a/app/Config/Events.php +++ b/app/Config/Events.php @@ -5,7 +5,6 @@ namespace Config; use App\Events\Db_log; use App\Events\Load_config; use App\Events\Method; -use App\Events\PurifyOutput; use CodeIgniter\Events\Events; use CodeIgniter\Exceptions\FrameworkException; use CodeIgniter\HotReloader\HotReloader; diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index 606c0bf74..ab2fc255b 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -269,8 +269,7 @@ class Items extends Secure_Controller */ public function getView(int $item_id = NEW_ENTRY): void //TODO: Long function. Perhaps we need to refactor out some methods. { - // Set default values - if($item_id == null) $item_id = NEW_ENTRY; + $item_id ??= NEW_ENTRY; if($item_id === NEW_ENTRY) { @@ -398,7 +397,6 @@ class Items extends Secure_Controller $data['image_path'] = ''; } - $stock_locations = $this->stock_location->get_undeleted_all()->getResultArray(); foreach($stock_locations as $location) @@ -1455,6 +1453,7 @@ class Items extends Secure_Controller */ private function sanitizeItemData(array $data): array { + $data['item_info']->name = Services::htmlPurifier()->purify($data['item_info']->name); $data['item_info']->category = Services::htmlPurifier()->purify($data['item_info']->category); $data['item_info']->item_number = Services::htmlPurifier()->purify($data['item_info']->item_number); $data['item_info']->description = Services::htmlPurifier()->purify($data['item_info']->description); @@ -1464,6 +1463,7 @@ class Items extends Secure_Controller /** * Sanitizes TEXT type attribute values to remove unsafe HTML tags and javascript. + * Table data is not sanitized here. * This is not meant to replace CI4 sanitization. * * @param array $data Attribute data to sanitize.