mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-10 00:34:17 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: Escape dynamic output and fix CSS property in barcode_sheet.php (#4501)

Browse Source 
- Add esc() for dynamic output in HTML attributes and URLs
- Cast numeric values to int for CSS properties
- Fix invalid 'borderspacing' CSS property to 'border-spacing'
- Add quotes around class attribute

Closes #4487

Co-authored-by: Ollama <ollama@steganos.dev>
This commit is contained in:
jekkos
2026-04-16 19:37:06 +00:00
committed by GitHub
parent c714dd6f68
commit 97ca738b2d
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Views/barcodes/barcode_sheet.php
View File

@@ -13,17 +13,17 @@ $barcode_lib = new Barcode_lib();
<html lang="<?= current_language_code() ?>">
<head>
<meta charset="utf-8">
<title><?= lang('Items.generate_barcodes') ?></title>
<link rel="stylesheet" href="<?= base_url() ?>css/barcode_font.css">
<title><?= esc(lang('Items.generate_barcodes')) ?></title>
<link rel="stylesheet" href="<?= esc(base_url('css/barcode_font.css'), 'url') ?>">
<style>
.barcode svg {
height: <?= $barcode_config['barcode_height'] ?>px;
width: <?= $barcode_config['barcode_width'] ?>px;
height: <?= (int) $barcode_config['barcode_height'] ?>px;
width: <?= (int) $barcode_config['barcode_width'] ?>px;
}
</style>
</head>
<body class=<?= 'font_' . $barcode_lib->get_font_name($barcode_config['barcode_font']) ?> style="font-size: <?= $barcode_config['barcode_font_size'] ?>px;">
<table style="border-spacing: <?= $barcode_config['barcode_page_cellspacing'] ?>; width: <?= $barcode_config['barcode_page_width'] ?>%;">
<body class="<?= esc('font_' . $barcode_lib->get_font_name($barcode_config['barcode_font']), 'attr') ?>" style="font-size: <?= (int) $barcode_config['barcode_font_size'] ?>px;">
<table style="border-spacing: <?= (int) $barcode_config['barcode_page_cellspacing'] ?>px; width: <?= (int) $barcode_config['barcode_page_width'] ?>%;">
<tr>
<?php
$count = 0;