mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-26 10:03:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

Revert SQLi fixes (#3284)

Browse Source
This commit is contained in:
jekkos
2021-09-06 21:45:08 +02:00
parent 136448444d
commit a2e7c0a74b
15 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/controllers/Attributes.php
View File

@@ -24,7 +24,7 @@ class Attributes extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? definition.definition_name : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$attributes = $this->Attribute->search($search, $limit, $offset, $sort, $order);
@@ -189,4 +189,4 @@ class Attributes extends Secure_Controller
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('attributes_definition_cannot_be_deleted')));
}
}
}
}

2
application/controllers/Cashups.php
View File

@@ -25,7 +25,7 @@ class Cashups extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'cashup_id' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$filters = array(
'start_date' => $this->input->get('start_date'),

2
application/controllers/Customers.php
View File

@@ -58,7 +58,7 @@ class Customers extends Persons
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$customers = $this->Customer->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Employees.php
View File

@@ -17,7 +17,7 @@ class Employees extends Persons
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$employees = $this->Employee->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Expenses.php
View File

@@ -30,7 +30,7 @@ class Expenses extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'expense_id' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$filters = array(
'start_date' => $this->input->get('start_date'),

2
application/controllers/Expenses_categories.php
View File

@@ -24,7 +24,7 @@ class Expenses_categories extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'category_name' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$expense_categories = $this->Expense_category->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Giftcards.php
View File

@@ -24,7 +24,7 @@ class Giftcards extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'giftcard_number' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$giftcards = $this->Giftcard->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Item_kits.php
View File

@@ -59,7 +59,7 @@ class Item_kits extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? NAME : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$item_kits = $this->Item_kit->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Items.php
View File

@@ -40,7 +40,7 @@ class Items extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? NAME : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$this->item_lib->set_item_location($this->input->get('stock_location'));

6
application/controllers/Sales.php
View File

@@ -54,10 +54,10 @@ class Sales extends Secure_Controller
public function search()
{
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'sales.sale_time' : $this->db->escape($this->input->get('sort'));
$order = $this->input->get('order');
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$filters = array('sale_type' => 'all',
'location_id' => 'all',

2
application/controllers/Suppliers.php
View File

@@ -35,7 +35,7 @@ class Suppliers extends Persons
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$suppliers = $this->Supplier->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Tax_categories.php
View File

@@ -25,7 +25,7 @@ class Tax_categories extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'tax_category' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$tax_categories = $this->Tax_category->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Tax_codes.php
View File

@@ -29,7 +29,7 @@ class Tax_codes extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'tax_code_name' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$tax_codes = $this->Tax_code->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Tax_jurisdictions.php
View File

@@ -25,7 +25,7 @@ class Tax_jurisdictions extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'jurisdiction_name' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$tax_jurisdictions = $this->Tax_jurisdiction->search($search, $limit, $offset, $sort, $order);

2
application/controllers/Taxes.php
View File

@@ -57,7 +57,7 @@ class Taxes extends Secure_Controller
$search = $this->input->get('search');
$limit = $this->input->get('limit');
$offset = $this->input->get('offset');
$sort = $this->input->post('sort') === NULL ? 'tax_code_name' : $this->db->escape($this->input->get('sort'));
$sort = $this->input->get('sort');
$order = $this->input->get('order');
$tax_rates = $this->Tax->search($search, $limit, $offset, $sort, $order);