Barcode & escaping

- Removed overflow-visible as it is not needed.
- Bumped TamTamChik/nameCase to latest.
- Workaround to prevent nameCase from capitalizing the first letter of html entities
- Autoload security_helper.php
- Develop means of escaping outputs without encoding characters we don't want encoded.
- proof of concept in form_basic_info.php

app/Config/Autoload.php

@@ -208,6 +208,7 @@ class Autoload extends AutoloadConfig
 		'form',
 		'cookie',
 		'tabular',
-		'locale'
+		'locale',
+		'security'
 	];
 }

app/Controllers/Persons.php

@@ -3,7 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Person;
-use CodeIgniter\Model;
+use function \Tamtamchik\NameCase\str_name_case;
 
 abstract class Persons extends Secure_Controller
 {
@@ -59,8 +59,11 @@ abstract class Persons extends Secure_Controller
 	 *
 	 * returns John O'Grady-Smith
 	 */
-	protected function nameize(string $string): string    //TODO: The parameter should not be named $string.  Should also think about renaming the function.  The term is Proper Noun Capitalization, so perhaps something more reflective of that.
+	protected function nameize(string $input): string
 	{
-		return str_name_case($string);
+		$adjusted_name = str_name_case($input);
+
+		// Use preg_replace to match HTML entities and convert them to lowercase.
+		return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function($matches) { return strtolower($matches[0]); }, $adjusted_name);
 	}
 }

app/Helpers/security_helper.php

@@ -119,3 +119,15 @@ function remove_backup()
 	}
 	log_message('info', "File $backup_path has been removed");
 }
+
+function html_limited_decode(string $original, array $safe_characters): string
+{
+	$search = esc($safe_characters);
+	$replace = $safe_characters;
+	return str_replace($search, $replace, $original);
+}
+
+function esc_safe(string $input): string
+{
+	return htmlentities($input, ENT_QUOTES, 'UTF-8', false) === $input ? $input : esc($input);
+}

app/Libraries/Barcode_lib.php

@@ -4,7 +4,6 @@ namespace App\Libraries;
 
 use Config\OSPOS;
 use Exception;
-use Picqer\Barcode\BarcodeGeneratorPNG;
 use Picqer\Barcode\BarcodeGeneratorSVG;
 
 /**
@@ -155,7 +154,7 @@ class Barcode_lib
 			$display_table = '<table>';
 			$display_table .= '<tr><td style="text-align:center;">' . $this->manage_display_layout($barcode_config['barcode_first_row'], $item, $barcode_config) . '</td></tr>';
 			$barcode = $this->generate_barcode($item, $barcode_config);
-			$display_table .= '<tr><td style="text-align:center;"><div style=\'height:' . $barcode_config['barcode_height'] . 'px; width:'. $barcode_config['barcode_width'] . "px;overflow:visible;'>$barcode</div></td></tr>";
+			$display_table .= '<tr><td style="text-align:center;"><div style=\'height:' . $barcode_config['barcode_height'] . 'px; width:'. $barcode_config['barcode_width'] . "px'>$barcode</div></td></tr>";
 			$display_table .= '<tr><td style="text-align:center;">' . $this->manage_display_layout($barcode_config['barcode_second_row'], $item, $barcode_config) . '</td></tr>';
 			$display_table .= '<tr><td style="text-align:center;">' . $this->manage_display_layout($barcode_config['barcode_third_row'], $item, $barcode_config) . '</td></tr>';
 			$display_table .= '</table>';

app/Models/Customer.php

@@ -229,7 +229,6 @@ class Customer extends Person
 	public function save_customer(array &$person_data, array &$customer_data, int $customer_id = NEW_ENTRY): bool
 	{
 		$success = false;
-
 		$this->db->transStart();
 
 		if(parent::save_value($person_data, $customer_id))

app/Views/people/form_basic_info.php

@@ -11,7 +11,7 @@
 			'name' => 'first_name',
 			'id' => 'first_name',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->first_name))
+			'value' => html_limited_decode(esc_safe($person_info->first_name), ['\''])
 		]) ?>
 	</div>
 </div>
@@ -23,7 +23,7 @@
 			'name' => 'last_name',
 			'id' => 'last_name',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->last_name))
+			'value' => html_limited_decode(esc_safe($person_info->last_name), ['\''])
 		]) ?>
 	</div>
 </div>
@@ -62,7 +62,7 @@
 				'name' => 'email',
 				'id' => 'email',
 				'class' => 'form-control input-sm',
-				'value' => $person_info->email
+				'value' => esc($person_info->email)
 			]) ?>
 		</div>
 	</div>
@@ -77,7 +77,7 @@
 				'name' => 'phone_number',
 				'id' => 'phone_number',
 				'class' => 'form-control input-sm',
-				'value' => esc(html_entity_decode($person_info->phone_number))
+				'value' => esc($person_info->phone_number)
 			]) ?>
 		</div>
 	</div>
@@ -90,7 +90,7 @@
 			'name' => 'address_1',
 			'id' => 'address_1',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->address_1))
+			'value' => esc($person_info->address_1)
 		]) ?>
 	</div>
 </div>
@@ -102,7 +102,7 @@
 			'name' => 'address_2',
 			'id' => 'address_2',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->address_2))
+			'value' => esc($person_info->address_2)
 		]) ?>
 	</div>
 </div>
@@ -114,7 +114,7 @@
 			'name' => 'city',
 			'id' => 'city',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->city))
+			'value' => html_limited_decode(esc($person_info->city), ['\''])
 		]) ?>
 	</div>
 </div>
@@ -126,7 +126,7 @@
 			'name' => 'state',
 			'id' => 'state',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->state))
+			'value' => esc($person_info->state)
 		]) ?>
 	</div>
 </div>
@@ -138,7 +138,7 @@
 			'name' => 'zip',
 			'id' => 'postcode',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->zip))
+			'value' => esc($person_info->zip)
 		]) ?>
 	</div>
 </div>
@@ -150,7 +150,7 @@
 			'name' => 'country',
 			'id' => 'country',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->country))
+			'value' => html_limited_decode(esc($person_info->country), ['\''])
 		]) ?>
 	</div>
 </div>
@@ -162,7 +162,7 @@
 			'name' => 'comments',
 			'id' => 'comments',
 			'class' => 'form-control input-sm',
-			'value' => esc(html_entity_decode($person_info->comments))
+			'value' => html_limited_decode(esc($person_info->comments), ['\'', '&', '"'])
 		]) ?>
 	</div>
 </div>

composer.json

@@ -30,7 +30,7 @@
 		"paragonie/random_compat": "^2.0.21",
 		"picqer/php-barcode-generator": "^2.4.0",
 		"psr/log": "^1.1",
-		"tamtamchik/namecase": "^1.0.6"
+		"tamtamchik/namecase": "^3.0.0"
 	},
 	"require-dev": {
 		"codeigniter/coding-standard": "^1.7",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "c3dab086db00c12326789bba4fc940d8",
+    "content-hash": "aa9d3e97f50d42618e1c9e4ae34eca4b",
     "packages": [
         {
             "name": "codeigniter4/framework",
@@ -620,36 +620,37 @@
         },
         {
             "name": "tamtamchik/namecase",
-            "version": "1.0.6",
+            "version": "3.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/tamtamchik/namecase.git",
-                "reference": "9e16fb72e99b42cc17e4994420c7ac591497682f"
+                "reference": "f963f321a3afbde83f1bb1bda1d53b848c7015dd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tamtamchik/namecase/zipball/9e16fb72e99b42cc17e4994420c7ac591497682f",
-                "reference": "9e16fb72e99b42cc17e4994420c7ac591497682f",
+                "url": "https://api.github.com/repos/tamtamchik/namecase/zipball/f963f321a3afbde83f1bb1bda1d53b848c7015dd",
+                "reference": "f963f321a3afbde83f1bb1bda1d53b848c7015dd",
                 "shasum": ""
             },
             "require": {
                 "ext-mbstring": "*",
-                "php": ">=5.4.0"
+                "php": ">=7.3"
             },
             "require-dev": {
-                "phpunit/phpunit": "4.*",
-                "scrutinizer/ocular": "1.*"
+                "phpunit/phpunit": "^9",
+                "scrutinizer/ocular": "^1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.0-dev",
-                    "1.0.x": "1.0.x-dev"
+                    "dev-master": "3.0-dev",
+                    "2.x": "2.x-dev",
+                    "1.x": "1.x-dev"
                 }
             },
             "autoload": {
                 "files": [
-                    "src/functions.php"
+                    "src/function.php"
                 ],
                 "psr-4": {
                     "Tamtamchik\\NameCase\\": "src"
@@ -663,7 +664,7 @@
                 {
                     "name": "Yuri Tkachenko",
                     "email": "yuri.tam.tkachenko@gmail.com",
-                    "homepage": "http://tamtamchika.net"
+                    "homepage": "https://tamtamchika.net"
                 }
             ],
             "description": "This package allows you to convert names into the correct case where possible.",
@@ -677,9 +678,9 @@
             ],
             "support": {
                 "issues": "https://github.com/tamtamchik/namecase/issues",
-                "source": "https://github.com/tamtamchik/namecase/tree/1.0.x"
+                "source": "https://github.com/tamtamchik/namecase/tree/3.0.0"
             },
-            "time": "2020-03-05T09:03:13+00:00"
+            "time": "2023-01-26T15:07:18+00:00"
         }
     ],
     "packages-dev": [