From b11377041de99a54c15b6d4eed2b14feb7df9541 Mon Sep 17 00:00:00 2001 From: FrancescoUK Date: Sat, 4 Jun 2016 15:05:02 +0100 Subject: [PATCH] XSS clean Customers, Employees, Suppliers, Person, Item_kits. Minor fix Giftcards and Config (#39) --- application/controllers/Config.php | 184 +++++++-------- application/controllers/Customers.php | 211 ++++++++++-------- application/controllers/Employees.php | 134 +++++++---- application/controllers/Giftcards.php | 32 ++- application/controllers/Item_kits.php | 105 ++++++--- application/controllers/Person_controller.php | 15 +- application/controllers/Suppliers.php | 110 +++++---- application/views/employees/form.php | 27 ++- application/views/item_kits/form.php | 5 +- 9 files changed, 462 insertions(+), 361 deletions(-) diff --git a/application/controllers/Config.php b/application/controllers/Config.php index 8a86bcb8c..13e11cce1 100644 --- a/application/controllers/Config.php +++ b/application/controllers/Config.php @@ -27,13 +27,13 @@ class Config extends Secure_area $upload_data = $this->upload->data(); $batch_save_data = array( - 'company'=>$this->input->post('company'), - 'address'=>$this->input->post('address'), - 'phone'=>$this->input->post('phone'), - 'email'=>$this->input->post('email'), - 'fax'=>$this->input->post('fax'), - 'website'=>$this->input->post('website'), - 'return_policy'=>$this->input->post('return_policy') + 'company' => $this->input->post('company'), + 'address' => $this->input->post('address'), + 'phone' => $this->input->post('phone'), + 'email' => $this->input->post('email'), + 'fax' => $this->input->post('fax'), + 'website' => $this->input->post('website'), + 'return_policy' => $this->input->post('return_policy') ); if (!empty($upload_data['orig_name'])) @@ -46,80 +46,80 @@ class Config extends Secure_area } $result = $this->Appconfig->batch_save($batch_save_data); - $success = $upload_success && $result ? true : false; + $success = $upload_success && $result ? TRUE : FALSE; $message = $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'); $message = $upload_success ? $message : $this->upload->display_errors(); - echo json_encode(array('success'=>$success, 'message'=>$message)); + echo json_encode(array('success' => $success, 'message' => $message)); } public function save_general() { $batch_save_data = array( - 'default_tax_1_rate'=>$this->input->post('default_tax_1_rate'), - 'default_tax_1_name'=>$this->input->post('default_tax_1_name'), - 'default_tax_2_rate'=>$this->input->post('default_tax_2_rate'), - 'default_tax_2_name'=>$this->input->post('default_tax_2_name'), - 'tax_included'=>$this->input->post('tax_included') != null, - 'receiving_calculate_average_price'=>$this->input->post('receiving_calculate_average_price') != null, - 'lines_per_page'=>$this->input->post('lines_per_page'), - 'default_sales_discount'=>$this->input->post('default_sales_discount'), - 'config_notify_horizontal_position'=>$this->input->post('config_notify_horizontal_position'), - 'config_notify_vertical_position'=>$this->input->post('config_notify_vertical_position'), - 'custom1_name'=>$this->input->post('custom1_name'), - 'custom2_name'=>$this->input->post('custom2_name'), - 'custom3_name'=>$this->input->post('custom3_name'), - 'custom4_name'=>$this->input->post('custom4_name'), - 'custom5_name'=>$this->input->post('custom5_name'), - 'custom6_name'=>$this->input->post('custom6_name'), - 'custom7_name'=>$this->input->post('custom7_name'), - 'custom8_name'=>$this->input->post('custom8_name'), - 'custom9_name'=>$this->input->post('custom9_name'), - 'custom10_name'=>$this->input->post('custom10_name') + 'default_tax_1_rate' => $this->input->post('default_tax_1_rate'), + 'default_tax_1_name' => $this->input->post('default_tax_1_name'), + 'default_tax_2_rate' => $this->input->post('default_tax_2_rate'), + 'default_tax_2_name' => $this->input->post('default_tax_2_name'), + 'tax_included' => $this->input->post('tax_included') != NULL, + 'receiving_calculate_average_price' => $this->input->post('receiving_calculate_average_price') != NULL, + 'lines_per_page' => $this->input->post('lines_per_page'), + 'default_sales_discount' => $this->input->post('default_sales_discount'), + 'config_notify_horizontal_position' => $this->input->post('config_notify_horizontal_position'), + 'config_notify_vertical_position' => $this->input->post('config_notify_vertical_position'), + 'custom1_name' => $this->input->post('custom1_name'), + 'custom2_name' => $this->input->post('custom2_name'), + 'custom3_name' => $this->input->post('custom3_name'), + 'custom4_name' => $this->input->post('custom4_name'), + 'custom5_name' => $this->input->post('custom5_name'), + 'custom6_name' => $this->input->post('custom6_name'), + 'custom7_name' => $this->input->post('custom7_name'), + 'custom8_name' => $this->input->post('custom8_name'), + 'custom9_name' => $this->input->post('custom9_name'), + 'custom10_name' => $this->input->post('custom10_name') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } function save_locale() { $batch_save_data = array( - 'currency_symbol'=>$this->input->post('currency_symbol'), - 'currency_side'=>$this->input->post('currency_side') != null, - 'language'=>$this->input->post('language'), - 'timezone'=>$this->input->post('timezone'), - 'dateformat'=>$this->input->post('dateformat'), - 'timeformat'=>$this->input->post('timeformat'), - 'thousands_separator'=>$this->input->post('thousands_separator'), - 'decimal_point'=>$this->input->post('decimal_point'), - 'currency_decimals'=>$this->input->post('currency_decimals'), - 'tax_decimals'=>$this->input->post('tax_decimals'), - 'quantity_decimals'=>$this->input->post('quantity_decimals'), - 'country_codes'=>$this->input->post('country_codes') + 'currency_symbol' => $this->input->post('currency_symbol'), + 'currency_side' => $this->input->post('currency_side') != NULL, + 'language' => $this->input->post('language'), + 'timezone' => $this->input->post('timezone'), + 'dateformat' => $this->input->post('dateformat'), + 'timeformat' => $this->input->post('timeformat'), + 'thousands_separator' => $this->input->post('thousands_separator'), + 'decimal_point' => $this->input->post('decimal_point'), + 'currency_decimals' => $this->input->post('currency_decimals'), + 'tax_decimals' => $this->input->post('tax_decimals'), + 'quantity_decimals' => $this->input->post('quantity_decimals'), + 'country_codes' => $this->input->post('country_codes') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function save_message() { $batch_save_data = array( - 'msg_msg'=>$this->input->post('msg_msg'), - 'msg_uid'=>$this->input->post('msg_uid'), - 'msg_pwd'=>$this->input->post('msg_pwd'), - 'msg_src'=>$this->input->post('msg_src') + 'msg_msg' => $this->input->post('msg_msg'), + 'msg_uid' => $this->input->post('msg_uid'), + 'msg_pwd' => $this->input->post('msg_pwd'), + 'msg_src' => $this->input->post('msg_src') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function stock_locations() @@ -128,7 +128,7 @@ class Config extends Secure_area $stock_locations = $this->security->xss_clean($stock_locations); - $this->load->view('partial/stock_locations', array('stock_locations'=>$stock_locations)); + $this->load->view('partial/stock_locations', array('stock_locations' => $stock_locations)); } private function _clear_session_state() @@ -154,7 +154,7 @@ class Config extends Secure_area $location_id = preg_replace("/.*?_(\d+)$/", "$1", $key); unset($deleted_locations[$location_id]); // save or update - $location_data = array('location_name'=>$value); + $location_data = array('location_name' => $value); if ($this->Stock_location->save($location_data, $location_id)) { $this->_clear_session_state(); @@ -172,78 +172,78 @@ class Config extends Secure_area $success = $this->db->trans_status(); - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function save_barcode() { $batch_save_data = array( - 'barcode_type'=>$this->input->post('barcode_type'), - 'barcode_quality'=>$this->input->post('barcode_quality'), - 'barcode_width'=>$this->input->post('barcode_width'), - 'barcode_height'=>$this->input->post('barcode_height'), - 'barcode_font'=>$this->input->post('barcode_font'), - 'barcode_font_size'=>$this->input->post('barcode_font_size'), - 'barcode_first_row'=>$this->input->post('barcode_first_row'), - 'barcode_second_row'=>$this->input->post('barcode_second_row'), - 'barcode_third_row'=>$this->input->post('barcode_third_row'), - 'barcode_num_in_row'=>$this->input->post('barcode_num_in_row'), - 'barcode_page_width'=>$this->input->post('barcode_page_width'), - 'barcode_page_cellspacing'=>$this->input->post('barcode_page_cellspacing'), - 'barcode_generate_if_empty'=>$this->input->post('barcode_generate_if_empty') != null, - 'barcode_content'=>$this->input->post('barcode_content') + 'barcode_type' => $this->input->post('barcode_type'), + 'barcode_quality' => $this->input->post('barcode_quality'), + 'barcode_width' => $this->input->post('barcode_width'), + 'barcode_height' => $this->input->post('barcode_height'), + 'barcode_font' => $this->input->post('barcode_font'), + 'barcode_font_size' => $this->input->post('barcode_font_size'), + 'barcode_first_row' => $this->input->post('barcode_first_row'), + 'barcode_second_row' => $this->input->post('barcode_second_row'), + 'barcode_third_row' => $this->input->post('barcode_third_row'), + 'barcode_num_in_row' => $this->input->post('barcode_num_in_row'), + 'barcode_page_width' => $this->input->post('barcode_page_width'), + 'barcode_page_cellspacing' => $this->input->post('barcode_page_cellspacing'), + 'barcode_generate_if_empty' => $this->input->post('barcode_generate_if_empty') != NULL, + 'barcode_content' => $this->input->post('barcode_content') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function save_receipt() { $batch_save_data = array ( - 'receipt_show_taxes'=>$this->input->post('receipt_show_taxes') != null, - 'receipt_show_total_discount'=>$this->input->post('receipt_show_total_discount') != null, - 'receipt_show_description'=>$this->input->post('receipt_show_description') != null, - 'receipt_show_serialnumber'=>$this->input->post('receipt_show_serialnumber') != null, - 'print_silently'=>$this->input->post('print_silently') != null, - 'print_header'=>$this->input->post('print_header') != null, - 'print_footer'=>$this->input->post('print_footer') != null, - 'print_top_margin'=>$this->input->post('print_top_margin'), - 'print_left_margin'=>$this->input->post('print_left_margin'), - 'print_bottom_margin'=>$this->input->post('print_bottom_margin'), - 'print_right_margin'=>$this->input->post('print_right_margin') + 'receipt_show_taxes' => $this->input->post('receipt_show_taxes') != NULL, + 'receipt_show_total_discount' => $this->input->post('receipt_show_total_discount') != NULL, + 'receipt_show_description' => $this->input->post('receipt_show_description') != NULL, + 'receipt_show_serialnumber' => $this->input->post('receipt_show_serialnumber') != NULL, + 'print_silently' => $this->input->post('print_silently') != NULL, + 'print_header' => $this->input->post('print_header') != NULL, + 'print_footer' => $this->input->post('print_footer') != NULL, + 'print_top_margin' => $this->input->post('print_top_margin'), + 'print_left_margin' => $this->input->post('print_left_margin'), + 'print_bottom_margin' => $this->input->post('print_bottom_margin'), + 'print_right_margin' => $this->input->post('print_right_margin') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function save_invoice() { $batch_save_data = array ( - 'invoice_enable'=>$this->input->post('invoice_enable') != null, - 'sales_invoice_format'=>$this->input->post('sales_invoice_format'), - 'recv_invoice_format'=>$this->input->post('recv_invoice_format'), - 'use_invoice_template'=>$this->input->post('use_invoice_template') != null, - 'invoice_default_comments'=>$this->input->post('invoice_default_comments'), - 'invoice_email_message'=>$this->input->post('invoice_email_message') + 'invoice_enable' => $this->input->post('invoice_enable') != NULL, + 'sales_invoice_format' => $this->input->post('sales_invoice_format'), + 'recv_invoice_format' => $this->input->post('recv_invoice_format'), + 'use_invoice_template' => $this->input->post('use_invoice_template') != NULL, + 'invoice_default_comments' => $this->input->post('invoice_default_comments'), + 'invoice_email_message' => $this->input->post('invoice_email_message') ); $result = $this->Appconfig->batch_save($batch_save_data); - $success = $result ? true : false; + $success = $result ? TRUE : FALSE; - echo json_encode(array('success'=>$success, 'message'=>$this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); + echo json_encode(array('success' => $success, 'message' => $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully'))); } public function remove_logo() { $result = $this->Appconfig->batch_save(array('company_logo' => '')); - echo json_encode(array('success'=>$result)); + echo json_encode(array('success' => $result)); } private function _handle_logo_upload() diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 9d0c6cfbc..282257c9b 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -1,5 +1,6 @@ get_controller_name(); $data['table_headers'] = get_people_manage_table_headers(); + + $data = $this->security->xss_clean($data); $this->load->view('people/manage', $data); } @@ -18,13 +21,13 @@ class Customers extends Person_controller /* Returns customer table data rows. This will be called with AJAX. */ - function search() + public function search() { $search = $this->input->get('search'); - $limit = $this->input->get('limit'); + $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); - $order = $this->input->get('order'); + $sort = $this->input->get('sort'); + $order = $this->input->get('order'); $customers = $this->Customer->search($search, $limit, $offset, $sort, $order); $total_rows = $this->Customer->get_found_rows($search); @@ -34,22 +37,25 @@ class Customers extends Person_controller { $data_rows[] = get_person_data_row($person, $this); } + + $data_rows = $this->security->xss_clean($data_rows); + echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } /* Gives search suggestions based on what is being searched for */ - function suggest() + public function suggest() { - $suggestions = $this->Customer->get_search_suggestions($this->input->get('term'), TRUE); + $suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->get('term'), TRUE)); echo json_encode($suggestions); } - function suggest_search() + public function suggest_search() { - $suggestions = $this->Customer->get_search_suggestions($this->input->post('term'), FALSE); + $suggestions = $this->security->xss_clean($this->Customer->get_search_suggestions($this->input->post('term'), FALSE)); echo json_encode($suggestions); } @@ -57,10 +63,16 @@ class Customers extends Person_controller /* Loads the customer edit form */ - function view($customer_id=-1) + public function view($customer_id = -1) { - $data['person_info'] = $this->Customer->get_info($customer_id); - $data['total'] = $this->Customer->get_totals($customer_id)->total; + $info = $this->Customer->get_info($customer_id); + foreach(get_object_vars($info) as $property => $value) + { + $info->$property = $this->security->xss_clean($value); + } + $data['person_info'] = $info; + + $data['total'] = $this->security->xss_clean($this->Customer->get_totals($customer_id)->total); $this->load->view("customers/form", $data); } @@ -68,135 +80,140 @@ class Customers extends Person_controller /* Inserts/updates a customer */ - function save($customer_id=-1) + public function save($customer_id = -1) { $person_data = array( - 'first_name'=>$this->input->post('first_name'), - 'last_name'=>$this->input->post('last_name'), - 'gender'=>$this->input->post('gender'), - 'email'=>$this->input->post('email'), - 'phone_number'=>$this->input->post('phone_number'), - 'address_1'=>$this->input->post('address_1'), - 'address_2'=>$this->input->post('address_2'), - 'city'=>$this->input->post('city'), - 'state'=>$this->input->post('state'), - 'zip'=>$this->input->post('zip'), - 'country'=>$this->input->post('country'), - 'comments'=>$this->input->post('comments') + 'first_name' => $this->input->post('first_name'), + 'last_name' => $this->input->post('last_name'), + 'gender' => $this->input->post('gender'), + 'email' => $this->input->post('email'), + 'phone_number' => $this->input->post('phone_number'), + 'address_1' => $this->input->post('address_1'), + 'address_2' => $this->input->post('address_2'), + 'city' => $this->input->post('city'), + 'state' => $this->input->post('state'), + 'zip' => $this->input->post('zip'), + 'country' => $this->input->post('country'), + 'comments' => $this->input->post('comments') ); - $customer_data=array( - 'account_number'=>$this->input->post('account_number') == '' ? null : $this->input->post('account_number'), - 'company_name'=>$this->input->post('company_name') == '' ? null : $this->input->post('company_name'), - 'discount_percent'=>$this->input->post('discount_percent') == '' ? 0.00 : $this->input->post('discount_percent'), - 'taxable'=>$this->input->post('taxable') != null + $customer_data = array( + 'account_number' => $this->input->post('account_number') == '' ? NULL : $this->input->post('account_number'), + 'company_name' => $this->input->post('company_name') == '' ? NULL : $this->input->post('company_name'), + 'discount_percent' => $this->input->post('discount_percent') == '' ? 0.00 : $this->input->post('discount_percent'), + 'taxable' => $this->input->post('taxable') != NULL ); - if($this->Customer->save_customer($person_data,$customer_data,$customer_id)) + + if($this->Customer->save_customer($person_data, $customer_data, $customer_id)) { + $person_data = $this->security->xss_clean($person_data); + $customer_data = $this->security->xss_clean($customer_data); + //New customer - if($customer_id==-1) + if($customer_id == -1) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('customers_successful_adding').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => $customer_data['person_id'])); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('customers_successful_adding').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $customer_data['person_id'])); } - else //previous customer + else //Existing customer { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('customers_successful_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => $customer_id)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('customers_successful_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $customer_id)); } } else//failure - { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('customers_error_adding_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); + { + $person_data = $this->security->xss_clean($person_data); + + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('customers_error_adding_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); } } - function check_account_number() + public function check_account_number() { - $exists = $this->Customer->account_number_exists($this->input->post('account_number'),$this->input->post('person_id')); + $exists = $this->Customer->account_number_exists($this->input->post('account_number'), $this->input->post('person_id')); - echo !$exists ? 'true' : 'false'; + echo !$exists ? 'TRUE' : 'FALSE'; } /* This deletes customers from the customers table */ - function delete() + public function delete() { - $customers_to_delete=$this->input->post('ids'); - + $customers_to_delete = $this->security->xss_clean($this->input->post('ids')); + if($this->Customer->delete_list($customers_to_delete)) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('customers_successful_deleted').' '. - count($customers_to_delete).' '.$this->lang->line('customers_one_or_multiple'))); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('customers_successful_deleted').' '. + count($customers_to_delete).' '.$this->lang->line('customers_one_or_multiple'))); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('customers_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('customers_cannot_be_deleted'))); } } - - function excel() + + /* + Customer import from excel spreadsheet + */ + public function excel() { $data = file_get_contents("import_customers.csv"); $name = 'import_customers.csv'; force_download($name, $data); } - function excel_import() + public function excel_import() { - $this->load->view("customers/form_excel_import", null); + $this->load->view("customers/form_excel_import", NULL); } - function do_excel_import() + public function do_excel_import() { - $msg = 'do_excel_import'; - $failCodes = array(); - - if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) + if($_FILES['file_path']['error'] != UPLOAD_ERR_OK) { - $msg = $this->lang->line('items_excel_import_failed'); - echo json_encode( array('success'=>false,'message'=>$msg) ); - - return; + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_excel_import_failed'))); } else { - if (($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE) + if(($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE) { // Skip the first row as it's the table description fgetcsv($handle); - - $i=1; - while (($data = fgetcsv($handle)) !== FALSE) + $i = 1; + + $failCodes = array(); + + while(($data = fgetcsv($handle)) !== FALSE) { // XSS file data sanity check $data = $this->security->xss_clean($data); $person_data = array( - 'first_name'=>$data[0], - 'last_name'=>$data[1], - 'gender'=>$data[2], - 'email'=>$data[3], - 'phone_number'=>$data[4], - 'address_1'=>$data[5], - 'address_2'=>$data[6], - 'city'=>$data[7], - 'state'=>$data[8], - 'zip'=>$data[9], - 'country'=>$data[10], - 'comments'=>$data[11] + 'first_name' => $data[0], + 'last_name' => $data[1], + 'gender' => $data[2], + 'email' => $data[3], + 'phone_number' => $data[4], + 'address_1' => $data[5], + 'address_2' => $data[6], + 'city' => $data[7], + 'state' => $data[8], + 'zip' => $data[9], + 'country' => $data[10], + 'comments' => $data[11] ); $customer_data = array( - 'company_name'=>$data[12], - 'discount_percent'=>$data[14], - 'taxable'=>$data[15]=='' ? 0 : 1 + 'company_name' => $data[12], + 'discount_percent' => $data[14], + 'taxable' => $data[15]=='' ? 0 : 1 ); $account_number = $data[13]; - $invalidated = false; - if ($account_number != "") + $invalidated = FALSE; + if($account_number != "") { $customer_data['account_number'] = $account_number; $invalidated = $this->Customer->account_number_exists($account_number); @@ -209,27 +226,23 @@ class Customers extends Person_controller $i++; } + + if(count($failCodes) > 0) + { + $msg = 'Most customers imported. But some were not, here is list of their CODE (' . count($failCodes) . '): ' . implode(', ', $failCodes); + + echo json_encode(array('success' => FALSE, 'message' => $msg)); + } + else + { + echo json_encode(array('success' => TRUE, 'message' => 'Import of Customers successful')); + } } else { - echo json_encode( array('success'=>false, 'message'=>'Your uploaded file has no data or wrong format') ); - - return; + echo json_encode(array('success' => FALSE, 'message' => 'Your uploaded file has no data or wrong format')); } } - - $success = true; - if(count($failCodes) > 0) - { - $msg = "Most customers imported. But some were not, here is list of their CODE (" .count($failCodes) ."): ".implode(", ", $failCodes); - $success = false; - } - else - { - $msg = "Import of Customers successful"; - } - - echo json_encode( array('success'=>$success, 'message'=>$msg) ); } } ?> \ No newline at end of file diff --git a/application/controllers/Employees.php b/application/controllers/Employees.php index a8f484d6d..c4f2fa205 100644 --- a/application/controllers/Employees.php +++ b/application/controllers/Employees.php @@ -8,124 +8,162 @@ class Employees extends Person_controller parent::__construct('employees'); } - function index() + public function index() { $data['controller_name'] = $this->get_controller_name(); $data['table_headers'] = get_people_manage_table_headers(); - $this->load->view('people/manage',$data); + + $data = $this->security->xss_clean($data); + + $this->load->view('people/manage', $data); } /* Returns employee table data rows. This will be called with AJAX. */ - function search() + public function search() { $search = $this->input->get('search'); - $limit = $this->input->get('limit'); + $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); - $order = $this->input->get('order'); + $sort = $this->input->get('sort'); + $order = $this->input->get('order'); $employees = $this->Employee->search($search, $limit, $offset, $sort, $order); $total_rows = $this->Employee->get_found_rows($search); + $data_rows = array(); foreach($employees->result() as $person) { $data_rows[] = get_person_data_row($person, $this); } + + $data_rows = $this->security->xss_clean($data_rows); + echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } /* Gives search suggestions based on what is being searched for */ - function suggest_search() + public function suggest_search() { - $suggestions = $this->Employee->get_search_suggestions($this->input->post('term')); + $suggestions = $this->security->xss_clean($this->Employee->get_search_suggestions($this->input->post('term'))); + echo json_encode($suggestions); } /* Loads the employee edit form */ - function view($employee_id=-1) + public function view($employee_id = -1) { - $data['person_info']=$this->Employee->get_info($employee_id); - $data['all_modules']=$this->Module->get_all_modules(); - $data['all_subpermissions']=$this->Module->get_all_subpermissions(); - $this->load->view("employees/form",$data); + $person_info = $this->Employee->get_info($employee_id); + foreach(get_object_vars($person_info) as $property => $value) + { + $person_info->$property = $this->security->xss_clean($value); + } + $data['person_info'] = $person_info; + + $modules = array(); + foreach($this->Module->get_all_modules()->result() as $module) + { + $module->module_id = $this->security->xss_clean($module->module_id); + $module->grant = $this->security->xss_clean($this->Employee->has_grant($module->module_id, $person_info->person_id)); + + $modules[] = $module; + } + $data['all_modules'] = $modules; + + $permissions = array(); + foreach($this->Module->get_all_subpermissions()->result() as $permission) + { + $permission->module_id = $this->security->xss_clean($permission->module_id); + $permission->permission_id = $this->security->xss_clean($permission->permission_id); + $permission->grant = $this->security->xss_clean($this->Employee->has_grant($permission->permission_id, $person_info->person_id)); + + $permissions[] = $permission; + } + $data['all_subpermissions'] = $permissions; + + $this->load->view("employees/form", $data); } /* Inserts/updates an employee */ - function save($employee_id=-1) + public function save($employee_id = -1) { $person_data = array( - 'first_name'=>$this->input->post('first_name'), - 'last_name'=>$this->input->post('last_name'), - 'gender'=>$this->input->post('gender'), - 'email'=>$this->input->post('email'), - 'phone_number'=>$this->input->post('phone_number'), - 'address_1'=>$this->input->post('address_1'), - 'address_2'=>$this->input->post('address_2'), - 'city'=>$this->input->post('city'), - 'state'=>$this->input->post('state'), - 'zip'=>$this->input->post('zip'), - 'country'=>$this->input->post('country'), - 'comments'=>$this->input->post('comments') + 'first_name' => $this->input->post('first_name'), + 'last_name' => $this->input->post('last_name'), + 'gender' => $this->input->post('gender'), + 'email' => $this->input->post('email'), + 'phone_number' => $this->input->post('phone_number'), + 'address_1' => $this->input->post('address_1'), + 'address_2' => $this->input->post('address_2'), + 'city' => $this->input->post('city'), + 'state' => $this->input->post('state'), + 'zip' => $this->input->post('zip'), + 'country' => $this->input->post('country'), + 'comments' => $this->input->post('comments') ); - $grants_data = $this->input->post('grants') != null ? $this->input->post('grants') : array(); + $grants_data = $this->input->post('grants') != NULL ? $this->input->post('grants') : array(); //Password has been changed OR first time password set - if ( $this->input->post('password') != '' ) + if($this->input->post('password') != '') { - $employee_data=array( - 'username'=>$this->input->post('username'), - 'password'=>md5($this->input->post('password')) + $employee_data = array( + 'username' => $this->input->post('username'), + 'password' => md5($this->input->post('password')) ); } else //Password not changed { - $employee_data=array('username'=>$this->input->post('username')); + $employee_data = array('username' => $this->input->post('username')); } - if($this->Employee->save_employee($person_data,$employee_data,$grants_data,$employee_id)) + if($this->Employee->save_employee($person_data, $employee_data, $grants_data, $employee_id)) { + $person_data = $this->security->xss_clean($person_data); + $employee_data = $this->security->xss_clean($employee_data); + //New employee - if($employee_id==-1) + if($employee_id == -1) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('employees_successful_adding').' '. - $person_data['first_name'].' '.$person_data['last_name'],'id'=>$employee_data['person_id'])); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_adding').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_data['person_id'])); } - else //previous employee + else //Existing employee { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('employees_successful_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'],'id'=>$employee_id)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_id)); } } else//failure - { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('employees_error_adding_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'],'id'=>-1)); + { + $person_data = $this->security->xss_clean($person_data); + + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_error_adding_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); } } /* This deletes employees from the employees table */ - function delete() + public function delete() { - $employees_to_delete=$this->input->post('ids'); - + $employees_to_delete = $this->security->xss_clean($this->input->post('ids')); + if($this->Employee->delete_list($employees_to_delete)) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('employees_successful_deleted').' '. - count($employees_to_delete).' '.$this->lang->line('employees_one_or_multiple'))); + echo json_encode(array('success' => TRUE,'message' => $this->lang->line('employees_successful_deleted').' '. + count($employees_to_delete).' '.$this->lang->line('employees_one_or_multiple'))); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('employees_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE,'message' => $this->lang->line('employees_cannot_be_deleted'))); } } } diff --git a/application/controllers/Giftcards.php b/application/controllers/Giftcards.php index e7d946f51..27fca2915 100644 --- a/application/controllers/Giftcards.php +++ b/application/controllers/Giftcards.php @@ -49,18 +49,14 @@ class Giftcards extends Secure_area implements iData_controller */ public function suggest_search() { - $suggestions = $this->Giftcard->get_search_suggestions($this->input->post('term')); - - $suggestions = $this->security->xss_clean($suggestions); + $suggestions = $this->security->xss_clean($this->Giftcard->get_search_suggestions($this->input->post('term'))); echo json_encode($suggestions); } public function get_row($row_id) { - $data_row = get_giftcard_data_row($this->Giftcard->get_info($row_id), $this); - - $data_row = $this->security->xss_clean($data_row); + $data_row = $this->security->xss_clean(get_giftcard_data_row($this->Giftcard->get_info($row_id), $this)); echo json_encode($data_row); } @@ -91,39 +87,41 @@ class Giftcards extends Secure_area implements iData_controller if($this->Giftcard->save($giftcard_data, $giftcard_id)) { + $giftcard_data = $this->security->xss_clean($giftcard_data); + //New giftcard if($giftcard_id == -1) { - echo json_encode(array('success'=>true, 'message'=>$this->lang->line('giftcards_successful_adding').' '. - $giftcard_data['giftcard_number'], 'id'=>$giftcard_data['giftcard_id'])); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('giftcards_successful_adding').' '. + $giftcard_data['giftcard_number'], 'id' => $giftcard_data['giftcard_id'])); } else //Existing giftcard { - echo json_encode(array('success'=>true, 'message'=>$this->lang->line('giftcards_successful_updating').' '. - $giftcard_data['giftcard_number'], 'id'=>$giftcard_id)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('giftcards_successful_updating').' '. + $giftcard_data['giftcard_number'], 'id' => $giftcard_id)); } } else //failure { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('giftcards_error_adding_updating').' '. - $giftcard_data['giftcard_number'], 'id'=>-1)); + $giftcard_data = $this->security->xss_clean($giftcard_data); + + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('giftcards_error_adding_updating').' '. + $giftcard_data['giftcard_number'], 'id' => -1)); } } public function delete() { - $giftcards_to_delete = $this->input->post('ids'); - - $giftcards_to_delete = $this->security->xss_clean($giftcards_to_delete); + $giftcards_to_delete = $this->security->xss_clean($this->input->post('ids')); if($this->Giftcard->delete_list($giftcards_to_delete)) { - echo json_encode(array('success'=>true, 'message'=>$this->lang->line('giftcards_successful_deleted').' '. + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('giftcards_successful_deleted').' '. count($giftcards_to_delete).' '.$this->lang->line('giftcards_one_or_multiple'))); } else { - echo json_encode(array('success'=>false, 'message'=>$this->lang->line('giftcards_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('giftcards_cannot_be_deleted'))); } } } diff --git a/application/controllers/Item_kits.php b/application/controllers/Item_kits.php index 5071cb9e4..bf136f4b0 100644 --- a/application/controllers/Item_kits.php +++ b/application/controllers/Item_kits.php @@ -10,14 +10,18 @@ class Item_kits extends Secure_area implements iData_controller } // add the total cost and retail price to a passed items kit retrieving the data from each singolar item part of the kit - private function add_totals_to_item_kit($item_kit) + private function _add_totals_to_item_kit($item_kit) { $item_kit->total_cost_price = 0; $item_kit->total_unit_price = 0; - foreach ($this->Item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) + foreach($this->Item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) { $item_info = $this->Item->get_info($item_kit_item['item_id']); + foreach(get_object_vars($item_info) as $property => $value) + { + $item_info->$property = $this->security->xss_clean($value); + } $item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity']; $item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity']; @@ -26,24 +30,26 @@ class Item_kits extends Secure_area implements iData_controller return $item_kit; } - function index() + public function index() { $data['controller_name'] = $this->get_controller_name(); $data['table_headers'] = get_item_kits_manage_table_headers(); + $data = $this->security->xss_clean($data); + $this->load->view('item_kits/manage', $data); } /* Returns Item kits table data rows. This will be called with AJAX. */ - function search() + public function search() { $search = $this->input->get('search'); - $limit = $this->input->get('limit'); + $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); - $order = $this->input->get('order'); + $sort = $this->input->get('sort'); + $order = $this->input->get('order'); $item_kits = $this->Item_kit->search($search, $limit, $offset, $sort, $order); $total_rows = $this->Item_kit->get_found_rows($search); @@ -52,49 +58,70 @@ class Item_kits extends Secure_area implements iData_controller foreach($item_kits->result() as $item_kit) { // calculate the total cost and retail price of the Kit so it can be printed out in the manage table - $item_kit = $this->add_totals_to_item_kit($item_kit); + $item_kit = $this->_add_totals_to_item_kit($item_kit); $data_rows[] = get_item_kit_data_row($item_kit, $this); } + $data_rows = $this->security->xss_clean($data_rows); + echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } - function suggest_search() + public function suggest_search() { - $suggestions = $this->Item_kit->get_search_suggestions($this->input->post('term')); + $suggestions = $this->security->xss_clean($this->Item_kit->get_search_suggestions($this->input->post('term'))); + echo json_encode($suggestions); } - function get_row($row_id) + public function get_row($row_id) { // calculate the total cost and retail price of the Kit so it can be added to the table refresh - $item_kit = $this->add_totals_to_item_kit($this->Item_kit->get_info($row_id)); + $item_kit = $this->_add_totals_to_item_kit($this->Item_kit->get_info($row_id)); echo json_encode(get_item_kit_data_row($item_kit, $this)); } - - function view($item_kit_id=-1) + + public function view($item_kit_id = -1) { - $data['item_kit_info'] = $this->Item_kit->get_info($item_kit_id); + $info = $this->Item_kit->get_info($item_kit_id); + foreach(get_object_vars($info) as $property => $value) + { + $info->$property = $this->security->xss_clean($value); + } + $data['item_kit_info'] = $info; + + $items = array(); + foreach($this->Item_kit_items->get_info($item_kit_id) as $item_kit_item) + { + $item['name'] = $this->security->xss_clean($this->Item->get_info($item_kit_item['item_id'])->name); + $item['item_id'] = $this->security->xss_clean($item_kit_item['item_id']); + $item['quantity'] = $this->security->xss_clean($item_kit_item['quantity']); + + $items[] = $item; + } + $data['item_kit_items'] = $items; + $this->load->view("item_kits/form", $data); } - function save($item_kit_id=-1) + public function save($item_kit_id = -1) { $item_kit_data = array( 'name' => $this->input->post('name'), 'description' => $this->input->post('description') ); - if ($this->Item_kit->save($item_kit_data, $item_kit_id)) + if($this->Item_kit->save($item_kit_data, $item_kit_id)) { $success = TRUE; //New item kit - if ($item_kit_id==-1) { + if ($item_kit_id == -1) + { $item_kit_id = $item_kit_data['item_kit_id']; } - if ( $this->input->post('item_kit_item') != null ) + if($this->input->post('item_kit_item') != NULL) { $item_kit_items = array(); foreach($this->input->post('item_kit_item') as $item_id => $quantity) @@ -107,46 +134,50 @@ class Item_kits extends Secure_area implements iData_controller $success = $this->Item_kit_items->save($item_kit_items, $item_kit_id); } - echo json_encode(array('success'=>$success, - 'message'=>$this->lang->line('item_kits_successful_adding').' '.$item_kit_data['name'], - 'id'=>$item_kit_id)); + + $item_kit_data = $this->security->xss_clean($item_kit_data); + + echo json_encode(array('success' => $success, + 'message' => $this->lang->line('item_kits_successful_adding').' '.$item_kit_data['name'], 'id' => $item_kit_id)); } else//failure { - echo json_encode(array('success'=>false, - 'message'=>$this->lang->line('item_kits_error_adding_updating').' '.$item_kit_data['name'], - 'id'=>-1)); + $item_kit_data = $this->security->xss_clean($item_kit_data); + + echo json_encode(array('success' => FALSE, + 'message' => $this->lang->line('item_kits_error_adding_updating').' '.$item_kit_data['name'], 'id' => -1)); } } - function delete() + public function delete() { - $item_kits_to_delete = $this->input->post('ids'); + $item_kits_to_delete = $this->security->xss_clean($this->input->post('ids')); - if ($this->Item_kit->delete_list($item_kits_to_delete)) + if($this->Item_kit->delete_list($item_kits_to_delete)) { - echo json_encode(array('success'=>true, - 'message'=>$this->lang->line('item_kits_successful_deleted').' '.count($item_kits_to_delete).' '.$this->lang->line('item_kits_one_or_multiple'))); + echo json_encode(array('success' => TRUE, + 'message' => $this->lang->line('item_kits_successful_deleted').' '.count($item_kits_to_delete).' '.$this->lang->line('item_kits_one_or_multiple'))); } else { - echo json_encode(array('success'=>false, - 'message'=>$this->lang->line('item_kits_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE, + 'message' => $this->lang->line('item_kits_cannot_be_deleted'))); } } - function generate_barcodes($item_kit_ids) + public function generate_barcodes($item_kit_ids) { $this->load->library('barcode_lib'); $result = array(); $item_kit_ids = explode(':', $item_kit_ids); - foreach ($item_kit_ids as $item_kid_id) + foreach($item_kit_ids as $item_kid_id) { // calculate the total cost and retail price of the Kit so it can be added to the barcode text at the bottom - $item_kit = $this->add_totals_to_item_kit($this->Item_kit->get_info($item_kid_id)); + $item_kit = $this->_add_totals_to_item_kit($this->Item_kit->get_info($item_kid_id)); - $result[] = array('name'=>$item_kit->name, 'item_id'=>urldecode($item_kid_id), 'item_number'=>urldecode($item_kid_id), 'cost_price'=>$item_kit->total_cost_price, 'unit_price'=>$item_kit->total_unit_price); + $result[] = array('name' => $item_kit->name, 'item_id' => urldecode($item_kid_id), 'item_number' => urldecode($item_kid_id), + 'cost_price' => $item_kit->total_cost_price, 'unit_price' => $item_kit->total_unit_price); } $data['items'] = $result; @@ -158,7 +189,7 @@ class Item_kits extends Secure_area implements iData_controller $barcode_config['barcode_type'] = 'Code128'; } $data['barcode_config'] = $barcode_config; - + // display barcodes $this->load->view("barcodes/barcode_sheet", $data); } diff --git a/application/controllers/Person_controller.php b/application/controllers/Person_controller.php index e9660ab75..b922f8d74 100644 --- a/application/controllers/Person_controller.php +++ b/application/controllers/Person_controller.php @@ -1,8 +1,9 @@ Person->get_search_suggestions($this->input->post('q'),$this->input->post('limit')); - echo implode("\n",$suggestions); + $suggestions = $this->security->xss_clean($this->Person->get_search_suggestions($this->input->post('term'))); + + echo json_encode($suggestions); } /* Gets one row for a person manage table. This is called using AJAX to update one row. */ - function get_row($row_id) + public function get_row($row_id) { - $data_row=get_person_data_row($this->Person->get_info($row_id),$this); + $data_row = $this->security->xss_clean(get_person_data_row($this->Person->get_info($row_id), $this)); + echo json_encode($data_row); } } diff --git a/application/controllers/Suppliers.php b/application/controllers/Suppliers.php index 1417e7e21..53a9cfd95 100644 --- a/application/controllers/Suppliers.php +++ b/application/controllers/Suppliers.php @@ -1,5 +1,6 @@ get_controller_name(); $data['table_headers'] = get_suppliers_manage_table_headers(); + $data = $this->security->xss_clean($data); + $this->load->view('people/manage', $data); } /* Returns Supplier table data rows. This will be called with AJAX. */ - function search() + public function search() { $search = $this->input->get('search'); - $limit = $this->input->get('limit'); + $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); - $order = $this->input->get('order'); + $sort = $this->input->get('sort'); + $order = $this->input->get('order'); $suppliers = $this->Supplier->search($search, $limit, $offset, $sort, $order); $total_rows = $this->Supplier->get_found_rows($search); + $data_rows = array(); foreach($suppliers->result() as $supplier) { $data_rows[] = get_supplier_data_row($supplier, $this); } + + $data_rows = $this->security->xss_clean($data_rows); + echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } /* Gives search suggestions based on what is being searched for */ - function suggest() + public function suggest() { - $suggestions = $this->Supplier->get_search_suggestions($this->input->get('term'), TRUE); + $suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->get('term'), TRUE)); + echo json_encode($suggestions); } - function suggest_search() + public function suggest_search() { - $suggestions = $this->Supplier->get_search_suggestions($this->input->post('term'), FALSE); + $suggestions = $this->security->xss_clean($this->Supplier->get_search_suggestions($this->input->post('term'), FALSE)); + echo json_encode($suggestions); } /* Loads the supplier edit form */ - function view($supplier_id=-1) + public function view($supplier_id = -1) { - $data['person_info']=$this->Supplier->get_info($supplier_id); - $this->load->view("suppliers/form",$data); + $info = $this->Supplier->get_info($supplier_id); + foreach(get_object_vars($info) as $property => $value) + { + $info->$property = $this->security->xss_clean($value); + } + $data['person_info'] = $info; + + $this->load->view("suppliers/form", $data); } /* Inserts/updates a supplier */ - function save($supplier_id=-1) + public function save($supplier_id = -1) { $person_data = array( - 'first_name'=>$this->input->post('first_name'), - 'last_name'=>$this->input->post('last_name'), - 'gender'=>$this->input->post('gender'), - 'email'=>$this->input->post('email'), - 'phone_number'=>$this->input->post('phone_number'), - 'address_1'=>$this->input->post('address_1'), - 'address_2'=>$this->input->post('address_2'), - 'city'=>$this->input->post('city'), - 'state'=>$this->input->post('state'), - 'zip'=>$this->input->post('zip'), - 'country'=>$this->input->post('country'), - 'comments'=>$this->input->post('comments') + 'first_name' => $this->input->post('first_name'), + 'last_name' => $this->input->post('last_name'), + 'gender' => $this->input->post('gender'), + 'email' => $this->input->post('email'), + 'phone_number' => $this->input->post('phone_number'), + 'address_1' => $this->input->post('address_1'), + 'address_2' => $this->input->post('address_2'), + 'city' => $this->input->post('city'), + 'state' => $this->input->post('state'), + 'zip' => $this->input->post('zip'), + 'country' => $this->input->post('country'), + 'comments' => $this->input->post('comments') ); - $supplier_data=array( - 'company_name'=>$this->input->post('company_name'), - 'agency_name'=>$this->input->post('agency_name'), - 'account_number'=>$this->input->post('account_number') == '' ? null : $this->input->post('account_number') + $supplier_data = array( + 'company_name' => $this->input->post('company_name'), + 'agency_name' => $this->input->post('agency_name'), + 'account_number' => $this->input->post('account_number') == '' ? NULL : $this->input->post('account_number') ); - if($this->Supplier->save_supplier($person_data,$supplier_data,$supplier_id)) + + if($this->Supplier->save_supplier($person_data, $supplier_data, $supplier_id)) { + $supplier_data = $this->security->xss_clean($supplier_data); + //New supplier - if($supplier_id==-1) + if($supplier_id == -1) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('suppliers_successful_adding').' '. - $supplier_data['company_name'],'id'=>$supplier_data['person_id'])); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('suppliers_successful_adding').' '. + $supplier_data['company_name'], 'id' => $supplier_data['person_id'])); } - else //previous supplier + else //Existing supplier { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('suppliers_successful_updating').' '. - $supplier_data['company_name'],'id'=>$supplier_id)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('suppliers_successful_updating').' '. + $supplier_data['company_name'], 'id' => $supplier_id)); } } else//failure - { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('suppliers_error_adding_updating').' '. - $supplier_data['company_name'],'id'=>-1)); + { + $supplier_data = $this->security->xss_clean($supplier_data); + + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('suppliers_error_adding_updating').' '. + $supplier_data['company_name'], 'id' => -1)); } } /* This deletes suppliers from the suppliers table */ - function delete() + public function delete() { - $suppliers_to_delete=$this->input->post('ids'); - + $suppliers_to_delete = $this->security->xss_clean($this->input->post('ids')); + if($this->Supplier->delete_list($suppliers_to_delete)) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('suppliers_successful_deleted').' '. - count($suppliers_to_delete).' '.$this->lang->line('suppliers_one_or_multiple'))); + echo json_encode(array('success' => TRUE,'message' => $this->lang->line('suppliers_successful_deleted').' '. + count($suppliers_to_delete).' '.$this->lang->line('suppliers_one_or_multiple'))); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('suppliers_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE,'message' => $this->lang->line('suppliers_cannot_be_deleted'))); } } diff --git a/application/views/employees/form.php b/application/views/employees/form.php index e1aba9ebc..f0ebfae65 100644 --- a/application/views/employees/form.php +++ b/application/views/employees/form.php @@ -77,34 +77,33 @@ + diff --git a/application/views/item_kits/form.php b/application/views/item_kits/form.php index 766d23844..d2bd5a924 100644 --- a/application/views/item_kits/form.php +++ b/application/views/item_kits/form.php @@ -49,13 +49,12 @@ Item_kit_items->get_info($item_kit_info->item_kit_id) as $item_kit_item) + foreach($item_kit_items as $item_kit_item) { ?> - Item->get_info($item_kit_item['item_id']); ?> - name; ?> + ' name=item_kit_item[] value=''/>