HTMLPurifier filtering on searches

- Formatting
- Added calls to HTMLPurifier
- Added filtering
- Refactored out variable for clarity

Signed-off-by: objecttothis <objecttothis@gmail.com>

app/Controllers/Attributes.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Attribute;
+use Config\Services;
 
 require_once('Secure_Controller.php');
 
@@ -37,7 +38,7 @@ class Attributes extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Cashups.php

@@ -6,13 +6,14 @@ use App\Models\Cashup;
 use App\Models\Expense;
 use App\Models\Reports\Summary_payments;
 use Config\OSPOS;
+use Config\Services;
 
 class Cashups extends Secure_Controller
 {
-	 private Cashup $cashup;
-	 private Expense $expense;
-	 private Summary_payments $summary_payments;
-	 private array $config;
+	private Cashup $cashup;
+	private Expense $expense;
+	private Summary_payments $summary_payments;
+	private array $config;
 
 	public function __construct()
 	{
@@ -42,7 +43,7 @@ class Cashups extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Customers.php

@@ -125,7 +125,8 @@ class Customers extends Persons
 	 */
 	public function getSuggest(): void
 	{
-		$suggestions = $this->customer->get_search_suggestions($this->request->getGet('term'), 25,true);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->customer->get_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}
@@ -135,7 +136,8 @@ class Customers extends Persons
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->customer->get_search_suggestions($this->request->getPost('term'), 25, false);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->customer->get_search_suggestions($search, 25, false);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Employees.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Module;
+use Config\Services;
 
 /**
  *
@@ -26,7 +27,7 @@ class Employees extends Persons
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -51,7 +52,8 @@ class Employees extends Persons
 	 */
 	public function getSuggest(): void
 	{
-		$suggestions = $this->employee->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, true);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->employee->get_search_suggestions($search, 25, true);
 
 		echo json_encode($suggestions);
 	}
@@ -61,7 +63,8 @@ class Employees extends Persons
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->employee->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->employee->get_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Expenses.php

@@ -5,6 +5,7 @@ namespace App\Controllers;
 use App\Models\Expense;
 use App\Models\Expense_category;
 use Config\OSPOS;
+use Config\Services;
 
 class Expenses extends Secure_Controller
 {
@@ -44,7 +45,7 @@ class Expenses extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search   = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search   = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit    = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset   = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort     = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Expenses_categories.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Expense_category;
+use Config\Services;
 
 class Expenses_categories extends Secure_Controller	//TODO: Is this class ever used?
 {
@@ -30,7 +31,7 @@ class Expenses_categories extends Secure_Controller	//TODO: Is this class ever u
 	 **/
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Giftcards.php

@@ -4,6 +4,7 @@ namespace App\Controllers;
 
 use App\Models\Giftcard;
 use Config\OSPOS;
+use Config\Services;
 
 class Giftcards extends Secure_Controller
 {
@@ -31,7 +32,7 @@ class Giftcards extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -54,7 +55,8 @@ class Giftcards extends Secure_Controller
 	 */
 	public function getSuggest(): void
 	{
-		$suggestions = $this->giftcard->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->giftcard->get_search_suggestions($search, true);
 
 		echo json_encode($suggestions);
 	}
@@ -64,7 +66,8 @@ class Giftcards extends Secure_Controller
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->giftcard->get_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Item_kits.php

@@ -7,6 +7,7 @@ use App\Libraries\Barcode_lib;
 use App\Models\Item;
 use App\Models\Item_kit;
 use App\Models\Item_kit_items;
+use Config\Services;
 
 class Item_kits extends Secure_Controller
 {
@@ -75,7 +76,7 @@ class Item_kits extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search')) ?? '';
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -100,7 +101,8 @@ class Item_kits extends Secure_Controller
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->item_kit->get_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Items.php

@@ -94,11 +94,11 @@ class Items extends Secure_Controller
 	 **/
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search');
-		$limit = $this->request->getGet('limit');
-		$offset = $this->request->getGet('offset');
-		$sort = $this->request->getGet('sort');
-		$order = $this->request->getGet('order');
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
+		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
 		$this->item_lib->set_item_location($this->request->getGet('stock_location'));
 
@@ -182,7 +182,8 @@ class Items extends Secure_Controller
 			'is_deleted' => $this->request->getPost('is_deleted') !== null
 		];
 
-		$suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), $options);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->item->get_search_suggestions($search, $options);
 
 		echo json_encode($suggestions);
 	}
@@ -194,7 +195,8 @@ class Items extends Secure_Controller
 	 */
 	public function getSuggest(): void
 	{
-		$suggestions = $this->item->get_search_suggestions($this->request->getGet('term'), ['search_custom' => false, 'is_deleted' => false], true);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Persons.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Person;
+use Config\Services;
 use function Tamtamchik\NameCase\str_name_case;
 
 abstract class Persons extends Secure_Controller
@@ -34,7 +35,8 @@ abstract class Persons extends Secure_Controller
 	 */
 	public function getSuggest(): void
 	{
-		$suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->person->get_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Receivings.php

@@ -12,6 +12,7 @@ use App\Models\Receiving;
 use App\Models\Stock_location;
 use App\Models\Supplier;
 use Config\OSPOS;
+use Config\Services;
 use ReflectionException;
 
 class Receivings extends Secure_Controller
@@ -58,8 +59,9 @@ class Receivings extends Secure_Controller
 	 */
 	public function getItemSearch(): void
 	{
-		$suggestions = $this->item->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => false, 'is_deleted' => false], true);
-		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)));
+		$search = Services::htmlPurifier()->purify($this->request->getGet('term'));
+		$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
+		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
 
 		echo json_encode($suggestions);
 	}
@@ -70,8 +72,9 @@ class Receivings extends Secure_Controller
 	 */
 	public function getStockItemSearch(): void
 	{
-		$suggestions = $this->item->get_stock_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => false, 'is_deleted' => false], true);
-		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)));
+		$search = Services::htmlPurifier()->purify($this->request->getGet('term'));
+		$suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
+		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Sales.php

@@ -20,7 +20,7 @@ use App\Models\Stock_location;
 use App\Models\Tokens\Token_invoice_count;
 use App\Models\Tokens\Token_customer;
 use App\Models\Tokens\Token_invoice_sequence;
-use CodeIgniter\Config\Services;
+use Config\Services;
 use Config\OSPOS;
 use ReflectionException;
 use stdClass;
@@ -166,7 +166,9 @@ class Sales extends Secure_Controller
 	public function getItemSearch(): void
 	{
 		$suggestions = [];
-		$receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null;
+		$receipt = $search = $this->request->getGet('term') != ''
+			? Services::htmlPurifier()->purify($this->request->getGet('term'))
+			: null;
 
 		if($this->sale_lib->get_mode() == 'return' && $this->sale->is_valid_receipt($receipt))
 		{
@@ -184,7 +186,9 @@ class Sales extends Secure_Controller
 	 */
 	public function suggest_search(): void
 	{
-		$search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null;
+		$search = $this->request->getPost('term') != ''
+			? Services::htmlPurifier()->purify($this->request->getPost('term'))
+			: null;
 
 		$suggestions = $this->sale->get_search_suggestions($search);
 

app/Controllers/Suppliers.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Supplier;
+use Config\Services;
 
 class Suppliers extends Persons
 {
@@ -44,7 +45,7 @@ class Suppliers extends Persons
 	 **/
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -70,7 +71,8 @@ class Suppliers extends Persons
 	 **/
 	public function getSuggest(): void
 	{
-		$suggestions = $this->supplier->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('term'));
+		$suggestions = $this->supplier->get_search_suggestions($search, true);
 
 		echo json_encode($suggestions);
 	}
@@ -80,7 +82,8 @@ class Suppliers extends Persons
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), false);
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->supplier->get_search_suggestions($search, false);
 
 		echo json_encode($suggestions);
 	}

app/Controllers/Tax_categories.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Tax_category;
+use Config\Services;
 
 /**
  * @property tax_category tax_category
@@ -35,7 +36,7 @@ class Tax_categories extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Tax_codes.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Tax_code;
+use Config\Services;
 
 /**
  * @property tax_code tax_code
@@ -45,7 +46,7 @@ class Tax_codes extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Tax_jurisdictions.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Tax_jurisdiction;
+use Config\Services;
 
 /**
  * @property tax_jurisdiction tax_jurisdiction
@@ -38,7 +39,7 @@ class Tax_jurisdictions extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

app/Controllers/Taxes.php

@@ -9,6 +9,7 @@ use App\Models\Tax_category;
 use App\Models\Tax_code;
 use App\Models\Tax_jurisdiction;
 use Config\OSPOS;
+use Config\Services;
 
 class Taxes extends Secure_Controller
 {
@@ -82,7 +83,7 @@ class Taxes extends Secure_Controller
 	 */
 	public function getSearch(): void
 	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+		$search = Services::htmlPurifier()->purify($this->request->getGet('search'));
 		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
 		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
 		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -106,7 +107,8 @@ class Taxes extends Secure_Controller
 	 */
 	public function suggest_search(): void
 	{
-		$suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));	//TODO: There is no get_search_suggestions function in the tax model
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->tax->get_search_suggestions($search);	//TODO: There is no get_search_suggestions function in the tax model
 
 		echo json_encode($suggestions);
 	}
@@ -118,7 +120,8 @@ class Taxes extends Secure_Controller
 	 */
 	public function suggest_tax_categories(): void
 	{
-		$suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPost('term'));
+		$suggestions = $this->tax_category->get_tax_category_suggestions($search);
 
 		echo json_encode($suggestions);
 	}
@@ -456,7 +459,8 @@ class Taxes extends Secure_Controller
 	 */
 	public function getSuggestTaxCodes(): void
 	{
-		$suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+		$search = Services::htmlPurifier()->purify($this->request->getPostGet('term'));
+		$suggestions = $this->tax_code->get_tax_codes_search_suggestions($search);
 
 		echo json_encode($suggestions);
 	}