From b3b8e7ec1d01413212ca2da508f91e24e6eb7b83 Mon Sep 17 00:00:00 2001 From: objecttothis Date: Tue, 21 May 2024 12:15:01 +0400 Subject: [PATCH] HTMLPurifier filtering on searches - Formatting - Added calls to HTMLPurifier - Added filtering - Refactored out variable for clarity Signed-off-by: objecttothis --- app/Controllers/Attributes.php | 3 ++- app/Controllers/Cashups.php | 11 ++++++----- app/Controllers/Customers.php | 6 ++++-- app/Controllers/Employees.php | 9 ++++++--- app/Controllers/Expenses.php | 3 ++- app/Controllers/Expenses_categories.php | 3 ++- app/Controllers/Giftcards.php | 9 ++++++--- app/Controllers/Item_kits.php | 6 ++++-- app/Controllers/Items.php | 16 +++++++++------- app/Controllers/Persons.php | 4 +++- app/Controllers/Receivings.php | 11 +++++++---- app/Controllers/Sales.php | 10 +++++++--- app/Controllers/Suppliers.php | 9 ++++++--- app/Controllers/Tax_categories.php | 3 ++- app/Controllers/Tax_codes.php | 3 ++- app/Controllers/Tax_jurisdictions.php | 3 ++- app/Controllers/Taxes.php | 12 ++++++++---- 17 files changed, 78 insertions(+), 43 deletions(-) diff --git a/app/Controllers/Attributes.php b/app/Controllers/Attributes.php index ea73ae96c..07dad9d4d 100644 --- a/app/Controllers/Attributes.php +++ b/app/Controllers/Attributes.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Attribute; +use Config\Services; require_once('Secure_Controller.php'); @@ -37,7 +38,7 @@ class Attributes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Cashups.php b/app/Controllers/Cashups.php index 35f17aa4e..7dc3a3d44 100644 --- a/app/Controllers/Cashups.php +++ b/app/Controllers/Cashups.php @@ -6,13 +6,14 @@ use App\Models\Cashup; use App\Models\Expense; use App\Models\Reports\Summary_payments; use Config\OSPOS; +use Config\Services; class Cashups extends Secure_Controller { - private Cashup $cashup; - private Expense $expense; - private Summary_payments $summary_payments; - private array $config; + private Cashup $cashup; + private Expense $expense; + private Summary_payments $summary_payments; + private array $config; public function __construct() { @@ -42,7 +43,7 @@ class Cashups extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Customers.php b/app/Controllers/Customers.php index 54a1ac51b..d1806308b 100644 --- a/app/Controllers/Customers.php +++ b/app/Controllers/Customers.php @@ -125,7 +125,8 @@ class Customers extends Persons */ public function getSuggest(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getGet('term'), 25,true); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->customer->get_search_suggestions($search); echo json_encode($suggestions); } @@ -135,7 +136,8 @@ class Customers extends Persons */ public function suggest_search(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getPost('term'), 25, false); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->customer->get_search_suggestions($search, 25, false); echo json_encode($suggestions); } diff --git a/app/Controllers/Employees.php b/app/Controllers/Employees.php index 656d25cba..ca61b62e5 100644 --- a/app/Controllers/Employees.php +++ b/app/Controllers/Employees.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Module; +use Config\Services; /** * @@ -26,7 +27,7 @@ class Employees extends Persons */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); @@ -51,7 +52,8 @@ class Employees extends Persons */ public function getSuggest(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, true); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->employee->get_search_suggestions($search, 25, true); echo json_encode($suggestions); } @@ -61,7 +63,8 @@ class Employees extends Persons */ public function suggest_search(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->employee->get_search_suggestions($search); echo json_encode($suggestions); } diff --git a/app/Controllers/Expenses.php b/app/Controllers/Expenses.php index 89b7fb533..6923328d1 100644 --- a/app/Controllers/Expenses.php +++ b/app/Controllers/Expenses.php @@ -5,6 +5,7 @@ namespace App\Controllers; use App\Models\Expense; use App\Models\Expense_category; use Config\OSPOS; +use Config\Services; class Expenses extends Secure_Controller { @@ -44,7 +45,7 @@ class Expenses extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Expenses_categories.php b/app/Controllers/Expenses_categories.php index 96cb85762..0f451047b 100644 --- a/app/Controllers/Expenses_categories.php +++ b/app/Controllers/Expenses_categories.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Expense_category; +use Config\Services; class Expenses_categories extends Secure_Controller //TODO: Is this class ever used? { @@ -30,7 +31,7 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u **/ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Giftcards.php b/app/Controllers/Giftcards.php index ea33deabf..ab3176d70 100644 --- a/app/Controllers/Giftcards.php +++ b/app/Controllers/Giftcards.php @@ -4,6 +4,7 @@ namespace App\Controllers; use App\Models\Giftcard; use Config\OSPOS; +use Config\Services; class Giftcards extends Secure_Controller { @@ -31,7 +32,7 @@ class Giftcards extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); @@ -54,7 +55,8 @@ class Giftcards extends Secure_Controller */ public function getSuggest(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->giftcard->get_search_suggestions($search, true); echo json_encode($suggestions); } @@ -64,7 +66,8 @@ class Giftcards extends Secure_Controller */ public function suggest_search(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->giftcard->get_search_suggestions($search); echo json_encode($suggestions); } diff --git a/app/Controllers/Item_kits.php b/app/Controllers/Item_kits.php index 17b259816..790f557c1 100644 --- a/app/Controllers/Item_kits.php +++ b/app/Controllers/Item_kits.php @@ -7,6 +7,7 @@ use App\Libraries\Barcode_lib; use App\Models\Item; use App\Models\Item_kit; use App\Models\Item_kit_items; +use Config\Services; class Item_kits extends Secure_Controller { @@ -75,7 +76,7 @@ class Item_kits extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? ''; + $search = Services::htmlPurifier()->purify($this->request->getGet('search')) ?? ''; $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); @@ -100,7 +101,8 @@ class Item_kits extends Secure_Controller */ public function suggest_search(): void { - $suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->item_kit->get_search_suggestions($search); echo json_encode($suggestions); } diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index 6e6360ffd..943097f76 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -94,11 +94,11 @@ class Items extends Secure_Controller **/ public function getSearch(): void { - $search = $this->request->getGet('search'); - $limit = $this->request->getGet('limit'); - $offset = $this->request->getGet('offset'); - $sort = $this->request->getGet('sort'); - $order = $this->request->getGet('order'); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); + $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); + $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); + $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item_lib->set_item_location($this->request->getGet('stock_location')); @@ -182,7 +182,8 @@ class Items extends Secure_Controller 'is_deleted' => $this->request->getPost('is_deleted') !== null ]; - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), $options); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->item->get_search_suggestions($search, $options); echo json_encode($suggestions); } @@ -194,7 +195,8 @@ class Items extends Secure_Controller */ public function getSuggest(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getGet('term'), ['search_custom' => false, 'is_deleted' => false], true); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true); echo json_encode($suggestions); } diff --git a/app/Controllers/Persons.php b/app/Controllers/Persons.php index 15f3d2cc8..f0fb365ad 100644 --- a/app/Controllers/Persons.php +++ b/app/Controllers/Persons.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Person; +use Config\Services; use function Tamtamchik\NameCase\str_name_case; abstract class Persons extends Secure_Controller @@ -34,7 +35,8 @@ abstract class Persons extends Secure_Controller */ public function getSuggest(): void { - $suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->person->get_search_suggestions($search); echo json_encode($suggestions); } diff --git a/app/Controllers/Receivings.php b/app/Controllers/Receivings.php index b32fad58d..d51fcd89b 100644 --- a/app/Controllers/Receivings.php +++ b/app/Controllers/Receivings.php @@ -12,6 +12,7 @@ use App\Models\Receiving; use App\Models\Stock_location; use App\Models\Supplier; use Config\OSPOS; +use Config\Services; use ReflectionException; class Receivings extends Secure_Controller @@ -58,8 +59,9 @@ class Receivings extends Secure_Controller */ public function getItemSearch(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => false, 'is_deleted' => false], true); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); + $search = Services::htmlPurifier()->purify($this->request->getGet('term')); + $suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search)); echo json_encode($suggestions); } @@ -70,8 +72,9 @@ class Receivings extends Secure_Controller */ public function getStockItemSearch(): void { - $suggestions = $this->item->get_stock_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => false, 'is_deleted' => false], true); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); + $search = Services::htmlPurifier()->purify($this->request->getGet('term')); + $suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search)); echo json_encode($suggestions); } diff --git a/app/Controllers/Sales.php b/app/Controllers/Sales.php index b241b38eb..264c3f107 100644 --- a/app/Controllers/Sales.php +++ b/app/Controllers/Sales.php @@ -20,7 +20,7 @@ use App\Models\Stock_location; use App\Models\Tokens\Token_invoice_count; use App\Models\Tokens\Token_customer; use App\Models\Tokens\Token_invoice_sequence; -use CodeIgniter\Config\Services; +use Config\Services; use Config\OSPOS; use ReflectionException; use stdClass; @@ -166,7 +166,9 @@ class Sales extends Secure_Controller public function getItemSearch(): void { $suggestions = []; - $receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null; + $receipt = $search = $this->request->getGet('term') != '' + ? Services::htmlPurifier()->purify($this->request->getGet('term')) + : null; if($this->sale_lib->get_mode() == 'return' && $this->sale->is_valid_receipt($receipt)) { @@ -184,7 +186,9 @@ class Sales extends Secure_Controller */ public function suggest_search(): void { - $search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null; + $search = $this->request->getPost('term') != '' + ? Services::htmlPurifier()->purify($this->request->getPost('term')) + : null; $suggestions = $this->sale->get_search_suggestions($search); diff --git a/app/Controllers/Suppliers.php b/app/Controllers/Suppliers.php index 82c6ac9fa..d436b5c17 100644 --- a/app/Controllers/Suppliers.php +++ b/app/Controllers/Suppliers.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Supplier; +use Config\Services; class Suppliers extends Persons { @@ -44,7 +45,7 @@ class Suppliers extends Persons **/ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); @@ -70,7 +71,8 @@ class Suppliers extends Persons **/ public function getSuggest(): void { - $suggestions = $this->supplier->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true); + $search = Services::htmlPurifier()->purify($this->request->getGet('term')); + $suggestions = $this->supplier->get_search_suggestions($search, true); echo json_encode($suggestions); } @@ -80,7 +82,8 @@ class Suppliers extends Persons */ public function suggest_search(): void { - $suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), false); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->supplier->get_search_suggestions($search, false); echo json_encode($suggestions); } diff --git a/app/Controllers/Tax_categories.php b/app/Controllers/Tax_categories.php index f8608fc26..5b417369b 100644 --- a/app/Controllers/Tax_categories.php +++ b/app/Controllers/Tax_categories.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Tax_category; +use Config\Services; /** * @property tax_category tax_category @@ -35,7 +36,7 @@ class Tax_categories extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Tax_codes.php b/app/Controllers/Tax_codes.php index fd7f868d7..24e48ee23 100644 --- a/app/Controllers/Tax_codes.php +++ b/app/Controllers/Tax_codes.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Tax_code; +use Config\Services; /** * @property tax_code tax_code @@ -45,7 +46,7 @@ class Tax_codes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Tax_jurisdictions.php b/app/Controllers/Tax_jurisdictions.php index 0c1c77fdb..f094b833b 100644 --- a/app/Controllers/Tax_jurisdictions.php +++ b/app/Controllers/Tax_jurisdictions.php @@ -3,6 +3,7 @@ namespace App\Controllers; use App\Models\Tax_jurisdiction; +use Config\Services; /** * @property tax_jurisdiction tax_jurisdiction @@ -38,7 +39,7 @@ class Tax_jurisdictions extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); diff --git a/app/Controllers/Taxes.php b/app/Controllers/Taxes.php index cd706e66f..1ae256fb3 100644 --- a/app/Controllers/Taxes.php +++ b/app/Controllers/Taxes.php @@ -9,6 +9,7 @@ use App\Models\Tax_category; use App\Models\Tax_code; use App\Models\Tax_jurisdiction; use Config\OSPOS; +use Config\Services; class Taxes extends Secure_Controller { @@ -82,7 +83,7 @@ class Taxes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $search = Services::htmlPurifier()->purify($this->request->getGet('search')); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); @@ -106,7 +107,8 @@ class Taxes extends Secure_Controller */ public function suggest_search(): void { - $suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: There is no get_search_suggestions function in the tax model + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->tax->get_search_suggestions($search); //TODO: There is no get_search_suggestions function in the tax model echo json_encode($suggestions); } @@ -118,7 +120,8 @@ class Taxes extends Secure_Controller */ public function suggest_tax_categories(): void { - $suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPost('term')); + $suggestions = $this->tax_category->get_tax_category_suggestions($search); echo json_encode($suggestions); } @@ -456,7 +459,8 @@ class Taxes extends Secure_Controller */ public function getSuggestTaxCodes(): void { - $suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); + $search = Services::htmlPurifier()->purify($this->request->getPostGet('term')); + $suggestions = $this->tax_code->get_tax_codes_search_suggestions($search); echo json_encode($suggestions); }