mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-27 11:25:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix review comments: remove redundant loop and add XSS escaping

Browse Source 
- Remove redundant property assignment loop in Expenses.php
- Add esc() to employee name values to prevent XSS vulnerabilities
This commit is contained in:
Ollama
2026-03-17 07:46:51 +00:00
committed by jekkos
parent 24b2825b31
commit dc1e448bc3
3 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controllers/Expenses.php
View File

@@ -102,10 +102,6 @@ class Expenses extends Secure_Controller
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
foreach (get_object_vars($employee) as $property => $value) {
$employee->$property = $value;
}
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {