Suppliers Fixes

- Added html_entity_decode() to outputs which had been html encoded - Added escaping of direct data from the database.
2026-04-16 12:57:32 -04:00 · 2024-03-19 21:39:42 +04:00
parent b42d43d71d
commit e327bb3780
4 changed files with 20 additions and 20 deletions
--- a/app/Controllers/Suppliers.php
+++ b/app/Controllers/Suppliers.php
@@ -123,7 +123,7 @@ class Suppliers extends Persons
 		$person_data = [
 			'first_name' => $first_name,
 			'last_name' => $last_name,
-			'gender' => $this->request->getPost('gender', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+			'gender' => $this->request->getPost('gender'),
 			'email' => $email,
 			'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
 			'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
--- a/app/Helpers/tabular_helper.php
+++ b/app/Helpers/tabular_helper.php
@@ -344,7 +344,7 @@ function get_supplier_data_row(object $supplier): array

 	return [
 		'people.person_id' => $supplier->person_id,
-		'company_name' => $supplier->company_name,
+		'company_name' => html_entity_decode($supplier->company_name),
 		'agency_name' => $supplier->agency_name,
 		'category' => $supplier->category,
 		'last_name' => $supplier->last_name,
--- a/app/Views/people/form_basic_info.php
+++ b/app/Views/people/form_basic_info.php
@@ -11,7 +11,7 @@
 			'name' => 'first_name',
 			'id' => 'first_name',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->first_name
+			'value' => esc(html_entity_decode($person_info->first_name))
 		]) ?>
 	</div>
 </div>
@@ -23,7 +23,7 @@
 			'name' => 'last_name',
 			'id' => 'last_name',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->last_name
+			'value' => esc(html_entity_decode($person_info->last_name))
 		]) ?>
 	</div>
 </div>
@@ -77,7 +77,7 @@
 				'name' => 'phone_number',
 				'id' => 'phone_number',
 				'class' => 'form-control input-sm',
-				'value' => $person_info->phone_number
+				'value' => esc(html_entity_decode($person_info->phone_number))
 			]) ?>
 		</div>
 	</div>
@@ -90,7 +90,7 @@
 			'name' => 'address_1',
 			'id' => 'address_1',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->address_1
+			'value' => esc(html_entity_decode($person_info->address_1))
 		]) ?>
 	</div>
 </div>
@@ -102,7 +102,7 @@
 			'name' => 'address_2',
 			'id' => 'address_2',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->address_2
+			'value' => esc(html_entity_decode($person_info->address_2))
 		]) ?>
 	</div>
 </div>
@@ -114,7 +114,7 @@
 			'name' => 'city',
 			'id' => 'city',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->city
+			'value' => esc(html_entity_decode($person_info->city))
 		]) ?>
 	</div>
 </div>
@@ -126,7 +126,7 @@
 			'name' => 'state',
 			'id' => 'state',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->state
+			'value' => esc(html_entity_decode($person_info->state))
 		]) ?>
 	</div>
 </div>
@@ -138,7 +138,7 @@
 			'name' => 'zip',
 			'id' => 'postcode',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->zip
+			'value' => esc(html_entity_decode($person_info->zip))
 		]) ?>
 	</div>
 </div>
@@ -150,7 +150,7 @@
 			'name' => 'country',
 			'id' => 'country',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->country
+			'value' => esc(html_entity_decode($person_info->country))
 		]) ?>
 	</div>
 </div>
@@ -162,7 +162,7 @@
 			'name' => 'comments',
 			'id' => 'comments',
 			'class' => 'form-control input-sm',
-			'value' => $person_info->comments
+			'value' => esc(html_entity_decode($person_info->comments))
 		]) ?>
 	</div>
 </div>
--- a/app/Views/suppliers/form.php
+++ b/app/Views/suppliers/form.php
@@ -18,7 +18,7 @@
 					'name' => 'company_name',
 					'id' => 'company_name_input',
 					'class' => 'form-control input-sm',
-					'value' => esc($person_info->company_name)
+					'value' => html_entity_decode($person_info->company_name)
 					])
 				?>
 			</div>
@@ -31,14 +31,14 @@
 			</div>
 		</div>

-		<div class="form-group form-group-sm">	
+		<div class="form-group form-group-sm">
 			<?= form_label(lang('Suppliers.agency_name'), 'agency_name', ['class' => 'control-label col-xs-3']) ?>
 			<div class='col-xs-8'>
 				<?= form_input ([
 					'name' => 'agency_name',
 					'id' => 'agency_name_input',
 					'class' => 'form-control input-sm',
-					'value' => esc($person_info->agency_name)
+					'value' => esc(html_entity_decode($person_info->agency_name))
 					])
 				?>
 			</div>
@@ -46,14 +46,14 @@

 		<?= view('people/form_basic_info') ?>

-		<div class="form-group form-group-sm">	
+		<div class="form-group form-group-sm">
 			<?= form_label(lang('Suppliers.account_number'), 'account_number', ['class' => 'control-label col-xs-3']) ?>
 			<div class='col-xs-8'>
 				<?= form_input ([
 					'name' => 'account_number',
 					'id' => 'account_number',
 					'class' => 'form-control input-sm',
-					'value' => esc($person_info->account_number)
+					'value' => esc(html_entity_decode($person_info->account_number))
 					])
 				?>
 			</div>
@@ -66,7 +66,7 @@
 						'name' => 'tax_id',
 						'id' => 'tax_id',
 						'class' => 'form-control input-sm',
-						'value' => esc($person_info->tax_id)
+						'value' => esc(html_entity_decode($person_info->tax_id))
 					])
 				?>
 			</div>
@@ -91,7 +91,7 @@ $(document).ready(function()
 		},

 		errorLabelContainer: '#error_message_box',
- 
+
 		rules:
 		{
 			company_name: 'required',
@@ -100,7 +100,7 @@ $(document).ready(function()
 			email: 'email'
   		},

-		messages: 
+		messages:
 		{
 			company_name: "<?= lang('Suppliers.company_name_required') ?>",
 			first_name: "<?= lang('Common.first_name_required') ?>",