From e327bb3780a79a9092737ba8eb41312d98c09fbf Mon Sep 17 00:00:00 2001 From: objecttothis Date: Tue, 19 Mar 2024 21:39:42 +0400 Subject: [PATCH] Suppliers Fixes - Added html_entity_decode() to outputs which had been html encoded - Added escaping of direct data from the database. --- app/Controllers/Suppliers.php | 2 +- app/Helpers/tabular_helper.php | 2 +- app/Views/people/form_basic_info.php | 20 ++++++++++---------- app/Views/suppliers/form.php | 16 ++++++++-------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/app/Controllers/Suppliers.php b/app/Controllers/Suppliers.php index c1093c5b7..04e86976b 100644 --- a/app/Controllers/Suppliers.php +++ b/app/Controllers/Suppliers.php @@ -123,7 +123,7 @@ class Suppliers extends Persons $person_data = [ 'first_name' => $first_name, 'last_name' => $last_name, - 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'gender' => $this->request->getPost('gender'), 'email' => $email, 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), diff --git a/app/Helpers/tabular_helper.php b/app/Helpers/tabular_helper.php index 4cdb385a2..a618ceabe 100644 --- a/app/Helpers/tabular_helper.php +++ b/app/Helpers/tabular_helper.php @@ -344,7 +344,7 @@ function get_supplier_data_row(object $supplier): array return [ 'people.person_id' => $supplier->person_id, - 'company_name' => $supplier->company_name, + 'company_name' => html_entity_decode($supplier->company_name), 'agency_name' => $supplier->agency_name, 'category' => $supplier->category, 'last_name' => $supplier->last_name, diff --git a/app/Views/people/form_basic_info.php b/app/Views/people/form_basic_info.php index eeefc123f..e258e83d8 100644 --- a/app/Views/people/form_basic_info.php +++ b/app/Views/people/form_basic_info.php @@ -11,7 +11,7 @@ 'name' => 'first_name', 'id' => 'first_name', 'class' => 'form-control input-sm', - 'value' => $person_info->first_name + 'value' => esc(html_entity_decode($person_info->first_name)) ]) ?> @@ -23,7 +23,7 @@ 'name' => 'last_name', 'id' => 'last_name', 'class' => 'form-control input-sm', - 'value' => $person_info->last_name + 'value' => esc(html_entity_decode($person_info->last_name)) ]) ?> @@ -77,7 +77,7 @@ 'name' => 'phone_number', 'id' => 'phone_number', 'class' => 'form-control input-sm', - 'value' => $person_info->phone_number + 'value' => esc(html_entity_decode($person_info->phone_number)) ]) ?> @@ -90,7 +90,7 @@ 'name' => 'address_1', 'id' => 'address_1', 'class' => 'form-control input-sm', - 'value' => $person_info->address_1 + 'value' => esc(html_entity_decode($person_info->address_1)) ]) ?> @@ -102,7 +102,7 @@ 'name' => 'address_2', 'id' => 'address_2', 'class' => 'form-control input-sm', - 'value' => $person_info->address_2 + 'value' => esc(html_entity_decode($person_info->address_2)) ]) ?> @@ -114,7 +114,7 @@ 'name' => 'city', 'id' => 'city', 'class' => 'form-control input-sm', - 'value' => $person_info->city + 'value' => esc(html_entity_decode($person_info->city)) ]) ?> @@ -126,7 +126,7 @@ 'name' => 'state', 'id' => 'state', 'class' => 'form-control input-sm', - 'value' => $person_info->state + 'value' => esc(html_entity_decode($person_info->state)) ]) ?> @@ -138,7 +138,7 @@ 'name' => 'zip', 'id' => 'postcode', 'class' => 'form-control input-sm', - 'value' => $person_info->zip + 'value' => esc(html_entity_decode($person_info->zip)) ]) ?> @@ -150,7 +150,7 @@ 'name' => 'country', 'id' => 'country', 'class' => 'form-control input-sm', - 'value' => $person_info->country + 'value' => esc(html_entity_decode($person_info->country)) ]) ?> @@ -162,7 +162,7 @@ 'name' => 'comments', 'id' => 'comments', 'class' => 'form-control input-sm', - 'value' => $person_info->comments + 'value' => esc(html_entity_decode($person_info->comments)) ]) ?> diff --git a/app/Views/suppliers/form.php b/app/Views/suppliers/form.php index f0bf7d2ee..cf674cd77 100644 --- a/app/Views/suppliers/form.php +++ b/app/Views/suppliers/form.php @@ -18,7 +18,7 @@ 'name' => 'company_name', 'id' => 'company_name_input', 'class' => 'form-control input-sm', - 'value' => esc($person_info->company_name) + 'value' => html_entity_decode($person_info->company_name) ]) ?> @@ -31,14 +31,14 @@ -
+
'control-label col-xs-3']) ?>
'agency_name', 'id' => 'agency_name_input', 'class' => 'form-control input-sm', - 'value' => esc($person_info->agency_name) + 'value' => esc(html_entity_decode($person_info->agency_name)) ]) ?>
@@ -46,14 +46,14 @@ -
+
'control-label col-xs-3']) ?>
'account_number', 'id' => 'account_number', 'class' => 'form-control input-sm', - 'value' => esc($person_info->account_number) + 'value' => esc(html_entity_decode($person_info->account_number)) ]) ?>
@@ -66,7 +66,7 @@ 'name' => 'tax_id', 'id' => 'tax_id', 'class' => 'form-control input-sm', - 'value' => esc($person_info->tax_id) + 'value' => esc(html_entity_decode($person_info->tax_id)) ]) ?>
@@ -91,7 +91,7 @@ $(document).ready(function() }, errorLabelContainer: '#error_message_box', - + rules: { company_name: 'required', @@ -100,7 +100,7 @@ $(document).ready(function() email: 'email' }, - messages: + messages: { company_name: "", first_name: "",