XSS mitigation features (#4041)

* Remove HtmlPurifier calls

- All calls to Services::htmlPurifier()->purify() removed from data received from view.
- Bootstrap and bootswatch bump in package-lock.json

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Pre-view filtering Customers Controller

- Refactored code for clarity
- Replaced == with === operator to prevent type juggling
- Added Sanitization of Customer data before being sent to the view

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Bump bootstrap-table to 1.23.1

- Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers
- Sanitize attribute data in tables
- Sanitize item data with controller function.

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Sanitize Item data

- Sanitize category and item_number before display in forms.
- refactor check in pic_filename for empty to be best practices compliant.
- Added TODO

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Minor changes

- Refactored for code clarity.
- Removed extra blank lines.
- Minor reformatting.
- Added PHPdocs
- bumped bootstrap-table to 1.23.2

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Pre-view filtering Items Controller

- Refactored code for clarity
- Created and called sanitization functions.
- Sanitize TEXT type Attributes before being sent to the view.

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Sanitize Item data

- Sanitize category and item_number before display in forms.
- refactor check in pic_filename for empty to be best practices compliant.
- Added TODO

Signed-off-by: objecttothis <objecttothis@gmail.com>

---------

Signed-off-by: objecttothis <objecttothis@gmail.com>
Co-authored-by: objecttothis <objecttothis@gmail.com>

app/Controllers/Receivings.php

@@ -61,7 +61,7 @@ class Receivings extends Secure_Controller
 	 */
 	public function getItemSearch(): void
 	{
-		$search = Services::htmlPurifier()->purify($this->request->getGet('term'));
+		$search = $this->request->getGet('term');
 		$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
 		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
 
@@ -76,7 +76,7 @@ class Receivings extends Secure_Controller
 	 */
 	public function getStockItemSearch(): void
 	{
-		$search = Services::htmlPurifier()->purify($this->request->getGet('term'));
+		$search = $this->request->getGet('term');
 		$suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
 		$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));