diff --git a/app/Config/Constants.php b/app/Config/Constants.php index 48b873e15..3502cae6b 100644 --- a/app/Config/Constants.php +++ b/app/Config/Constants.php @@ -97,6 +97,8 @@ define('EVENT_PRIORITY_HIGH', 10); * Global Constants. */ const NEW_ENTRY = -1; +const ACTIVE = 0; +const DELETED = 1; /** * Attribute Related Constants. diff --git a/app/Controllers/Attributes.php b/app/Controllers/Attributes.php index 090d57970..277b9ac08 100644 --- a/app/Controllers/Attributes.php +++ b/app/Controllers/Attributes.php @@ -29,24 +29,24 @@ class Attributes extends Secure_Controller } /** - * Returns customer table data rows. This will be called with AJAX. + * Returns attribute table data rows. This will be called with AJAX. */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $attributes = $this->attribute->search($search, $limit, $offset, $sort, $order); $total_rows = $this->attribute->get_found_rows($search); $data_rows = []; - foreach($attributes->getResult() as $attribute) + foreach($attributes->getResult() as $attribute_row) { - $attribute->definition_flags = $this->get_attributes($attribute->definition_flags); - $data_rows[] = get_attribute_definition_data_row($attribute); + $attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags); + $data_rows[] = get_attribute_definition_data_row($attribute_row); } echo json_encode(['total' => $total_rows, 'rows' => $data_rows]); @@ -55,10 +55,10 @@ class Attributes extends Secure_Controller /** * @return void */ - public function postSave_attribute_value(): void + public function postSaveAttributeValue(): void { $success = $this->attribute->save_value( - $this->request->getPost('attribute_value', FILTER_SANITIZE_STRING), + html_entity_decode($this->request->getPost('attribute_value')), $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT), $this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) @@ -73,7 +73,7 @@ class Attributes extends Secure_Controller public function postDelete_attribute_value(): void { $success = $this->attribute->delete_value( - $this->request->getPost('attribute_value', FILTER_SANITIZE_STRING), + html_entity_decode($this->request->getPost('attribute_value')), $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT) ); @@ -84,11 +84,11 @@ class Attributes extends Secure_Controller * @param int $definition_id * @return void */ - public function postSave_definition(int $definition_id = NO_DEFINITION_ID): void + public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): void { $definition_flags = 0; - $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_STRING); + $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS); foreach($flags as $flag) { @@ -97,15 +97,15 @@ class Attributes extends Secure_Controller //Save definition data $definition_data = [ - 'definition_name' => $this->request->getPost('definition_name', FILTER_SANITIZE_STRING), - 'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit', FILTER_SANITIZE_STRING) : NULL, + 'definition_name' => $this->request->getPost('definition_name'), + 'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : NULL, 'definition_flags' => $definition_flags, - 'definition_fk' => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group', FILTER_SANITIZE_STRING) : NULL + 'definition_fk' => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : NULL ]; if ($this->request->getPost('definition_type') != NULL) { - $definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type', FILTER_SANITIZE_STRING)]; + $definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')]; } $definition_name = $definition_data['definition_name']; @@ -113,9 +113,9 @@ class Attributes extends Secure_Controller if($this->attribute->save_definition($definition_data, $definition_id)) { //New definition - if($definition_id == 0) + if($definition_id == NO_DEFINITION_ID) { - $definition_values = json_decode($this->request->getPost('definition_values', FILTER_SANITIZE_STRING)); + $definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values'))); foreach($definition_values as $definition_value) { @@ -153,9 +153,9 @@ class Attributes extends Secure_Controller * @param int $definition_id * @return void */ - public function suggest_attribute(int $definition_id): void + public function getSuggestAttribute(int $definition_id): void { - $suggestions = $this->attribute->get_suggestions($definition_id, $this->request->getVar('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getVar('term'))); echo json_encode($suggestions); } @@ -211,7 +211,7 @@ class Attributes extends Secure_Controller public function postDelete(): void { - $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->attribute->delete_definition_list($attributes_to_delete)) { diff --git a/app/Controllers/Cashups.php b/app/Controllers/Cashups.php index 665f42bc2..783b526b4 100644 --- a/app/Controllers/Cashups.php +++ b/app/Controllers/Cashups.php @@ -37,19 +37,19 @@ class Cashups extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), //TODO: Is this the best way to filter dates - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), //TODO: Is this the best way to filter dates + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'is_deleted' => FALSE ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using. + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: $filledup doesn't follow variable naming patterns we are using. $filters = array_merge($filters, $filledup); $cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->cashup->get_found_rows($search, $filters); @@ -107,10 +107,26 @@ class Cashups extends Secure_Controller // if it's date mode only and not date & time truncate the open and end date to date only if(empty($this->config['date_or_time_format'])) { + if($cash_ups_info->open_date != null) + { + $start_date = substr($cash_ups_info->open_date, 0, 10); + } + else + { + $start_date = null; + } + if($cash_ups_info->close_date != null) + { + $end_date = substr($cash_ups_info->close_date, 0, 10); + } + else + { + $end_date = null; + } // search for all the payments given the time range $inputs = [ - 'start_date' => substr($cash_ups_info->open_date, 0, 10), - 'end_date' => substr($cash_ups_info->close_date, 0, 10), + 'start_date' => $start_date, + 'end_date' => $end_date, 'sale_type' => 'complete', 'location_id' => 'all' ]; @@ -188,10 +204,10 @@ class Cashups extends Secure_Controller public function postSave(int $cashup_id = NEW_ENTRY): void { - $open_date = $this->request->getPost('open_date', FILTER_SANITIZE_STRING); + $open_date = $this->request->getPost('open_date'); $open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date); - $close_date = $this->request->getPost('close_date', FILTER_SANITIZE_NUMBER_INT); + $close_date = $this->request->getPost('close_date'); $close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date); $cash_up_data = [ @@ -205,7 +221,7 @@ class Cashups extends Secure_Controller 'closed_amount_check' => parse_decimals($this->request->getPost('closed_amount_check', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'closed_amount_total' => parse_decimals($this->request->getPost('closed_amount_total', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'note' => $this->request->getPost('note') != NULL, - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'open_employee_id' => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT), 'close_employee_id' => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT), 'deleted' => $this->request->getPost('deleted') != NULL @@ -231,7 +247,7 @@ class Cashups extends Secure_Controller public function postDelete(): void { - $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->cashup->delete_list($cash_ups_to_delete)) { diff --git a/app/Controllers/Config.php b/app/Controllers/Config.php index 5fdaa99c5..1c57d409a 100644 --- a/app/Controllers/Config.php +++ b/app/Controllers/Config.php @@ -20,6 +20,7 @@ use App\Models\Tax; use CodeIgniter\Encryption\EncrypterInterface; use CodeIgniter\Files\File; +use Config\Database; use Config\Encryption; use Config\Services; use DirectoryIterator; @@ -47,6 +48,8 @@ use ReflectionException; class Config extends Secure_Controller { protected $helpers = ['security']; + private $db; + public function __construct() { @@ -56,7 +59,7 @@ class Config extends Secure_Controller $this->sale_lib = new Sale_lib(); $this->receiving_lib = new receiving_lib(); $this->tax_lib = new Tax_lib(); - + $this->appconfig = model('Appconfig'); $this->attribute = model('Attribute'); $this->customer_rewards = model('Customer_rewards'); $this->dinner_table = model('Dinner_table'); @@ -65,6 +68,8 @@ class Config extends Secure_Controller $this->stock_location = model('Stock_location'); $this->tax = model('Tax'); $this->config = config('OSPOS')->settings; + $this->db = Database::connect(); + $this->encrypter = Services::encrypter(); } /* @@ -81,7 +86,7 @@ class Config extends Secure_Controller if(file_exists('license/LICENSE')) { - $license[$i]['text'] = file_get_contents('license/LICENSE', NULL, NULL, 0, 2000); + $license[$i]['text'] = file_get_contents('license/LICENSE', false, NULL, 0, 2000); } else { @@ -101,13 +106,13 @@ class Config extends Secure_Controller $basename = 'license/' . $fileinfo->getBasename('.version'); - $license[$i]['title'] = file_get_contents($basename . '.version', NULL, NULL, 0, 100); + $license[$i]['title'] = file_get_contents($basename . '.version', false, NULL, 0, 100); $license_text_file = $basename . '.license'; if(file_exists($license_text_file)) { - $license[$i]['text'] = file_get_contents($license_text_file , NULL, NULL, 0, 2000); + $license[$i]['text'] = file_get_contents($license_text_file , false, NULL, 0, 2000); } else { @@ -253,6 +258,7 @@ class Config extends Secure_Controller $data['dinner_tables'] = $this->dinner_table->get_all()->getResultArray(); $data['customer_rewards'] = $this->customer_rewards->get_all()->getResultArray(); $data['support_barcode'] = $this->barcode_lib->get_list_barcodes(); + $data['barcode_fonts'] = $this->barcode_lib->listfonts('fonts'); $data['logo_exists'] = $this->config['company_logo'] != ''; $data['line_sequence_options'] = $this->sale_lib->get_line_sequence_options(); $data['register_mode_options'] = $this->sale_lib->get_register_mode_options(); @@ -263,6 +269,7 @@ class Config extends Secure_Controller $data['tax_jurisdiction_options'] = $this->tax_lib->get_tax_jurisdiction_options(); $data['show_office_group'] = $this->module->get_show_office_group(); $data['currency_code'] = $this->config['currency_code']; + $data['db_version'] = mysqli_get_server_info(db_connect()->mysqli); // load all the license statements, they are already XSS cleaned in the private function $data['licenses'] = $this->_licenses(); @@ -281,12 +288,11 @@ class Config extends Secure_Controller if(check_encryption()) //TODO: Hungarian notation { - $encrypter = Services::encrypter(); $mailchimp_api_key = $this->config['mailchimp_api_key']; if(!empty($mailchimp_api_key)) { - $data['mailchimp']['api_key'] = $encrypter->decrypt($mailchimp_api_key); + $data['mailchimp']['api_key'] = $this->encrypter->decrypt($mailchimp_api_key); } else { @@ -296,7 +302,7 @@ class Config extends Secure_Controller $mailchimp_list_id = $this->config['mailchimp_list_id']; if(!empty($mailchimp_list_id)) { - $data['mailchimp']['list_id'] = $encrypter->decrypt($mailchimp_list_id); + $data['mailchimp']['list_id'] = $this->encrypter->decrypt($mailchimp_list_id); } else { @@ -317,19 +323,19 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_info(): void + public function postSaveInfo(): void { $upload_data = $this->upload_logo(); $upload_success = !empty($upload_data['error']); $batch_save_data = [ - 'company' => $this->request->getPost('company', FILTER_SANITIZE_STRING), - 'address' => $this->request->getPost('address', FILTER_SANITIZE_STRING), - 'phone' => $this->request->getPost('phone', FILTER_SANITIZE_STRING), + 'company' => $this->request->getPost('company'), + 'address' => $this->request->getPost('address'), + 'phone' => $this->request->getPost('phone'), 'email' => $this->request->getPost('email', FILTER_SANITIZE_EMAIL), - 'fax' => $this->request->getPost('fax', FILTER_SANITIZE_STRING), + 'fax' => $this->request->getPost('fax'), 'website' => $this->request->getPost('website', FILTER_SANITIZE_URL), - 'return_policy' => $this->request->getPost('return_policy', FILTER_SANITIZE_STRING) + 'return_policy' => $this->request->getPost('return_policy') ]; if(!empty($upload_data['orig_name']) && $upload_data['raw_name'] === TRUE) @@ -388,11 +394,11 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_general(): void + public function postSaveGeneral(): void { $batch_save_data = [ - 'theme' => $this->request->getPost('theme', FILTER_SANITIZE_STRING), - 'login_form' => $this->request->getPost('login_form', FILTER_SANITIZE_STRING), + 'theme' => $this->request->getPost('theme'), + 'login_form' => $this->request->getPost('login_form'), 'default_sales_discount_type' => $this->request->getPost('default_sales_discount_type') != NULL, 'default_sales_discount' => $this->request->getPost('default_sales_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'default_receivings_discount_type' => $this->request->getPost('default_receivings_discount_type') != NULL, @@ -405,14 +411,14 @@ class Config extends Secure_Controller 'image_max_width' => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT), 'image_max_height' => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT), 'image_max_size' => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT), - 'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types', FILTER_SANITIZE_STRING)), + 'image_allowed_types' => implode('|', $this->request->getPost('image_allowed_types')), 'gcaptcha_enable' => $this->request->getPost('gcaptcha_enable') != NULL, - 'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key', FILTER_SANITIZE_STRING), - 'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key', FILTER_SANITIZE_STRING), - 'suggestions_first_column' => $this->request->getPost('suggestions_first_column', FILTER_SANITIZE_STRING), - 'suggestions_second_column' => $this->request->getPost('suggestions_second_column', FILTER_SANITIZE_STRING), - 'suggestions_third_column' => $this->request->getPost('suggestions_third_column', FILTER_SANITIZE_STRING), - 'giftcard_number' => $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING), + 'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key'), + 'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key'), + 'suggestions_first_column' => $this->request->getPost('suggestions_first_column'), + 'suggestions_second_column' => $this->request->getPost('suggestions_second_column'), + 'suggestions_third_column' => $this->request->getPost('suggestions_third_column'), + 'giftcard_number' => $this->request->getPost('giftcard_number'), 'derive_sale_quantity' => $this->request->getPost('derive_sale_quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION) != NULL, 'multi_pack_enabled' => $this->request->getPost('multi_pack_enabled') != NULL, 'include_hsn' => $this->request->getPost('include_hsn') != NULL, @@ -444,10 +450,10 @@ class Config extends Secure_Controller /** * @return void */ - public function ajax_check_number_locale(): void + public function postCheckNumberLocale(): void { - $number_locale = $this->request->getPost('number_locale', FILTER_SANITIZE_STRING); - $save_number_locale = $this->request->getPost('save_number_locale', FILTER_SANITIZE_STRING); + $number_locale = $this->request->getPost('number_locale'); + $save_number_locale = $this->request->getPost('save_number_locale'); $fmt = new NumberFormatter($number_locale, NumberFormatter::CURRENCY); if($number_locale != $save_number_locale) @@ -458,8 +464,8 @@ class Config extends Secure_Controller } else { - $currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING); - $currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code', FILTER_SANITIZE_STRING); + $currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol'); + $currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code'); } if($this->request->getPost('thousands_separator') == 'false') @@ -482,27 +488,27 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_locale(): void + public function postSaveLocale(): void { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language')); $batch_save_data = [ - 'currency_symbol' => $this->request->getPost('currency_symbol', FILTER_SANITIZE_STRING), - 'currency_code' => $this->request->getPost('currency_code', FILTER_SANITIZE_STRING), + 'currency_symbol' => $this->request->getPost('currency_symbol'), + 'currency_code' => $this->request->getPost('currency_code'), 'language_code' => $exploded[0], 'language' => $exploded[1], - 'timezone' => $this->request->getPost('timezone', FILTER_SANITIZE_STRING), - 'dateformat' => $this->request->getPost('dateformat', FILTER_SANITIZE_STRING), - 'timeformat' => $this->request->getPost('timeformat', FILTER_SANITIZE_STRING), + 'timezone' => $this->request->getPost('timezone'), + 'dateformat' => $this->request->getPost('dateformat'), + 'timeformat' => $this->request->getPost('timeformat'), 'thousands_separator' => !empty($this->request->getPost('thousands_separator', FILTER_SANITIZE_NUMBER_INT)), - 'number_locale' => $this->request->getPost('number_locale', FILTER_SANITIZE_STRING), + 'number_locale' => $this->request->getPost('number_locale'), 'currency_decimals' => $this->request->getPost('currency_decimals', FILTER_SANITIZE_NUMBER_INT), 'tax_decimals' => $this->request->getPost('tax_decimals', FILTER_SANITIZE_NUMBER_INT), 'quantity_decimals' => $this->request->getPost('quantity_decimals', FILTER_SANITIZE_NUMBER_INT), - 'country_codes' => $this->request->getPost('country_codes', FILTER_SANITIZE_STRING), - 'payment_options_order' => $this->request->getPost('payment_options_order', FILTER_SANITIZE_STRING), + 'country_codes' => $this->request->getPost('country_codes'), + 'payment_options_order' => $this->request->getPost('payment_options_order'), 'date_or_time_format' => $this->request->getPost('date_or_time_format', FILTER_SANITIZE_NUMBER_INT), 'cash_decimals' => $this->request->getPost('cash_decimals', FILTER_SANITIZE_NUMBER_INT), - 'cash_rounding_code' => $this->request->getPost('cash_rounding_code', FILTER_SANITIZE_STRING), + 'cash_rounding_code' => $this->request->getPost('cash_rounding_code'), 'financial_year' => $this->request->getPost('financial_year', FILTER_SANITIZE_NUMBER_INT) ]; @@ -514,24 +520,28 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_email(): void + public function postSaveEmail(): void { $password = ''; if(check_encryption()) { - $password = $this->encrypter->encrypt($this->request->getPost('smtp_pass')); + $smtp_pass = $this->encrypter->encrypt($this->request->getPost('smtp_pass')); + if(!empty($smtp_pass)) + { + $password = $this->encrypter->encrypt($this->request->getPost('smtp_pass')); + } } $batch_save_data = [ - 'protocol' => $this->request->getPost('protocol', FILTER_SANITIZE_STRING), - 'mailpath' => $this->request->getPost('mailpath', FILTER_SANITIZE_STRING), - 'smtp_host' => $this->request->getPost('smtp_host', FILTER_SANITIZE_STRING), - 'smtp_user' => $this->request->getPost('smtp_user', FILTER_SANITIZE_STRING), + 'protocol' => $this->request->getPost('protocol'), + 'mailpath' => $this->request->getPost('mailpath'), + 'smtp_host' => $this->request->getPost('smtp_host'), + 'smtp_user' => $this->request->getPost('smtp_user'), 'smtp_pass' => $password, 'smtp_port' => $this->request->getPost('smtp_port', FILTER_SANITIZE_NUMBER_INT), 'smtp_timeout' => $this->request->getPost('smtp_timeout', FILTER_SANITIZE_NUMBER_INT), - 'smtp_crypto' => $this->request->getPost('smtp_crypto', FILTER_SANITIZE_STRING) + 'smtp_crypto' => $this->request->getPost('smtp_crypto') ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -542,7 +552,7 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_message(): void + public function postSaveMessage(): void { $password = ''; @@ -552,10 +562,10 @@ class Config extends Secure_Controller } $batch_save_data = [ - 'msg_msg' => $this->request->getPost('msg_msg', FILTER_SANITIZE_STRING), - 'msg_uid' => $this->request->getPost('msg_uid', FILTER_SANITIZE_STRING), + 'msg_msg' => $this->request->getPost('msg_msg'), + 'msg_uid' => $this->request->getPost('msg_uid'), 'msg_pwd' => $password, - 'msg_src' => $this->request->getPost('msg_src', FILTER_SANITIZE_STRING) + 'msg_src' => $this->request->getPost('msg_src') ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -592,10 +602,10 @@ class Config extends Secure_Controller * * @return void */ - public function ajax_check_mailchimp_api_key(): void + public function postCheckMailchimpApiKey(): void { // load mailchimp lists associated to the given api key, already XSS cleaned in the private function - $lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING)); + $lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key')); $success = count($lists) > 0; echo json_encode ([ @@ -608,15 +618,26 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_mailchimp(): void + public function postSaveMailchimp(): void { $api_key = ''; $list_id = ''; if(check_encryption()) //TODO: Hungarian notation { - $api_key = $this->encrypter->encrypt($this->request->getPost('mailchimp_api_key', FILTER_SANITIZE_STRING)); - $list_id = $this->encrypter->encrypt($this->request->getPost('mailchimp_list_id', FILTER_SANITIZE_STRING)); + $api_key_unencrypted = $this->request->getPost('mailchimp_api_key'); + if(!empty($api_key_unencrypted)) + { + $api_key = $this->encrypter->encrypt($api_key_unencrypted); + $api_key_unencrypted = ''; + } + + $list_id_unencrypted = $this->request->getPost('mailchimp_list_id'); + if(!empty($list_id_unencrypted)) + { + $list_id = $this->encrypter->encrypt($list_id_unencrypted); + $list_id_unencrypted = ''; + } } $batch_save_data = ['mailchimp_api_key' => $api_key, 'mailchimp_list_id' => $list_id]; @@ -626,14 +647,14 @@ class Config extends Secure_Controller echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]); } - public function ajax_stock_locations(): void + public function getStockLocations(): void { $stock_locations = $this->stock_location->get_all()->getResultArray(); echo view('partial/stock_locations', ['stock_locations' => $stock_locations]); } - public function ajax_dinner_tables(): void + public function getDinnerTables(): void { $dinner_tables = $this->dinner_table->get_all()->getResultArray(); @@ -647,7 +668,7 @@ class Config extends Secure_Controller echo view('partial/tax_categories', ['tax_categories' => $tax_categories]); } - public function ajax_customer_rewards(): void + public function getCustomerRewards(): void { $customer_rewards = $this->customer_rewards->get_all()->getResultArray(); @@ -665,12 +686,12 @@ class Config extends Secure_Controller $this->receiving_lib->clear_all(); } - public function save_locations(): void + public function postSaveLocations(): void { $this->db->transStart(); $not_to_delete = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) + foreach($this->request->getPost(NULL) as $key => $value) { if(strstr($key, 'stock_location')) { @@ -709,7 +730,7 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_tables(): void + public function postSaveTables(): void { $this->db->transStart(); @@ -720,7 +741,7 @@ class Config extends Secure_Controller if($dinner_table_enable) { $not_to_delete = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) //TODO: Not sure if this is the best way to filter the array + foreach($this->request->getPost(NULL) as $key => $value) //TODO: Not sure if this is the best way to filter the array { if(strstr($key, 'dinner_table') && $key != 'dinner_table_enable') { @@ -758,20 +779,20 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_tax(): void + public function postSaveTax(): void { $this->db->transStart(); $batch_save_data = [ 'default_tax_1_rate' => parse_tax($this->request->getPost('default_tax_1_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'default_tax_1_name' => $this->request->getPost('default_tax_1_name', FILTER_SANITIZE_STRING), + 'default_tax_1_name' => $this->request->getPost('default_tax_1_name'), 'default_tax_2_rate' => parse_tax($this->request->getPost('default_tax_2_rate', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'default_tax_2_name' => $this->request->getPost('default_tax_2_name', FILTER_SANITIZE_STRING), + 'default_tax_2_name' => $this->request->getPost('default_tax_2_name'), 'tax_included' => $this->request->getPost('tax_included') != NULL, 'use_destination_based_tax' => $this->request->getPost('use_destination_based_tax') != NULL, - 'default_tax_code' => $this->request->getPost('default_tax_code', FILTER_SANITIZE_STRING), - 'default_tax_category' => $this->request->getPost('default_tax_category', FILTER_SANITIZE_STRING), - 'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction', FILTER_SANITIZE_STRING), + 'default_tax_code' => $this->request->getPost('default_tax_code'), + 'default_tax_category' => $this->request->getPost('default_tax_category'), + 'default_tax_jurisdiction' => $this->request->getPost('default_tax_jurisdiction'), 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT) ]; @@ -789,7 +810,7 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_rewards(): void + public function postSaveRewards(): void { $this->db->transStart(); @@ -801,7 +822,7 @@ class Config extends Secure_Controller { $not_to_delete = []; $array_save = []; - foreach($this->request->getPost(NULL, FILTER_SANITIZE_STRING) as $key => $value) + foreach($this->request->getPost(NULL) as $key => $value) { if(strstr($key, 'customer_reward') && $key != 'customer_reward_enable') { @@ -848,24 +869,24 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_barcode(): void + public function postSaveBarcode(): void { $batch_save_data = [ - 'barcode_type' => $this->request->getPost('barcode_type', FILTER_SANITIZE_STRING), + 'barcode_type' => $this->request->getPost('barcode_type'), 'barcode_width' => $this->request->getPost('barcode_width', FILTER_SANITIZE_NUMBER_INT), 'barcode_height' => $this->request->getPost('barcode_height', FILTER_SANITIZE_NUMBER_INT), - 'barcode_font' => $this->request->getPost('barcode_font', FILTER_SANITIZE_STRING), + 'barcode_font' => $this->request->getPost('barcode_font'), 'barcode_font_size' => $this->request->getPost('barcode_font_size', FILTER_SANITIZE_NUMBER_INT), - 'barcode_first_row' => $this->request->getPost('barcode_first_row', FILTER_SANITIZE_STRING), - 'barcode_second_row' => $this->request->getPost('barcode_second_row', FILTER_SANITIZE_STRING), - 'barcode_third_row' => $this->request->getPost('barcode_third_row', FILTER_SANITIZE_STRING), + 'barcode_first_row' => $this->request->getPost('barcode_first_row'), + 'barcode_second_row' => $this->request->getPost('barcode_second_row'), + 'barcode_third_row' => $this->request->getPost('barcode_third_row'), 'barcode_num_in_row' => $this->request->getPost('barcode_num_in_row', FILTER_SANITIZE_NUMBER_INT), 'barcode_page_width' => $this->request->getPost('barcode_page_width', FILTER_SANITIZE_NUMBER_INT), 'barcode_page_cellspacing' => $this->request->getPost('barcode_page_cellspacing', FILTER_SANITIZE_NUMBER_INT), 'barcode_generate_if_empty' => $this->request->getPost('barcode_generate_if_empty') != NULL, 'allow_duplicate_barcodes' => $this->request->getPost('allow_duplicate_barcodes') != NULL, - 'barcode_content' => $this->request->getPost('barcode_content', FILTER_SANITIZE_STRING), - 'barcode_formats' => json_encode($this->request->getPost('barcode_formats', FILTER_SANITIZE_STRING)) + 'barcode_content' => $this->request->getPost('barcode_content'), + 'barcode_formats' => json_encode($this->request->getPost('barcode_formats')) ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -876,14 +897,14 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_receipt(): void + public function postSaveReceipt(): void { $batch_save_data = [ - 'receipt_template' => $this->request->getPost('receipt_template', FILTER_SANITIZE_STRING), + 'receipt_template' => $this->request->getPost('receipt_template'), 'receipt_font_size' => $this->request->getPost('receipt_font_size', FILTER_SANITIZE_NUMBER_INT), 'print_delay_autoreturn' => $this->request->getPost('print_delay_autoreturn', FILTER_SANITIZE_NUMBER_INT), - 'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour', FILTER_SANITIZE_STRING), - 'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour', FILTER_SANITIZE_STRING), + 'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour'), + 'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour'), 'receipt_show_company_name' => $this->request->getPost('receipt_show_company_name') != NULL, 'receipt_show_taxes' => ($this->request->getPost('receipt_show_taxes') != NULL), 'receipt_show_tax_ind' => ($this->request->getPost('receipt_show_tax_ind') != NULL), @@ -907,23 +928,23 @@ class Config extends Secure_Controller /** * @throws ReflectionException */ - public function save_invoice(): void + public function postSaveInvoice(): void { $batch_save_data = [ 'invoice_enable' => $this->request->getPost('invoice_enable') != NULL, - 'sales_invoice_format' => $this->request->getPost('sales_invoice_format', FILTER_SANITIZE_STRING), - 'sales_quote_format' => $this->request->getPost('sales_quote_format', FILTER_SANITIZE_STRING), - 'recv_invoice_format' => $this->request->getPost('recv_invoice_format', FILTER_SANITIZE_STRING), - 'invoice_default_comments' => $this->request->getPost('invoice_default_comments', FILTER_SANITIZE_STRING), - 'invoice_email_message' => $this->request->getPost('invoice_email_message', FILTER_SANITIZE_STRING), - 'line_sequence' => $this->request->getPost('line_sequence', FILTER_SANITIZE_STRING), + 'sales_invoice_format' => $this->request->getPost('sales_invoice_format'), + 'sales_quote_format' => $this->request->getPost('sales_quote_format'), + 'recv_invoice_format' => $this->request->getPost('recv_invoice_format'), + 'invoice_default_comments' => $this->request->getPost('invoice_default_comments'), + 'invoice_email_message' => $this->request->getPost('invoice_email_message'), + 'line_sequence' => $this->request->getPost('line_sequence'), 'last_used_invoice_number' => $this->request->getPost('last_used_invoice_number', FILTER_SANITIZE_NUMBER_INT), 'last_used_quote_number' => $this->request->getPost('last_used_quote_number', FILTER_SANITIZE_NUMBER_INT), - 'quote_default_comments' => $this->request->getPost('quote_default_comments', FILTER_SANITIZE_STRING), + 'quote_default_comments' => $this->request->getPost('quote_default_comments'), 'work_order_enable' => $this->request->getPost('work_order_enable') != NULL, - 'work_order_format' => $this->request->getPost('work_order_format', FILTER_SANITIZE_STRING), + 'work_order_format' => $this->request->getPost('work_order_format'), 'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT), - 'invoice_type' => $this->request->getPost('invoice_type', FILTER_SANITIZE_STRING) + 'invoice_type' => $this->request->getPost('invoice_type') ]; $success = $this->appconfig->batch_save($batch_save_data); @@ -934,7 +955,7 @@ class Config extends Secure_Controller { if($this->config['invoice_enable']) { - $this->sale_lib->set_mode($batch_save_data['default_register_mode']); + $this->sale_lib->set_mode($this->config['default_register_mode']); } else { diff --git a/app/Controllers/Customers.php b/app/Controllers/Customers.php index 85151de34..27e9b93a5 100644 --- a/app/Controllers/Customers.php +++ b/app/Controllers/Customers.php @@ -50,7 +50,7 @@ class Customers extends Persons } else { - $this->_list_id = ""; + $this->_list_id = ''; } } @@ -93,11 +93,11 @@ class Customers extends Persons */ public function getSearch() { - $search = $this->request->getGet('search', FILTER_SANITIZE_STRING); + $search = $this->request->getGet('search'); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getGet('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getGet('sort'); + $order = $this->request->getGet('order'); $customers = $this->customer->search($search, $limit, $offset, $sort, $order); $total_rows = $this->customer->get_found_rows($search); @@ -131,14 +131,14 @@ class Customers extends Persons */ public function getSuggest(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25,TRUE); + $suggestions = $this->customer->get_search_suggestions($this->request->getVar('term'), 25,TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->customer->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), 25, FALSE); + $suggestions = $this->customer->get_search_suggestions($this->request->getPost('term'), 25, FALSE); echo json_encode($suggestions); } @@ -168,7 +168,6 @@ class Customers extends Persons $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name; $tax_code_info = $this->tax_code->get_info($info->sales_tax_code_id); - $tax_code_id = $tax_code_info->tax_code_id; //TODO: This variable is never used after this. if($tax_code_info->tax_code != NULL) { @@ -270,8 +269,8 @@ class Customers extends Persons */ public function postSave(int $customer_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name'); + $last_name = $this->request->getPost('last_name'); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -283,26 +282,26 @@ class Customers extends Persons 'last_name' => $last_name, 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number'), + 'address_1' => $this->request->getPost('address_1'), + 'address_2' => $this->request->getPost('address_2'), + 'city' => $this->request->getPost('city'), + 'state' => $this->request->getPost('state'), + 'zip' => $this->request->getPost('zip'), + 'country' => $this->request->getPost('country'), + 'comments' => $this->request->getPost('comments') ]; - $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date', FILTER_SANITIZE_STRING)); + $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date')); $customer_data = [ 'consent' => $this->request->getPost('consent') != NULL, - 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING), - 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_STRING), - 'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name', FILTER_SANITIZE_STRING), + 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number'), + 'tax_id' => $this->request->getPost('tax_id'), + 'company_name' => $this->request->getPost('company_name') == '' ? NULL : $this->request->getPost('company_name'), 'discount' => $this->request->getPost('discount') == '' ? 0.00 : $this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'discount_type' => $this->request->getPost('discount_type') == NULL ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT), - 'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id', FILTER_SANITIZE_STRING), + 'package_id' => $this->request->getPost('package_id') == '' ? NULL : $this->request->getPost('package_id'), 'taxable' => $this->request->getPost('taxable') != NULL, 'date' => $date_formatter->format('Y-m-d H:i:s'), 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), @@ -312,7 +311,7 @@ class Customers extends Persons if($this->customer->save_customer($person_data, $customer_data, $customer_id)) { // save customer to Mailchimp selected list //TODO: addOrUpdateMember should be refactored... potentially pass an array or object instead of 6 parameters. - $mailchimp_status = $this->request->getPost('mailchimp_status', FILTER_SANITIZE_STRING); + $mailchimp_status = $this->request->getPost('mailchimp_status'); $this->mailchimp_lib->addOrUpdateMember( $this->_list_id, $email, @@ -375,7 +374,7 @@ class Customers extends Persons */ public function postDelete(): void { - $customers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $customers_to_delete = $this->request->getPost('ids'); $customers_info = $this->customer->get_multiple_info($customers_to_delete); $count = 0; diff --git a/app/Controllers/Employees.php b/app/Controllers/Employees.php index 8025cff21..999a352f1 100644 --- a/app/Controllers/Employees.php +++ b/app/Controllers/Employees.php @@ -24,11 +24,11 @@ class Employees extends Persons */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $employees = $this->employee->search($search, $limit, $offset, $sort, $order); $total_rows = $this->employee->get_found_rows($search); @@ -47,14 +47,14 @@ class Employees extends Persons */ public function suggest(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), 25, TRUE); + $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->employee->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -100,8 +100,8 @@ class Employees extends Persons */ public function postSave(int $employee_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: duplicated code - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: duplicated code + $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -113,26 +113,26 @@ class Employees extends Persons 'last_name' => $last_name, 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $grants_array = []; foreach($this->module->get_all_permissions()->getResult() as $permission) { $grants = []; - $grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_STRING) : ''; + $grant = $this->request->getPost('grant_'.$permission->permission_id) != NULL ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : ''; if($grant == $permission->permission_id) { $grants['permission_id'] = $permission->permission_id; - $grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_STRING) : '--'; + $grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != NULL ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--'; $grants_array[] = $grants; } } @@ -140,9 +140,9 @@ class Employees extends Persons //Password has been changed OR first time password set if($this->request->getPost('password') != '' && ENVIRONMENT != 'testing') { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT), 'hash_version' => 2, 'language_code' => $exploded[0], @@ -151,9 +151,9 @@ class Employees extends Persons } else //Password not changed { - $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_STRING)); + $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'language_code' => $exploded[0], 'language' => $exploded[1] ]; @@ -194,7 +194,7 @@ class Employees extends Persons */ public function postDelete(): void { - $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->employee->delete_list($employees_to_delete)) //TODO: this is passing a string, but delete_list expects an array { @@ -213,9 +213,9 @@ class Employees extends Persons * @param $employee_id * @return void */ - public function check_username($employee_id): void + public function getCheckUsername($employee_id): void { - $exists = $this->employee->username_exists($employee_id, $this->request->getVar('username', FILTER_SANITIZE_STRING)); + $exists = $this->employee->username_exists($employee_id, $this->request->getGet('username')); echo !$exists ? 'true' : 'false'; } } diff --git a/app/Controllers/Expenses.php b/app/Controllers/Expenses.php index eba38e35a..01227d7f2 100644 --- a/app/Controllers/Expenses.php +++ b/app/Controllers/Expenses.php @@ -38,14 +38,14 @@ class Expenses extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'only_cash' => FALSE, 'only_due' => FALSE, 'only_check' => FALSE, @@ -55,7 +55,7 @@ class Expenses extends Secure_Controller ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: variable naming does not match standard + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: variable naming does not match standard $filters = array_merge($filters, $filledup); $expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->expense->get_found_rows($search, $filters); @@ -125,7 +125,7 @@ class Expenses extends Secure_Controller echo view("expenses/form", $data); } - public function getRow(int $row_id): vpid + public function getRow(int $row_id): void { $expense_info = $this->expense->get_info($row_id); $data_row = get_expenses_data_row($expense_info); @@ -136,19 +136,19 @@ class Expenses extends Secure_Controller public function postSave(int $expense_id = NEW_ENTRY): void { $config = config('OSPOS')->settings; - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate); $expense_data = [ 'date' => $date_formatter->format('Y-m-d H:i:s'), 'supplier_id' => $this->request->getPost('supplier_id') == '' ? NULL : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT), - 'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_STRING), + 'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'amount' => parse_decimals($this->request->getPost('amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), 'tax_amount' => parse_decimals($this->request->getPost('tax_amount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_STRING), + 'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), 'deleted' => $this->request->getPost('deleted') != NULL ]; @@ -180,7 +180,7 @@ class Expenses extends Secure_Controller public function postDelete(): void { - $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->expense->delete_list($expenses_to_delete)) { diff --git a/app/Controllers/Expenses_categories.php b/app/Controllers/Expenses_categories.php index 32a6083c4..ea1716ffd 100644 --- a/app/Controllers/Expenses_categories.php +++ b/app/Controllers/Expenses_categories.php @@ -28,11 +28,11 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order); $total_rows = $this->expense_category->get_found_rows($search); @@ -63,8 +63,8 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u public function postSave(int $expense_category_id = NEW_ENTRY): void { $expense_category_data = [ - 'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_STRING), - 'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_STRING) + 'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->expense_category->save_value($expense_category_data, $expense_category_id)) //TODO: Reflection exception @@ -99,7 +99,7 @@ class Expenses_categories extends Secure_Controller //TODO: Is this class ever u public function postDelete(): void { - $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->expense_category->delete_list($expense_category_to_delete)) //TODO: Convert to ternary notation. { diff --git a/app/Controllers/Giftcards.php b/app/Controllers/Giftcards.php index b64c63814..beda092fb 100644 --- a/app/Controllers/Giftcards.php +++ b/app/Controllers/Giftcards.php @@ -28,11 +28,11 @@ class Giftcards extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order); $total_rows = $this->giftcard->get_found_rows($search); @@ -52,14 +52,14 @@ class Giftcards extends Secure_Controller public function getSuggest(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE); + $suggestions = $this->giftcard->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); echo json_encode($suggestions); } public function suggest_search(): void { - $suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -96,7 +96,7 @@ class Giftcards extends Secure_Controller public function postSave(int $giftcard_id = NEW_ENTRY): void { - $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_STRING); + $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') { @@ -153,7 +153,7 @@ class Giftcards extends Secure_Controller public function postDelete(): void { - $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->giftcard->delete_list($giftcards_to_delete)) { diff --git a/app/Controllers/Home.php b/app/Controllers/Home.php index 3cecb5a26..aebd34c46 100644 --- a/app/Controllers/Home.php +++ b/app/Controllers/Home.php @@ -45,10 +45,10 @@ class Home extends Secure_Controller { if($this->request->getPost('current_password') != '' && $employee_id != -1) { - if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_STRING), $this->request->getPost('current_password'))) + if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) { $employee_data = [ - 'username' => $this->request->getPost('username', FILTER_SANITIZE_STRING), + 'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT), 'hash_version' => 2 ]; diff --git a/app/Controllers/Item_kits.php b/app/Controllers/Item_kits.php index 4f8e43680..d84b54c3a 100644 --- a/app/Controllers/Item_kits.php +++ b/app/Controllers/Item_kits.php @@ -76,11 +76,11 @@ class Item_kits extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order); $total_rows = $this->item_kit->get_found_rows($search); @@ -98,7 +98,7 @@ class Item_kits extends Secure_Controller public function suggest_search(): void { - $suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -153,14 +153,14 @@ class Item_kits extends Secure_Controller public function postSave(int $item_kit_id = NEW_ENTRY): void { $item_kit_data = [ - 'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING), - 'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING), + 'name' => $this->request->getPost('name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'item_kit_number' => $this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id' => $this->request->getPost('kit_item_id', FILTER_SANITIZE_NUMBER_INT), 'kit_discount' => $this->request->getPost('kit_discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'kit_discount_type' => $this->request->getPost('kit_discount_type') == NULL ? PERCENT : $this->request->getPost('kit_discount_type', FILTER_SANITIZE_NUMBER_INT), 'price_option' => $this->request->getPost('price_option', FILTER_SANITIZE_NUMBER_INT), 'print_option' => $this->request->getPost('print_option', FILTER_SANITIZE_NUMBER_INT), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING) + 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->item_kit->save_value($item_kit_data, $item_kit_id)) @@ -220,7 +220,7 @@ class Item_kits extends Secure_Controller public function postDelete(): void { - $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_STRING); + $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($this->item_kit->delete_list($item_kits_to_delete)) { @@ -237,7 +237,7 @@ class Item_kits extends Secure_Controller public function check_item_number(): void { - $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT)); + $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT)); echo !$exists ? 'true' : 'false'; } diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index ff51cde8c..72bd5a981 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -89,19 +89,19 @@ class Items extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); - $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); - $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $search = $this->request->getGet('search'); + $limit = $this->request->getGet('limit'); + $offset = $this->request->getGet('offset'); + $sort = $this->request->getGet('sort'); + $order = $this->request->getGet('order'); - $this->item_lib->set_item_location($this->request->getVar('stock_location', FILTER_SANITIZE_NUMBER_INT)); + $this->item_lib->set_item_location($this->request->getGet('stock_location')); $definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS); $filters = [ - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getGet('start_date'), + 'end_date' => $this->request->getGet('end_date'), 'stock_location_id' => $this->item_lib->get_item_location(), 'empty_upc' => FALSE, 'low_inventory' => FALSE, @@ -114,7 +114,7 @@ class Items extends Secure_Controller ]; //Check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: filled up does not meet naming standards + $filledup = array_fill_keys($this->request->getGet('filters'), TRUE); //TODO: filled up does not meet naming standards $filters = array_merge($filters, $filledup); $items = $this->item->search($search, $filters, $limit, $offset, $sort, $order); $total_rows = $this->item->get_found_rows($search, $filters); @@ -182,28 +182,28 @@ class Items extends Secure_Controller 'is_deleted' => $this->request->getPost('is_deleted') !== NULL ]; - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), $options, FALSE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), $options, FALSE); echo json_encode($suggestions); } public function suggest(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_search_suggestions($this->request->getPostGet('term'), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } public function suggest_low_sell(): void { - $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name')); echo json_encode($suggestions); } public function suggest_kits(): void { - $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = $this->item->get_kit_search_suggestions($this->request->getPostGet('term'), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); echo json_encode($suggestions); } @@ -213,7 +213,7 @@ class Items extends Secure_Controller */ public function getSuggestCategory(): void { - $suggestions = $this->item->get_category_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_category_suggestions($this->request->getGet('term')); echo json_encode($suggestions); } @@ -223,7 +223,7 @@ class Items extends Secure_Controller */ public function getSuggestLocation(): void { - $suggestions = $this->item->get_location_suggestions($this->request->getGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->item->get_location_suggestions($this->request->getGet('term')); echo json_encode($suggestions); } @@ -379,19 +379,26 @@ class Items extends Secure_Controller } $data['logo_exists'] = $item_info->pic_filename !== null; - $file_extension = pathinfo($item_info->pic_filename, PATHINFO_EXTENSION); - - if(empty($file_extension)) + if($item_info->pic_filename != null) { - $images = glob("./uploads/item_pics/$item_info->pic_filename.*"); + $file_extension = pathinfo($item_info->pic_filename, PATHINFO_EXTENSION); + if(empty($file_extension)) + { + $images = glob("./uploads/item_pics/$item_info->pic_filename.*"); + } + else + { + $images = glob("./uploads/item_pics/$item_info->pic_filename"); + } + $data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : ''; } else { - $images = glob("./uploads/item_pics/$item_info->pic_filename"); + $data['image_path'] = ''; } - $data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : ''; - $stock_locations = $this->stock_location->get_undeleted_all()->getResultArray(); + + $stock_locations = $this->stock_location->get_undeleted_all()->getResultArray(); foreach($stock_locations as $location) { @@ -491,7 +498,49 @@ class Items extends Secure_Controller public function getAttributes(int $item_id = NEW_ENTRY): void { $data['item_id'] = $item_id; - $definition_ids = json_decode($this->request->getPost('definition_ids', FILTER_SANITIZE_STRING), TRUE); + if($this->request->getGet('definition_ids') != null) + { + $definition_ids = json_decode($this->request->getGet('definition_ids'), TRUE); + $data['definition_values'] = $this->attribute->get_attributes_by_item($item_id) + $this->attribute->get_values_by_definitions($definition_ids); + $data['definition_names'] = $this->attribute->get_definition_names(); + } + else + { + $data['definition_values'] = []; + $data['definition_names'] = []; + } + + foreach($data['definition_values'] as $definition_id => $definition_value) + { + $attribute_value = $this->attribute->get_attribute_value($item_id, $definition_id); + $attribute_id = (empty($attribute_value) || empty($attribute_value->attribute_id)) ? NULL : $attribute_value->attribute_id; + $values = &$data['definition_values'][$definition_id]; + $values['attribute_id'] = $attribute_id; + $values['attribute_value'] = $attribute_value; + $values['selected_value'] = ''; + + if ($definition_value['definition_type'] === DROPDOWN) + { + $values['values'] = $this->attribute->get_definition_values($definition_id); + $link_value = $this->attribute->get_link_value($item_id, $definition_id); + $values['selected_value'] = (empty($link_value)) ? '' : $link_value->attribute_id; + } + + if (!empty($definition_ids[$definition_id])) + { + $values['selected_value'] = $definition_ids[$definition_id]; + } + + unset($data['definition_names'][$definition_id]); + } + + echo view('attributes/item', $data); + } + + public function postAttributes(int $item_id = NEW_ENTRY): void + { + $data['item_id'] = $item_id; + $definition_ids = json_decode($this->request->getPost('definition_ids'), TRUE); $data['definition_values'] = $this->attribute->get_attributes_by_item($item_id) + $this->attribute->get_values_by_definitions($definition_ids); $data['definition_names'] = $this->attribute->get_definition_names(); @@ -558,8 +607,8 @@ class Items extends Secure_Controller // $upload_file = $this->request->hasFile('image') ? $this->request->getFile('image') : null; //TODO: https://codeigniter4.github.io/userguide/incoming/incomingrequest.html#uploaded-files $upload_file = null; - $receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); - $item_type = $this->request->getPost('item_type') === NULL ? ITEM : $this->request->getPost('item_type', FILTER_SANITIZE_NUMBER_INT); + $receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity')); + $item_type = $this->request->getPost('item_type') === NULL ? ITEM : intval($this->request->getPost('item_type')); if($receiving_quantity === 0.0 && $item_type !== ITEM_TEMP) { @@ -570,24 +619,24 @@ class Items extends Secure_Controller //Save item data $item_data = [ - 'name' => $this->request->getPost('name', FILTER_SANITIZE_STRING), - 'description' => $this->request->getPost('description', FILTER_SANITIZE_STRING), - 'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING), + 'name' => $this->request->getPost('name'), + 'description' => $this->request->getPost('description'), + 'category' => $this->request->getPost('category'), 'item_type' => $item_type, - 'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type', FILTER_SANITIZE_NUMBER_INT)), - 'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT)), - 'item_number' => empty($this->request->getPost('item_number')) ? NULL : $this->request->getPost('item_number', FILTER_SANITIZE_NUMBER_INT), - 'cost_price' => parse_decimals($this->request->getPost('cost_price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'unit_price' => parse_decimals($this->request->getPost('unit_price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), - 'reorder_level' => parse_quantity($this->request->getPost('reorder_level', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)), + 'stock_type' => $this->request->getPost('stock_type') === NULL ? HAS_STOCK : intval($this->request->getPost('stock_type')), + 'supplier_id' => empty($this->request->getPost('supplier_id')) ? NULL : intval($this->request->getPost('supplier_id')), + 'item_number' => empty($this->request->getPost('item_number')) ? NULL : $this->request->getPost('item_number'), + 'cost_price' => parse_decimals($this->request->getPost('cost_price')), + 'unit_price' => parse_decimals($this->request->getPost('unit_price')), + 'reorder_level' => parse_quantity($this->request->getPost('reorder_level')), 'receiving_quantity' => $receiving_quantity, 'allow_alt_description' => $this->request->getPost('allow_alt_description') !== NULL, 'is_serialized' => $this->request->getPost('is_serialized') !== NULL, - 'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : $this->request->getPost('qty_per_pack', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), - 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name', FILTER_SANITIZE_STRING), - 'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : $this->request->getPost('low_sell_item_id', FILTER_SANITIZE_NUMBER_INT), + 'qty_per_pack' => $this->request->getPost('qty_per_pack') === NULL ? 1 : parse_quantity($this->request->getPost('qty_per_pack')), + 'pack_name' => $this->request->getPost('pack_name') === NULL ? $default_pack_name : $this->request->getPost('pack_name'), + 'low_sell_item_id' => $this->request->getPost('low_sell_item_id') === NULL ? $item_id : intval($this->request->getPost('low_sell_item_id')), 'deleted' => $this->request->getPost('is_deleted') !== NULL, - 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code', FILTER_SANITIZE_STRING) + 'hsn_code' => $this->request->getPost('hsn_code') === NULL ? '' : $this->request->getPost('hsn_code') ]; if($item_data['item_type'] == ITEM_TEMP) @@ -597,7 +646,7 @@ class Items extends Secure_Controller $item_data['reorder_level'] = 0; } - $tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); + $tax_category_id = intval($this->request->getPost('tax_category_id')); if(!isset($tax_category_id)) { @@ -605,7 +654,7 @@ class Items extends Secure_Controller } else { - $item_data['tax_category_id'] = empty($this->request->getPost('tax_category_id')) ? NULL : $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); + $item_data['tax_category_id'] = empty($this->request->getPost('tax_category_id')) ? NULL : intval($this->request->getPost('tax_category_id')); } if ($upload_file != NULL) @@ -639,8 +688,8 @@ class Items extends Secure_Controller if(!$use_destination_based_tax) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING); - $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT); + $tax_names = $this->request->getPost('tax_names'); + $tax_percents = $this->request->getPost('tax_percents'); $tax_name_index = 0; @@ -662,7 +711,7 @@ class Items extends Secure_Controller $stock_locations = $this->stock_location->get_undeleted_all()->getResultArray(); foreach($stock_locations as $location) { - $updated_quantity = parse_quantity($this->request->getPost('quantity_' . $location['location_id'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); + $updated_quantity = parse_quantity($this->request->getPost('quantity_' . $location['location_id'])); if($item_data['item_type'] == ITEM_TEMP) { @@ -695,21 +744,21 @@ class Items extends Secure_Controller } // Save item attributes - $attribute_links = $this->request->getPost('attribute_links') !== NULL ? $this->request->getPost('attribute_links', FILTER_SANITIZE_NUMBER_INT) : []; - $attribute_ids = $this->request->getPost('attribute_ids', FILTER_SANITIZE_NUMBER_INT); + $attribute_links = $this->request->getPost('attribute_links') !== NULL ? $this->request->getPost('attribute_links') : []; + $attribute_ids = $this->request->getPost('attribute_ids'); $this->attribute->delete_link($item_id); - foreach($attribute_links as $definition_id => $attribute_id) + foreach($attribute_links as $definition_id => $attribute_value) { $definition_type = $this->attribute->get_info($definition_id)->definition_type; if($definition_type !== DROPDOWN) { - $attribute_id = $this->attribute->save_value($attribute_id, $definition_id, $item_id, $attribute_ids[$definition_id], $definition_type); + $attribute_id = $this->attribute->save_value($attribute_value, $definition_id, $item_id, $attribute_ids[$definition_id], $definition_type); } - $this->attribute->save_link($item_id, $definition_id, $attribute_id); + $this->attribute->save_link($item_id, $definition_id, intval($attribute_ids[$definition_id])); } if($success && $upload_success) @@ -781,7 +830,7 @@ class Items extends Secure_Controller */ public function postCheckItemNumber(): void { - $exists = $this->item->item_number_exists($this->request->getPost('item_number', FILTER_SANITIZE_STRING), $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT)); + $exists = $this->item->item_number_exists($this->request->getPost('item_number'), $this->request->getPost('item_id')); echo !$exists ? 'true' : 'false'; } @@ -790,9 +839,9 @@ class Items extends Secure_Controller */ public function check_kit_exists(): void //TODO: This function appears to be never called in the code. Need to confirm. { - if($this->request->getPost('item_number', FILTER_SANITIZE_STRING) === NEW_ENTRY) + if($this->request->getPost('item_number') === NEW_ENTRY) { - $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name', FILTER_SANITIZE_STRING)); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. + $exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name')); //TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed. } else { @@ -816,14 +865,14 @@ class Items extends Secure_Controller { $employee_id = $this->employee->get_logged_in_employee_info()->person_id; $cur_item_info = $this->item->get_info($item_id); - $location_id = $this->request->getPost('stock_location', FILTER_SANITIZE_NUMBER_INT); + $location_id = $this->request->getPost('stock_location'); $inv_data = [ 'trans_date' => date('Y-m-d H:i:s'), 'trans_items' => $item_id, 'trans_user' => $employee_id, 'trans_location' => $location_id, - 'trans_comment' => $this->request->getPost('trans_comment', FILTER_SANITIZE_STRING), - 'trans_inventory' => parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) + 'trans_comment' => $this->request->getPost('trans_comment'), + 'trans_inventory' => parse_quantity($this->request->getPost('newquantity')) ]; $this->inventory->insert($inv_data); @@ -833,7 +882,7 @@ class Items extends Secure_Controller $item_quantity_data = [ 'item_id' => $item_id, 'location_id' => $location_id, - 'quantity' => $item_quantity->quantity + parse_quantity($this->request->getPost('newquantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) + 'quantity' => $item_quantity->quantity + parse_quantity($this->request->getPost('newquantity')) ]; if($this->item_quantity->save_value($item_quantity_data, $item_id, $location_id)) @@ -852,7 +901,7 @@ class Items extends Secure_Controller public function bulk_update(): void { - $items_to_update = $this->request->getPost('item_ids', FILTER_SANITIZE_NUMBER_INT); + $items_to_update = $this->request->getPost('item_ids'); $item_data = []; foreach($_POST as $key => $value) @@ -872,8 +921,8 @@ class Items extends Secure_Controller if(empty($item_data) || $this->item->update_multiple($item_data, $items_to_update)) { $items_taxes_data = []; - $tax_names = $this->request->getPost('tax_names', FILTER_SANITIZE_STRING); - $tax_percents = $this->request->getPost('tax_percents', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); + $tax_names = $this->request->getPost('tax_names'); + $tax_percents = $this->request->getPost('tax_percents'); $tax_updated = FALSE; foreach($tax_percents as $tax_percent) @@ -903,7 +952,7 @@ class Items extends Secure_Controller */ public function postDelete(): void { - $items_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT); + $items_to_delete = $this->request->getPost('ids'); if($this->item->delete_list($items_to_delete)) { diff --git a/app/Controllers/Messages.php b/app/Controllers/Messages.php index 938fc8224..a87550af7 100644 --- a/app/Controllers/Messages.php +++ b/app/Controllers/Messages.php @@ -44,8 +44,8 @@ class Messages extends Secure_Controller public function send(): void { - $phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING); - $message = $this->request->getPost('message', FILTER_SANITIZE_STRING); + $phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $response = $this->sms_lib->sendSMS($phone, $message); @@ -67,8 +67,8 @@ class Messages extends Secure_Controller */ public function send_form(int $person_id = NEW_ENTRY): void { - $phone = $this->request->getPost('phone', FILTER_SANITIZE_STRING); - $message = $this->request->getPost('message', FILTER_SANITIZE_STRING); + $phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $response = $this->sms_lib->sendSMS($phone, $message); diff --git a/app/Controllers/Persons.php b/app/Controllers/Persons.php index 4b245554e..0147cb191 100644 --- a/app/Controllers/Persons.php +++ b/app/Controllers/Persons.php @@ -28,7 +28,7 @@ abstract class Persons extends Secure_Controller */ public function suggest(): void { - $suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } diff --git a/app/Controllers/Receivings.php b/app/Controllers/Receivings.php index 6dd022b23..fec59fe0f 100644 --- a/app/Controllers/Receivings.php +++ b/app/Controllers/Receivings.php @@ -55,8 +55,8 @@ class Receivings extends Secure_Controller */ public function getItemSearch(): void { - $suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING))); + $suggestions = $this->item->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); echo json_encode($suggestions); } @@ -67,8 +67,8 @@ class Receivings extends Secure_Controller */ public function getStockItemSearch(): void { - $suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); - $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING))); + $suggestions = $this->item->get_stock_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), ['search_custom' => FALSE, 'is_deleted' => FALSE], TRUE); + $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS))); echo json_encode($suggestions); } @@ -90,14 +90,14 @@ class Receivings extends Secure_Controller public function change_mode(): void { - $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_STRING); + $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT); if((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) && (!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())) { $this->receiving_lib->clear_reference(); - $mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING); + $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->receiving_lib->set_mode($mode); } elseif($this->stock_location->is_allowed_location($stock_source, 'receivings')) @@ -111,7 +111,7 @@ class Receivings extends Secure_Controller public function set_comment(): void { - $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING)); + $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -125,7 +125,7 @@ class Receivings extends Secure_Controller public function set_reference(): void { - $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_STRING)); + $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } public function add(): void @@ -133,7 +133,7 @@ class Receivings extends Secure_Controller $data = []; $mode = $this->receiving_lib->get_mode(); - $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING); + $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt); $quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity; $item_location = $this->receiving_lib->get_stock_source(); @@ -170,8 +170,8 @@ class Receivings extends Secure_Controller $this->validator->setRule('quantity', 'lang:items_quantity', 'required|numeric'); $this->validator->setRule('discount', 'lang:items_discount', 'required|numeric'); - $description = $this->request->getPost('description', FILTER_SANITIZE_STRING); //TODO: Duplicated code - $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicated code + $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT); @@ -276,7 +276,7 @@ class Receivings extends Secure_Controller $data['mode'] = $this->receiving_lib->get_mode(); $data['comment'] = $this->receiving_lib->get_comment(); $data['reference'] = $this->receiving_lib->get_reference(); - $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING); + $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['show_stock_locations'] = $this->stock_location->show_locations('receivings'); $data['stock_location'] = $this->receiving_lib->get_stock_source(); if($this->request->getPost('amount_tendered') != NULL) @@ -445,7 +445,7 @@ class Receivings extends Secure_Controller */ public function save(int $receiving_id = -1): void //TODO: Replace -1 with a constant { - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); //TODO: newdate does not follow naming conventions + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: newdate does not follow naming conventions $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate); $receiving_time = $date_formatter->format('Y-m-d H:i:s'); @@ -454,8 +454,8 @@ class Receivings extends Secure_Controller 'receiving_time' => $receiving_time, 'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : NULL, 'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT), - 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING), - 'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_STRING) : NULL + 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL ]; $this->inventory->update('RECV '.$receiving_id, ['trans_date' => $receiving_time]); diff --git a/app/Controllers/Reports.php b/app/Controllers/Reports.php index d24e12151..c0259b303 100644 --- a/app/Controllers/Reports.php +++ b/app/Controllers/Reports.php @@ -83,6 +83,8 @@ class Reports extends Secure_Controller //Initial Report listing screen public function getIndex(): void { + $this->clearCache(); + $data['grants'] = $this->employee->get_employee_grants($this->session->get('person_id')); echo view('reports/listing', $data); @@ -98,6 +100,8 @@ class Reports extends Secure_Controller */ public function summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void //TODO: Perhaps these need to be passed as an array? Too many parameters in the signature. {//TODO: Duplicated code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -147,6 +151,8 @@ class Reports extends Secure_Controller */ public function summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -194,6 +200,8 @@ class Reports extends Secure_Controller */ public function summary_expenses_categories(string $start_date, string $end_date, string $sale_type): void { + $this->clearCache(); + $inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'sale_type' => $sale_type]; //TODO: Duplicated Code $this->summary_expenses_categories = model('reports/Summary_expenses_categories'); @@ -234,6 +242,8 @@ class Reports extends Secure_Controller */ public function summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ //TODO: Duplicated Code 'start_date' => $start_date, 'end_date' => $end_date, @@ -284,6 +294,8 @@ class Reports extends Secure_Controller */ public function summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -332,6 +344,8 @@ class Reports extends Secure_Controller */ public function summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -384,6 +398,8 @@ class Reports extends Secure_Controller */ public function summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -434,6 +450,8 @@ class Reports extends Secure_Controller */ public function summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicate Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -475,6 +493,8 @@ class Reports extends Secure_Controller //Summary Sales Taxes report public function summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -513,6 +533,8 @@ class Reports extends Secure_Controller public function summary_discounts_input(): void { + $this->clearCache(); + $stock_locations = $data = $this->stock_location->get_allowed_locations('sales'); $stock_locations['all'] = lang('Reports.all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); @@ -526,6 +548,8 @@ class Reports extends Secure_Controller //Summary Discounts report public function summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -564,6 +588,8 @@ class Reports extends Secure_Controller //Summary Payments report public function summary_payments(string $start_date, string $end_date): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -626,6 +652,8 @@ class Reports extends Secure_Controller //Input for reports that require only a date range. (see routes.php to see that all graphical summary reports route here) public function date_input(): void {//TODO: Duplicated Code + $this->clearCache(); + $stock_locations = $data = $this->stock_location->get_allowed_locations('sales'); $stock_locations['all'] = lang('Reports.all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); @@ -638,6 +666,8 @@ class Reports extends Secure_Controller //Input for reports that require only a date range. (see routes.php to see that all graphical summary reports route here) public function date_input_only(): void { + $this->clearCache(); + $data = []; echo view('reports/date_input', $data); } @@ -645,6 +675,8 @@ class Reports extends Secure_Controller //Input for reports that require only a date range. (see routes.php to see that all graphical summary reports route here) public function date_input_sales(): void {//TODO: Duplicated Code + $this->clearCache(); + $stock_locations = $data = $this->stock_location->get_allowed_locations('sales'); $stock_locations['all'] = lang('Reports.all'); $data['stock_locations'] = array_reverse($stock_locations, TRUE); @@ -667,6 +699,8 @@ class Reports extends Secure_Controller //Graphical Expenses by Categories report public function graphical_summary_expenses_categories(string $start_date, string $end_date, string $sale_type): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -706,6 +740,8 @@ class Reports extends Secure_Controller //Graphical summary sales report public function graphical_summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -746,6 +782,8 @@ class Reports extends Secure_Controller //Graphical summary items report public function graphical_summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -786,6 +824,8 @@ class Reports extends Secure_Controller //Graphical summary customers report public function graphical_summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -823,6 +863,8 @@ class Reports extends Secure_Controller //Graphical summary suppliers report public function graphical_summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -861,6 +903,8 @@ class Reports extends Secure_Controller //Graphical summary employees report public function graphical_summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -899,6 +943,8 @@ class Reports extends Secure_Controller //Graphical summary taxes report public function graphical_summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -937,6 +983,8 @@ class Reports extends Secure_Controller //Graphical summary sales taxes report public function graphical_summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -975,6 +1023,8 @@ class Reports extends Secure_Controller //Graphical summary customers report public function graphical_summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -1015,6 +1065,8 @@ class Reports extends Secure_Controller //Graphical summary discounts report public function graphical_summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): void {//TODO: Duplicated Code + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -1056,6 +1108,8 @@ class Reports extends Secure_Controller //Graphical summary payments report public function graphical_summary_payments(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -1096,6 +1150,8 @@ class Reports extends Secure_Controller public function specific_customer_input(): void { + $this->clearCache(); + $data = []; $data['specific_input_name'] = lang('Reports.customer'); $customers = []; @@ -1133,6 +1189,8 @@ class Reports extends Secure_Controller public function specific_customer(string $start_date, string $end_date, string $customer_id, string $sale_type, string $payment_type): void { + $this->clearCache(); + $inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'customer_id' => $customer_id, 'sale_type' => $sale_type, 'payment_type' => $payment_type]; $this->specific_customer = model('reports/Specific_customer'); @@ -1233,6 +1291,8 @@ class Reports extends Secure_Controller public function specific_employee_input(): void { + $this->clearCache(); + $data = []; $data['specific_input_name'] = lang('Reports.employee'); @@ -1249,6 +1309,8 @@ class Reports extends Secure_Controller public function specific_employee(string $start_date, string $end_date, string $employee_id, string $sale_type): void { + $this->clearCache(); + $inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'employee_id' => $employee_id, 'sale_type' => $sale_type]; $this->specific_employee = model('reports/Specific_employee'); @@ -1344,6 +1406,8 @@ class Reports extends Secure_Controller public function specific_discount_input(): void { + $this->clearCache(); + $data = []; $data['specific_input_name'] = lang('Reports.discount'); @@ -1361,6 +1425,8 @@ class Reports extends Secure_Controller public function specific_discount(string $start_date, string $end_date, string $discount, string $sale_type, string $discount_type): void { + $this->clearCache(); + $inputs = [ 'start_date' => $start_date, 'end_date' => $end_date, @@ -1462,6 +1528,8 @@ class Reports extends Secure_Controller public function get_detailed_sales_row(string $sale_id): void { + $this->clearCache(); + $inputs = ['sale_id' => $sale_id]; $this->detailed_sales = model('reports/Detailed_sales'); @@ -1511,6 +1579,8 @@ class Reports extends Secure_Controller public function specific_supplier_input(): void { + $this->clearCache(); + $data = []; $data['specific_input_name'] = lang('Reports.supplier'); @@ -1594,6 +1664,8 @@ class Reports extends Secure_Controller public function detailed_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void { + $this->clearCache(); + $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES); $inputs = [ @@ -1747,6 +1819,8 @@ class Reports extends Secure_Controller public function detailed_receivings(string $start_date, string $end_date, string $receiving_type, string $location_id = 'all'): void { + $this->clearCache(); + $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS); $inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id, 'definition_ids' => array_keys($definition_names)]; @@ -1826,6 +1900,8 @@ class Reports extends Secure_Controller public function inventory_low(): void { + $this->clearCache(); + $inputs = []; $this->inventory_low = model('reports/Inventory_low'); @@ -1858,6 +1934,8 @@ class Reports extends Secure_Controller public function inventory_summary_input(): void { + $this->clearCache(); + $this->inventory_summary = model('reports/Inventory_summary'); $model = $this->inventory_summary; @@ -1873,6 +1951,8 @@ class Reports extends Secure_Controller public function inventory_summary(string $location_id = 'all', string $item_count = 'all'): void { + $this->clearCache(); + $inputs = ['location_id' => $location_id, 'item_count' => $item_count]; $this->inventory_summary = model('reports/Inventory_summary'); @@ -1924,4 +2004,13 @@ class Reports extends Secure_Controller return $subtitle; } + + private function clearCache() + { + //Make sure the report is not cached by the browser + $this->response->setHeader('Pragma', 'no-cache') + ->appendHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT') + ->appendHeader('Cache-Control', 'no-store, no-cache, must-revalidate') + ->appendHeader('Cache-Control', 'post-check=0, pre-check=0'); + } } diff --git a/app/Controllers/Sales.php b/app/Controllers/Sales.php index cef276a21..27bae011b 100644 --- a/app/Controllers/Sales.php +++ b/app/Controllers/Sales.php @@ -105,17 +105,17 @@ class Sales extends Secure_Controller public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $filters = [ 'sale_type' => 'all', 'location_id' => 'all', - 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_STRING), - 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_STRING), + 'start_date' => $this->request->getVar('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'end_date' => $this->request->getVar('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'only_cash' => FALSE, 'only_due' => FALSE, 'only_check' => FALSE, @@ -125,7 +125,7 @@ class Sales extends Secure_Controller ]; // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_STRING), TRUE); //TODO: Variable does not meet naming conventions + $filledup = array_fill_keys($this->request->getVar('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); //TODO: Variable does not meet naming conventions $filters = array_merge($filters, $filledup); $sales = $this->sale->search($search, $filters, $limit, $offset, $sort, $order); @@ -154,7 +154,7 @@ class Sales extends Secure_Controller public function getItemSearch(): void { $suggestions = []; - $receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_STRING) : NULL; + $receipt = $search = $this->request->getGet('term') != '' ? $this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL; if($this->sale_lib->get_mode() == 'return' && $this->sale->is_valid_receipt($receipt)) { @@ -169,7 +169,7 @@ class Sales extends Secure_Controller public function suggest_search(): void { - $search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_STRING) : NULL; + $search = $this->request->getPost('term') != '' ? $this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL; $suggestions = $this->sale->get_search_suggestions($search); @@ -197,7 +197,7 @@ class Sales extends Secure_Controller public function postChange_mode(): void { - $mode = $this->request->getPost('mode', FILTER_SANITIZE_STRING); + $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->sale_lib->set_mode($mode); if($mode == 'sale') @@ -281,7 +281,7 @@ class Sales extends Secure_Controller public function set_comment(): void { - $this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -295,7 +295,7 @@ class Sales extends Secure_Controller public function set_payment_type(): void //TODO: This function does not appear to be called anywhere in the code. { - $this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $this->_reload(); //TODO: Hungarian notation. } @@ -319,7 +319,7 @@ class Sales extends Secure_Controller */ public function set_email_receipt(): void { - $this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_STRING)); + $this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); } /** @@ -330,7 +330,7 @@ class Sales extends Secure_Controller { $data = []; - $payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: See the code block below. This too needs to be ternary notation. if($payment_type !== lang('Sales.giftcard')) @@ -481,7 +481,7 @@ class Sales extends Secure_Controller } } - $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_STRING); + $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt); $mode = $this->sale_lib->get_mode(); $quantity = ($mode == 'return') ? -$quantity : $quantity; @@ -573,11 +573,11 @@ class Sales extends Secure_Controller if($this->validate($rules)) { - $description = $this->request->getPost('description', FILTER_SANITIZE_STRING); - $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $price = parse_decimals($this->request->getPost('price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $quantity = parse_quantity($this->request->getPost('quantity', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); - $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_STRING); + $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $discount = $discount_type ? parse_quantity($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)) : parse_decimals($this->request->getPost('discount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)); $item_location = $this->request->getPost('location', FILTER_SANITIZE_NUMBER_INT); @@ -634,10 +634,9 @@ class Sales extends Secure_Controller * @return void * @throws ReflectionException */ - public function complete(): void //TODO: this function is huge. Probably should be refactored. + public function postComplete(): void //TODO: this function is huge. Probably should be refactored. { $sale_id = $this->sale_lib->get_sale_id(); - $sale_type = $this->sale_lib->get_sale_type(); //TODO: This variable gets overwritten way down below before being used. $data = []; $data['dinner_table'] = $this->sale_lib->get_dinner_table(); @@ -1409,7 +1408,7 @@ class Sales extends Secure_Controller */ public function save(int $sale_id = NEW_ENTRY): void { - $newdate = $this->request->getPost('date', FILTER_SANITIZE_STRING); + $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $employee_id = $this->employee->get_logged_in_employee_info()->person_id; $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate); @@ -1419,8 +1418,8 @@ class Sales extends Secure_Controller 'sale_time' => $sale_time, 'customer_id' => $this->request->getPost('customer_id') != '' ? $this->request->getPost('customer_id', FILTER_SANITIZE_NUMBER_INT) : NULL, 'employee_id' => $this->request->getPost('employee_id') != '' ? $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT) : NULL, - 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_STRING), - 'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING) : NULL + 'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'invoice_number' => $this->request->getPost('invoice_number') != '' ? $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : NULL ]; // In order to maintain tradition the only element that can change on prior payments is the payment type @@ -1430,9 +1429,9 @@ class Sales extends Secure_Controller for($i = 0; $i < $number_of_payments; ++$i) { $payment_id = $this->request->getPost("payment_id_$i", FILTER_SANITIZE_NUMBER_INT); - $payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost("payment_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS); $payment_amount = $this->request->getPost("payment_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); - $refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_STRING); + $refund_type = $this->request->getPost("refund_type_$i", FILTER_SANITIZE_FULL_SPECIAL_CHARS); $cash_refund = $this->request->getPost("refund_amount_$i", FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); $cash_adjustment = $payment_type == lang('Sales.cash_adjustment') ? CASH_ADJUSTMENT_TRUE : CASH_ADJUSTMENT_FALSE; @@ -1468,7 +1467,7 @@ class Sales extends Secure_Controller $payment_id = NEW_ENTRY; $payment_amount = $this->request->getPost('payment_amount_new', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); - $payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_STRING); + $payment_type = $this->request->getPost('payment_type_new', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if($payment_type != PAYMENT_TYPE_UNASSIGNED && $payment_amount <> 0) { @@ -1639,7 +1638,7 @@ class Sales extends Secure_Controller public function check_invoice_number(): void { $sale_id = $this->request->getPost('sale_id', FILTER_SANITIZE_NUMBER_INT); - $invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_STRING); + $invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $exists = !empty($invoice_number) && $this->sale->check_invoice_number_exists($invoice_number, $sale_id); echo !$exists ? 'true' : 'false'; } @@ -1666,7 +1665,7 @@ class Sales extends Secure_Controller public function change_item_number(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $item_number = $this->request->getPost('item_number', FILTER_SANITIZE_STRING); + $item_number = $this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_number($item_id, $item_number); $cart = $this->sale_lib->get_cart(); $x = $this->search_cart_for_item_id($item_id, $cart); @@ -1680,7 +1679,7 @@ class Sales extends Secure_Controller public function change_item_name(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $name = $this->request->getPost('item_name', FILTER_SANITIZE_STRING); + $name = $this->request->getPost('item_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_name($item_id, $name); @@ -1698,7 +1697,7 @@ class Sales extends Secure_Controller public function change_item_description(): void { $item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT); - $description = $this->request->getPost('item_description', FILTER_SANITIZE_STRING); + $description = $this->request->getPost('item_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item->update_item_description($item_id, $description); diff --git a/app/Controllers/Secure_Controller.php b/app/Controllers/Secure_Controller.php index 29dae7ac9..10ba7d78c 100644 --- a/app/Controllers/Secure_Controller.php +++ b/app/Controllers/Secure_Controller.php @@ -30,7 +30,8 @@ class Secure_Controller extends BaseController if(!$this->employee->is_logged_in()) { - return redirect()->to('login'); + header("Location:".base_url('login')); + exit(); } $logged_in_employee_info = $this->employee->get_logged_in_employee_info(); @@ -72,7 +73,7 @@ class Secure_Controller extends BaseController { $result = TRUE; - foreach($this->request->getVar(NULL, FILTER_SANITIZE_STRING) as $str) + foreach($this->request->getVar(NULL, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $str) { $result &= parse_decimals($str); } @@ -80,6 +81,14 @@ class Secure_Controller extends BaseController echo $result !== FALSE ? 'true' : 'false'; } + public function getConfig($key) + { + if (isset($config[$key])) + { + return $config[$key]; + } + } + // this is the basic set of methods most OSPOS Controllers will implement public function getIndex() { return FALSE; } public function getSearch() { return FALSE; } diff --git a/app/Controllers/Suppliers.php b/app/Controllers/Suppliers.php index 763c8e795..db503b2f5 100644 --- a/app/Controllers/Suppliers.php +++ b/app/Controllers/Suppliers.php @@ -46,11 +46,11 @@ class Suppliers extends Persons */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order); $total_rows = $this->supplier->get_found_rows($search); @@ -72,14 +72,14 @@ class Suppliers extends Persons */ public function suggest(): void { - $suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_STRING), TRUE); + $suggestions = $this->supplier->get_search_suggestions($this->request->getVar('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), TRUE); echo json_encode($suggestions); } public function suggest_search() { - $suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING), FALSE); + $suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), FALSE); echo json_encode($suggestions); } @@ -105,8 +105,8 @@ class Suppliers extends Persons */ public function postSave(int $supplier_id = NEW_ENTRY): void { - $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_STRING); //TODO: Duplicate code - $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_STRING); + $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); //TODO: Duplicate code + $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)); // format first and last name properly @@ -116,23 +116,23 @@ class Suppliers extends Persons $person_data = [ 'first_name' => $first_name, 'last_name' => $last_name, - 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_STRING), + 'gender' => $this->request->getPost('gender', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'email' => $email, - 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_STRING), - 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_STRING), - 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING), - 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_STRING), - 'country' => $this->request->getPost('country', FILTER_SANITIZE_STRING), - 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_STRING) + 'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; $supplier_data = [ - 'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_STRING), - 'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_STRING), - 'category' => $this->request->getPost('category', FILTER_SANITIZE_STRING), - 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_STRING), + 'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'account_number' => $this->request->getPost('account_number') == '' ? NULL : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT) ]; diff --git a/app/Controllers/Tax_categories.php b/app/Controllers/Tax_categories.php index 848869301..7419683ea 100644 --- a/app/Controllers/Tax_categories.php +++ b/app/Controllers/Tax_categories.php @@ -28,11 +28,11 @@ class Tax_categories extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_category->get_found_rows($search); @@ -64,8 +64,8 @@ class Tax_categories extends Secure_Controller public function postSave(int $tax_category_id = NEW_ENTRY): void { $tax_category_data = [ - 'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_STRING), - 'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_STRING), + 'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT) ]; diff --git a/app/Controllers/Tax_codes.php b/app/Controllers/Tax_codes.php index 606b551b7..6123905f9 100644 --- a/app/Controllers/Tax_codes.php +++ b/app/Controllers/Tax_codes.php @@ -35,11 +35,11 @@ class Tax_codes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_code->get_found_rows($search); @@ -72,10 +72,10 @@ class Tax_codes extends Secure_Controller public function postSave(int $tax_code_id = NEW_ENTRY): void { $tax_code_data = [ - 'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_STRING), - 'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING), - 'city' => $this->request->getPost('city', FILTER_SANITIZE_STRING), - 'state' => $this->request->getPost('state', FILTER_SANITIZE_STRING) + 'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->tax_code->save($tax_code_data)) diff --git a/app/Controllers/Tax_jurisdictions.php b/app/Controllers/Tax_jurisdictions.php index d621e0483..455a0b5cf 100644 --- a/app/Controllers/Tax_jurisdictions.php +++ b/app/Controllers/Tax_jurisdictions.php @@ -31,11 +31,11 @@ class Tax_jurisdictions extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order); $total_rows = $this->tax_jurisdiction->get_found_rows($search); @@ -67,8 +67,8 @@ class Tax_jurisdictions extends Secure_Controller public function postSave(int $jurisdiction_id = NEW_ENTRY): void { $tax_jurisdiction_data = [ - 'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING), - 'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING) + 'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS), + 'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ]; if($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) diff --git a/app/Controllers/Taxes.php b/app/Controllers/Taxes.php index 06e103781..c26c67d04 100644 --- a/app/Controllers/Taxes.php +++ b/app/Controllers/Taxes.php @@ -79,11 +79,11 @@ class Taxes extends Secure_Controller */ public function getSearch(): void { - $search = $this->request->getVar('search', FILTER_SANITIZE_STRING); + $search = $this->request->getVar('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $limit = $this->request->getVar('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getVar('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getVar('sort', FILTER_SANITIZE_STRING); - $order = $this->request->getVar('order', FILTER_SANITIZE_STRING); + $sort = $this->request->getVar('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $order = $this->request->getVar('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order); @@ -103,7 +103,7 @@ class Taxes extends Secure_Controller */ public function suggest_search(): void { - $suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); //TODO: There is no get_search_suggestions function in the tax model + $suggestions = $this->tax->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); //TODO: There is no get_search_suggestions function in the tax model echo json_encode($suggestions); } @@ -113,7 +113,7 @@ class Taxes extends Secure_Controller */ public function suggest_tax_categories(): void { - $suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->tax_category->get_tax_category_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -419,7 +419,7 @@ class Taxes extends Secure_Controller */ public function getSuggestTaxCodes(): void { - $suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_STRING)); + $suggestions = $this->tax_code->get_tax_codes_search_suggestions($this->request->getPostGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); echo json_encode($suggestions); } @@ -431,10 +431,10 @@ class Taxes extends Secure_Controller public function save_tax_codes(): void { $tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT); - $tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_STRING); - $tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_STRING); - $city = $this->request->getPost('city', FILTER_SANITIZE_STRING); - $state = $this->request->getPost('state', FILTER_SANITIZE_STRING); + $tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $array_save = []; //TODO: the naming of this variable is not good. foreach($tax_code_id as $key=>$val) @@ -459,10 +459,10 @@ class Taxes extends Secure_Controller public function save_tax_jurisdictions(): void { $jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT); - $jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_STRING); - $tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_STRING); + $jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT); - $reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_STRING); + $reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT); $cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT); @@ -506,7 +506,7 @@ class Taxes extends Secure_Controller public function save_tax_categories(): void { $tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT); - $tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_STRING); + $tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT); $array_save= []; diff --git a/app/Database/Migrations/20230412000000_add_missing_config.php b/app/Database/Migrations/20230412000000_add_missing_config.php new file mode 100644 index 000000000..c4f019e6d --- /dev/null +++ b/app/Database/Migrations/20230412000000_add_missing_config.php @@ -0,0 +1,28 @@ + 'account_number', 'value' => ''], // This has no current maintenance, but it's used in Sales + ['key' => 'category_dropdown', 'value' => ''], + ['key' => 'smtp_host', 'value' => ''], + ['key' => 'smtp_user', 'value' => ''], + ['key' => 'smtp_pass', 'value' => ''], + ['key' => 'login_form', 'value' => ''], + ['key' => 'receiving_calculate_average_price', 'value' => ''] + ]; + + $this->db->table('app_config')->ignore(true)->insertBatch($image_values); + } + + public function down(): void + { + // no need to remove necessary config values. + } +} diff --git a/app/Database/Migrations/20230412000001_drop_account_number_index.php b/app/Database/Migrations/20230412000001_drop_account_number_index.php new file mode 100644 index 000000000..7ad179e84 --- /dev/null +++ b/app/Database/Migrations/20230412000001_drop_account_number_index.php @@ -0,0 +1,20 @@ +db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' DROP INDEX account_number'); + $this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' ADD INDEX account_number (account_number)'); + } + + public function down(): void + { + $this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' DROP INDEX account_number'); + $this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' ADD UNIQUE account_number (account_number)'); + } +} diff --git a/app/Database/tables.sql b/app/Database/tables.sql index 8ddc3e89c..aff3b9003 100644 --- a/app/Database/tables.sql +++ b/app/Database/tables.sql @@ -75,9 +75,6 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('payment_options_order', 'cashdebitcredit'), ('protocol', 'mail'), ('mailpath', '/usr/sbin/sendmail'), - ('smtp_host', ''), - ('smtp_user', ''), - ('smtp_pass', ''), ('smtp_port', '465'), ('smtp_timeout', '5'), ('smtp_crypto', 'ssl'), diff --git a/app/Helpers/locale_helper.php b/app/Helpers/locale_helper.php index 3f6cc18d3..133de9ae0 100644 --- a/app/Helpers/locale_helper.php +++ b/app/Helpers/locale_helper.php @@ -313,7 +313,7 @@ function tax_decimals(): int function to_date(int $date = DEFAULT_DATE): string { $config = config('OSPOS')->settings; - return date($config['dateformat, $date']); + return date($config['dateformat'], $date); } function to_datetime(int $datetime = DEFAULT_DATETIME): string diff --git a/app/Helpers/tabular_helper.php b/app/Helpers/tabular_helper.php index dfcbbd378..ecd684da4 100644 --- a/app/Helpers/tabular_helper.php +++ b/app/Helpers/tabular_helper.php @@ -679,13 +679,13 @@ function get_attribute_definition_manage_table_headers(): string return transform_headers($headers); } -function get_attribute_definition_data_row(object $attribute): array +function get_attribute_definition_data_row(object $attribute_row): array { $attribute = model('Attribute'); $controller = get_controller(); - if(count($attribute->definition_flags) == 0) //TODO: === ? + if(count($attribute->get_definition_flags()) == 0) { $definition_flags = lang('Common.none_selected_text'); } @@ -695,17 +695,17 @@ function get_attribute_definition_data_row(object $attribute): array } else { - $definition_flags = implode(', ', $attribute->definition_flags); + $definition_flags = implode(', ', $attribute->get_definition_flags()); } return [ - 'definition_id' => $attribute->definition_id, - 'definition_name' => $attribute->definition_name, - 'definition_type' => $attribute->definition_type, - 'definition_group' => $attribute->definition_group, + 'definition_id' => $attribute_row->definition_id, + 'definition_name' => $attribute_row->definition_name, + 'definition_type' => $attribute_row->definition_type, + 'definition_group' => $attribute_row->definition_group, 'definition_flags' => $definition_flags, 'edit' => anchor( - "$controller/view/$attribute->definition_id", + "$controller/view/$attribute_row->definition_id", '', [ 'class' => 'modal-dlg', diff --git a/app/Language/en-US/Config.php b/app/Language/en-US/Config.php index 882d283f0..d4d8d221a 100644 --- a/app/Language/en-US/Config.php +++ b/app/Language/en-US/Config.php @@ -100,7 +100,7 @@ return [ "default_tax_rate_number" => "Default Tax Rate must be a number.", "default_tax_rate_required" => "Default Tax Rate is a required field.", "derive_sale_quantity" => "Allow Derived Sale Quantity", - "derive_sale_quantity_tooltip" => "If checked then a new item type will provided for items ordered by extended amount", + "derive_sale_quantity_tooltip" => "If checked then a new item type will be provided for items ordered by extended amount", "dinner_table" => "Table", "dinner_table_duplicate" => "Table must be unique.", "dinner_table_enable" => "Enable Dinner Tables", @@ -130,7 +130,7 @@ return [ "enforce_privacy" => "Enforce privacy", "enforce_privacy_tooltip" => "Protect Customers privacy enforcing data scrambling in case of their data being deleted", "fax" => "Fax", - "file_perm" => "There are problems with file permissions please fix and reload this page.", + "file_perm" => "There are problems with file permissions. Please fix and reload this page.", "financial_year" => "Fiscal Year Start", "financial_year_apr" => "1st of April", "financial_year_aug" => "1st of August", diff --git a/app/Language/en-US/Customers.php b/app/Language/en-US/Customers.php index d8d888289..422a9e007 100644 --- a/app/Language/en-US/Customers.php +++ b/app/Language/en-US/Customers.php @@ -2,7 +2,7 @@ return [ "account_number" => "Account #", "account_number_duplicate" => "Account Number is already present in the database.", - "available_points" => "Available Points", + "available_points" => "Points Available", "available_points_value" => "", "average" => "Average spent", "avg_discount" => "Average discount", @@ -41,7 +41,7 @@ return [ "min" => "Min. spent", "new" => "New Customer", "none_selected" => "You have not selected any customer(s) to delete.", - "one_or_multiple" => "customer(s)", + "one_or_multiple" => "Customer(s)", "quantity" => "Quantity", "stats_info" => "Stats", "successful_adding" => "You have successfully added customer", diff --git a/app/Language/en-US/Sales.php b/app/Language/en-US/Sales.php index 2c1ba289d..4e3cc4423 100644 --- a/app/Language/en-US/Sales.php +++ b/app/Language/en-US/Sales.php @@ -1,6 +1,6 @@ "Available Points", + "customers_available_points" => "Points Available", "rewards_package" => "Rewards", "rewards_remaining_balance" => "Reward Points remaining value is ", "account_number" => "Account #", @@ -40,7 +40,7 @@ return [ "customer_discount" => "Discount", "customer_email" => "Email", "customer_location" => "Location", - "customer_mailchimp_status" => "MailChimp status", + "customer_mailchimp_status" => "MailChimp Status", "customer_optional" => "(Required for Due Payments)", "customer_required" => "(Required)", "customer_total" => "Total", diff --git a/app/Language/en-US/Taxes.php b/app/Language/en-US/Taxes.php index cd1939fe2..d9b334450 100644 --- a/app/Language/en-US/Taxes.php +++ b/app/Language/en-US/Taxes.php @@ -33,15 +33,15 @@ return [ "tax_categories_saved_unsuccessfully" => "Tax Categories changes not saved", "tax_category" => "Tax Category", "tax_category_code" => "Tax Category Code", - "tax_category_duplicate" => "Duplicate tax category", - "tax_category_invalid_chars" => "Invalid characters in tax category name", + "tax_category_duplicate" => "Duplicate Tax Category", + "tax_category_invalid_chars" => "Invalid characters in Tax Category name", "tax_category_name" => "Tax Category Name", "tax_category_new" => "New Tax Category", - "tax_category_required" => "Tax category is required", + "tax_category_required" => "Tax Category is required", "tax_code" => "Tax Code", "tax_code_cannot_be_deleted" => "Tax Code delete failed", - "tax_code_duplicate" => "Duplicate tax code", - "tax_code_invalid_chars" => "Invalid characters in tax code", + "tax_code_duplicate" => "Duplicate Tax Code", + "tax_code_invalid_chars" => "Invalid characters in Tax Code", "tax_code_name" => "Tax Code Name", "tax_code_required" => "Tax Code is a required field", "tax_code_successful_deleted" => "You have successfully deleted Tax Code", @@ -59,9 +59,9 @@ return [ "tax_group_sequence" => "Tax Group Sequence", "tax_included" => "Tax included", "tax_jurisdiction" => "Tax Jurisdiction", - "tax_jurisdiction_duplicate" => "Duplicate tax jurisdiction", - "tax_jurisdiction_invalid_chars" => "Invalid characters in jurisdiction name", - "tax_jurisdiction_required" => "Tax jurisdiction is required", + "tax_jurisdiction_duplicate" => "Duplicate Tax Jurisdiction", + "tax_jurisdiction_invalid_chars" => "Invalid characters in Tax Jurisdiction name", + "tax_jurisdiction_required" => "Tax Jurisdiction is required", "tax_jurisdictions" => "Tax Jurisdictions", "tax_jurisdictions_configuration" => "Tax Jurisdictions Configuration", "tax_jurisdictions_saved_successfully" => "Tax Jurisdiction changes saved", diff --git a/app/Libraries/Barcode_lib.php b/app/Libraries/Barcode_lib.php index 092ea2473..e24de42ba 100644 --- a/app/Libraries/Barcode_lib.php +++ b/app/Libraries/Barcode_lib.php @@ -1,9 +1,13 @@ \ No newline at end of file +?> diff --git a/app/Views/barcodes/Code128.php b/app/Libraries/Barcodes/Code128.php similarity index 99% rename from app/Views/barcodes/Code128.php rename to app/Libraries/Barcodes/Code128.php index f3e320407..c615cb77b 100644 --- a/app/Views/barcodes/Code128.php +++ b/app/Libraries/Barcodes/Code128.php @@ -9,7 +9,7 @@ * Minimum Requirement: PHP 5.3.0 */ -namespace emberlabs\Barcode; +namespace App\Libraries\Barcodes; /** * emberlabs Barcode Creator - Code128 @@ -322,4 +322,4 @@ class Code128 extends BarcodeBase } } } -?> \ No newline at end of file +?> diff --git a/app/Views/barcodes/Code39.php b/app/Libraries/Barcodes/Code39.php similarity index 99% rename from app/Views/barcodes/Code39.php rename to app/Libraries/Barcodes/Code39.php index 73dded99f..13c163b2a 100644 --- a/app/Views/barcodes/Code39.php +++ b/app/Libraries/Barcodes/Code39.php @@ -9,7 +9,7 @@ * Minimum Requirement: PHP 5.3.0 */ -namespace emberlabs\Barcode; +namespace App\Libraries\Barcodes; /** * emberlabs Barcode Creator - Code39 @@ -181,4 +181,4 @@ class Code39 extends BarcodeBase } } } -?> \ No newline at end of file +?> diff --git a/app/Views/barcodes/Ean13.php b/app/Libraries/Barcodes/Ean13.php similarity index 99% rename from app/Views/barcodes/Ean13.php rename to app/Libraries/Barcodes/Ean13.php index 0d37d2a22..46f1b77f0 100644 --- a/app/Views/barcodes/Ean13.php +++ b/app/Libraries/Barcodes/Ean13.php @@ -30,7 +30,7 @@ * @link http://pear.php.net/package/Image_Barcode2 */ -namespace emberlabs\Barcode; +namespace App\Libraries\Barcodes; /** * emberlabs Barcode Creator - Ean13 diff --git a/app/Views/barcodes/Ean8.php b/app/Libraries/Barcodes/Ean8.php similarity index 99% rename from app/Views/barcodes/Ean8.php rename to app/Libraries/Barcodes/Ean8.php index b6a9e2c6d..0f946885f 100644 --- a/app/Views/barcodes/Ean8.php +++ b/app/Libraries/Barcodes/Ean8.php @@ -30,7 +30,7 @@ * @link http://pear.php.net/package/Image_Barcode2 */ -namespace emberlabs\Barcode; +namespace App\Libraries\Barcodes; /** * emberlabs Barcode Creator - Ean8 diff --git a/app/Libraries/Sale_lib.php b/app/Libraries/Sale_lib.php index 68a153699..3a4c30e48 100644 --- a/app/Libraries/Sale_lib.php +++ b/app/Libraries/Sale_lib.php @@ -774,7 +774,7 @@ class Sale_lib $this->session->set('sales_giftcard_remainder', $value); } - public function get_giftcard_remainder(): string + public function get_giftcard_remainder(): ?string { return $this->session->get('sales_giftcard_remainder'); } @@ -789,7 +789,7 @@ class Sale_lib $this->session->set('sales_rewards_remainder', $value); } - public function get_rewards_remainder(): string + public function get_rewards_remainder(): ?string { return $this->session->get('sales_rewards_remainder'); } diff --git a/app/Models/Attribute.php b/app/Models/Attribute.php index 891c6b3e1..92b66a92c 100644 --- a/app/Models/Attribute.php +++ b/app/Models/Attribute.php @@ -4,6 +4,7 @@ namespace App\Models; use CodeIgniter\Database\ResultInterface; use CodeIgniter\Model; +use CodeIgniter\Database\RawSql; use DateTime; use stdClass; use ReflectionClass; @@ -85,9 +86,10 @@ class Attribute extends Model /* * Determines if a given attribute_value exists in the attribute_values table and returns the attribute_id if it does */ - public function value_exists($attribute_value, string $definition_type = TEXT): bool + public function value_exists($attribute_value, string $definition_type = TEXT) { $config = config('OSPOS')->settings; + switch($definition_type) { case DATE: @@ -468,8 +470,6 @@ class Attribute extends Model { $this->db->transStart(); - $builder = $this->db->table('attribute_definitions'); - //Definition doesn't exist if($definition_id === NO_DEFINITION_ID || !$this->exists($definition_id)) { @@ -479,6 +479,7 @@ class Attribute extends Model } else { + $builder = $this->db->table('attribute_definitions'); $success = $builder->insert($definition_data); $definition_data['definition_id'] = $this->db->insertID(); } @@ -487,11 +488,13 @@ class Attribute extends Model //Definition already exists else { - //Get current definition type and name + $builder = $this->db->table('attribute_definitions'); $builder->select('definition_type'); $builder->where('definition_id', $definition_id); + $builder->where('deleted', ACTIVE); + $query = $builder->get(); + $row = $query->getRow(); - $row = $builder->get('attribute_definitions')->getRow(); $from_definition_type = $row->definition_type; $to_definition_type = $definition_data['definition_type']; @@ -599,7 +602,7 @@ class Attribute extends Model $builder->join('attribute_values', 'attribute_values.attribute_id = attribute_links.attribute_id'); $builder->join('attribute_definitions', 'attribute_definitions.definition_id = attribute_links.definition_id'); $builder->where('definition_type <>', GROUP); - $builder->where('deleted', 0); + $builder->where('deleted', ACTIVE); $builder->where('item_id', $item_id); if(!empty($id)) @@ -620,7 +623,7 @@ class Attribute extends Model return $builder->get(); } - public function get_attribute_value(int $item_id, int $definition_id): object + public function get_attribute_value(int $item_id, int $definition_id): ?object { $builder = $this->db->table('attribute_values'); $builder->join('attribute_links', 'attribute_links.attribute_id = attribute_values.attribute_id'); @@ -628,8 +631,43 @@ class Attribute extends Model $builder->where('sale_id', null); $builder->where('receiving_id', null); $builder->where('definition_id', $definition_id); + $query = $builder->get(); - return $builder->get()->getRowObject(); + if($query->getNumRows() == 1) + { + return $query->getRow(); + } + + return $this->getEmptyObject('attribute_values'); + } + + /** + * Initializes an empty object based on database definitions + * @param string $table_name + * @return object + */ + private function getEmptyObject(string $table_name): object + { + // Return an empty base parent object, as $item_id is NOT an item + $empty_obj = new stdClass(); + + // Iterate through field definitions to determine how the fields should be initialized + + foreach($this->db->getFieldData($table_name) as $field) { + + $field_name = $field->name; + + if(in_array($field->type, array('int', 'tinyint', 'decimal'))) + { + $empty_obj->$field_name = ($field->primary_key == 1) ? NEW_ENTRY : 0; + } + else + { + $empty_obj->$field_name = NULL; + } + } + + return $empty_obj; } public function get_attribute_values(int $item_id): array //TODO: Is this function used anywhere in the code? @@ -646,13 +684,13 @@ class Attribute extends Model public function copy_attribute_links(int $item_id, string $sale_receiving_fk, int $id): void { -//TODO: this likely needs to be rewritten as two different queries rather than a subquery within a query. Then use query_builder for both. - $query = 'INSERT INTO ' . $this->db->prefixTable('attribute_links') . ' (item_id, definition_id, attribute_id, ' . $sale_receiving_fk . ') '; - $query .= 'SELECT ' . $this->db->escape($item_id) . ', definition_id, attribute_id, ' . $this->db->escape($id); - $query .= 'FROM ' . $this->db->prefixTable('attribute_links'); - $query .= 'WHERE item_id = ' . $this->db->escape($item_id); + $query = 'SELECT ' . $this->db->escape($item_id) . ', definition_id, attribute_id, ' . $this->db->escape($id); + $query .= ' FROM ' . $this->db->prefixTable('attribute_links'); + $query .= ' WHERE item_id = ' . $this->db->escape($item_id); $query .=' AND sale_id IS NULL AND receiving_id IS NULL'; - $this->db->query($query); + + $builder = $this->db->table('attribute_links'); + $builder->ignore(true)->setQueryAsData(new RawSql($query), null, 'item_id, definition_id, attribute_id, '. $sale_receiving_fk )->insertBatch(); } public function get_suggestions(int $definition_id, string $term): array @@ -664,7 +702,7 @@ class Attribute extends Model $builder->join('attribute_links', 'attribute_links.definition_id = definition.definition_id'); $builder->join('attribute_values', 'attribute_values.attribute_id = attribute_links.attribute_id'); $builder->like('attribute_value', $term); - $builder->where('deleted', 0); + $builder->where('deleted', ACTIVE); $builder->where('definition.definition_id', $definition_id); $builder->orderBy('attribute_value','ASC'); @@ -679,11 +717,11 @@ class Attribute extends Model public function save_value(string $attribute_value, int $definition_id, $item_id = FALSE, $attribute_id = FALSE, string $definition_type = DROPDOWN): int { - $this->db->transStart(); - $config = config('OSPOS')->settings; $locale_date_format = $config['dateformat']; + $this->db->transStart(); + //New Attribute if(empty($attribute_id) || empty($item_id)) { @@ -769,15 +807,15 @@ class Attribute extends Model $builder = $this->db->table('attribute_definitions'); $builder->where('definition_id', $definition_id); - return $builder->update(['deleted' => 1]); + return $builder->update(['deleted' => DELETED]); } - public function delete_definition_list(string $definition_ids): bool + public function delete_definition_list(array $definition_ids): bool { $builder = $this->db->table('attribute_definitions'); $builder->whereIn('definition_id', $definition_ids); - return $builder->update(['deleted' => 1]); + return $builder->update(['deleted' => DELETED]); } /** @@ -841,7 +879,7 @@ class Attribute extends Model $builder = $this->db->table('attribute_definitions'); $builder->where('definition_id', $definition_id); - return $builder->update(['deleted' => 0]); + return $builder->update(['deleted' => ACTIVE]); } /** diff --git a/app/Models/Cashup.php b/app/Models/Cashup.php index 44323857f..364da4ab7 100644 --- a/app/Models/Cashup.php +++ b/app/Models/Cashup.php @@ -97,7 +97,15 @@ class Cashup extends Model $builder->select('COUNT(cash_up.cashup_id) as count'); } - $builder->select(' + if(!$count_only) + { + $builder->select(' + cash_up.cashup_id, + '); + } + else + { + $builder->select(' cash_up.cashup_id, MAX(cash_up.open_date) AS open_date, MAX(cash_up.close_date) AS close_date, @@ -117,6 +125,7 @@ class Cashup extends Model MAX(close_employees.first_name) AS close_first_name, MAX(close_employees.last_name) AS close_last_name '); + } $builder->join('people AS open_employees', 'open_employees.person_id = cash_up.open_employee_id', 'LEFT'); $builder->join('people AS close_employees', 'close_employees.person_id = cash_up.close_employee_id', 'LEFT'); @@ -143,12 +152,14 @@ class Cashup extends Model $builder->where('cash_up.open_date BETWEEN ' . $this->db->escape(rawurldecode($filters['start_date'])) . ' AND ' . $this->db->escape(rawurldecode($filters['end_date']))); } - $builder->groupBy('cashup_id'); - // get_found_rows case if($count_only) { - return $builder->get()->getRowArray()['count']; + return $builder->get()->getRow()->count; + } + else + { + $builder->groupBy('cashup_id'); } $builder->orderBy($sort, $order); @@ -199,19 +210,40 @@ class Cashup extends Model } else { - //Get empty base parent object - $cash_up_obj = new stdClass(); - - //Get all the fields from cashup table - foreach($this->db->getFieldNames('cash_up') as $field) - { - $cash_up_obj->$field = ''; - } - - return $cash_up_obj; + return $this->getEmptyObject('cash_up'); } } + /** + * Initializes an empty object based on database definitions + * @param string $table_name + * @return object + */ + private function getEmptyObject(string $table_name): object + { + // Return an empty base parent object, as $item_id is NOT an item + $empty_obj = new stdClass(); + + // Iterate through field definitions to determine how the fields should be initialized + + foreach($this->db->getFieldData($table_name) as $field) { + + $field_name = $field->name; + + if(in_array($field->type, array('int', 'tinyint', 'decimal'))) + { + $empty_obj->$field_name = ($field->primary_key == 1) ? NEW_ENTRY : 0; + } + else + { + $empty_obj->$field_name = NULL; + } + } + + return $empty_obj; + } + + /** * Inserts or updates a cashup */ diff --git a/app/Models/Employee.php b/app/Models/Employee.php index ab95ed6e2..40ddb000f 100644 --- a/app/Models/Employee.php +++ b/app/Models/Employee.php @@ -493,7 +493,7 @@ class Employee extends Person /** * Returns the menu group designation that this module is to appear in */ - public function get_menu_group(string $permission_id, int $person_id): string + public function get_menu_group(string $permission_id, ?int $person_id): string { $builder = $this->db->table('grants'); $builder->select('menu_group'); diff --git a/app/Models/Item.php b/app/Models/Item.php index 083083c35..99c33100e 100644 --- a/app/Models/Item.php +++ b/app/Models/Item.php @@ -253,7 +253,7 @@ class Item extends Model } // get_found_rows case - if($count_only === TRUE) //TODO: replace this with `if($count_only)` + if($count_only) { return $builder->get()->getRow()->count; } diff --git a/app/Models/Reports/Report.php b/app/Models/Reports/Report.php index b7362a17e..beb53cf70 100644 --- a/app/Models/Reports/Report.php +++ b/app/Models/Reports/Report.php @@ -16,12 +16,6 @@ abstract class Report extends Model function __construct() { parent::__construct(); - - //Make sure the report is not cached by the browser - $this->response->setHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT'); - $this->response->setHeader('Cache-Control', 'no-store, no-cache, must-revalidate'); - $this->response->setHeader('Cache-Control', 'post-check=0, pre-check=0'); - $this->response->setHeader('Pragma', 'no-cache'); } // Returns the column names used for the report diff --git a/app/Models/Sale.php b/app/Models/Sale.php index 8ced7d308..5e6978a37 100644 --- a/app/Models/Sale.php +++ b/app/Models/Sale.php @@ -45,7 +45,7 @@ class Sale extends Model public function __construct() { parent::__construct(); - + helper('text'); $this->sale_lib = new Sale_lib(); } @@ -640,8 +640,8 @@ class Sale extends Model * The sales_taxes variable needs to be initialized to an empty array before calling * @throws ReflectionException */ - public function save_value(int $sale_id, string &$sale_status, array &$items, int $customer_id, int $employee_id, string $comment, string $invoice_number, - string $work_order_number, string $quote_number, int $sale_type, array $payments, int $dinner_table_id, array &$sales_taxes): int //TODO: this method returns the sale_id but the override is expecting it to return a bool. The signature needs to be reworked. Generally when there are more than 3 maybe 4 parameters, there's a good chance that an object needs to be passed rather than so many params. + public function save_value(int $sale_id, string &$sale_status, array &$items, int $customer_id, int $employee_id, string $comment, ?string $invoice_number, + ?string $work_order_number, ?string $quote_number, int $sale_type, ?array $payments, ?int $dinner_table_id, ?array &$sales_taxes): int //TODO: this method returns the sale_id but the override is expecting it to return a bool. The signature needs to be reworked. Generally when there are more than 3 maybe 4 parameters, there's a good chance that an object needs to be passed rather than so many params. { $config = config('OSPOS')->settings; $attribute = model(Attribute::class); @@ -649,6 +649,7 @@ class Sale extends Model $giftcard = model(Giftcard::class); $inventory = model('Inventory'); $item = model(Item::class); + $item_quantity = model(Item_quantity::class); if($sale_id != NEW_ENTRY) @@ -656,8 +657,6 @@ class Sale extends Model $this->clear_suspended_sale_detail($sale_id); } - $tax_decimals = tax_decimals(); //TODO: $tax_decimals is never used. - if(count($items) == 0) //TODO: === { return -1; //TODO: Replace -1 with a constant @@ -679,15 +678,15 @@ class Sale extends Model // Run these queries as a transaction, we want to make sure we do all or nothing $this->db->transStart(); - $builder = $this->db->table('sales'); - if($sale_id == NEW_ENTRY) { + $builder = $this->db->table('sales'); $builder->insert($sales_data); $sale_id = $this->db->insertID(); } else { + $builder = $this->db->table('sales'); $builder->where('sale_id', $sale_id); $builder->update($sales_data); } @@ -695,8 +694,6 @@ class Sale extends Model $total_amount = 0; $total_amount_used = 0; - $builder = $this->db->table('sales_payments'); - foreach($payments as $payment_id => $payment) { if(!empty(strstr($payment['payment_type'], lang('Sales.giftcard')))) @@ -722,6 +719,7 @@ class Sale extends Model 'employee_id' => $employee_id ]; + $builder = $this->db->table('sales_payments'); $builder->insert($sales_payments_data); $total_amount = floatval($total_amount) + floatval($payment['payment_amount']) - floatval($payment['cash_refund']); @@ -731,8 +729,6 @@ class Sale extends Model $customer = $customer->get_info($customer_id); - $builder = $this->db->table('sales_items'); - foreach($items as $line => $item_data) { $cur_item_info = $item->get_info($item_data['item_id']); @@ -757,6 +753,7 @@ class Sale extends Model 'print_option' => $item_data['print_option'] ]; + $builder = $this->db->table('sales_items'); $builder->insert($sales_items_data); if($cur_item_info->stock_type == HAS_STOCK && $sale_status == COMPLETED) //TODO: === ? diff --git a/app/Views/attributes/form.php b/app/Views/attributes/form.php index 8778dbfff..b14f5fa77 100644 --- a/app/Views/attributes/form.php +++ b/app/Views/attributes/form.php @@ -13,7 +13,7 @@ - 'attribute_form', 'class' => 'form-horizontal']) //TODO: String Interpolation?> + 'attribute_form', 'class' => 'form-horizontal'])?>
@@ -23,7 +23,7 @@ 'name' => 'definition_name', 'id' => 'definition_name', 'class' => 'form-control input-sm', - 'value'=>esc($definition_info->definition_name) + 'value'=>$definition_info->definition_name ] ) ?>
@@ -32,7 +32,7 @@
'required control-label col-xs-3']) ?>
- definition_type, DEFINITION_TYPES)), 'id="definition_type" class="form-control"') ?> + definition_type, DEFINITION_TYPES), 'id="definition_type" class="form-control"') ?>
@@ -41,8 +41,8 @@
definition_fk), + $definition_group, + $definition_info->definition_fk, 'id="definition_group" class="form-control" ' . (empty($definition_group) ? 'disabled="disabled"' : '') ) ?>
@@ -75,7 +75,7 @@
'definition_unit', - 'value' => esc($definition_info->definition_unit), + 'value' => $definition_info->definition_unit, 'class' => 'form-control input-sm', 'id' => 'definition_unit' ]) ?> @@ -210,7 +210,7 @@ $(document).ready(function() } else { - $.post('', {definition_id: definition_id, attribute_value: value}); + $.post('', {definition_id: definition_id, attribute_value: value}); } } @@ -228,7 +228,7 @@ $(document).ready(function() } }); - var definition_values = ; + var definition_values = ; $.each(definition_values, function(index, element) { add_attribute_value(element); }); diff --git a/app/Views/attributes/item.php b/app/Views/attributes/item.php index f0058ed3c..09cc7d71a 100644 --- a/app/Views/attributes/item.php +++ b/app/Views/attributes/item.php @@ -8,7 +8,7 @@
'control-label col-xs-3']) ?>
- 'definition_name', 'class' => 'form-control']) ?> + 'definition_name', 'class' => 'form-control']) ?>
@@ -19,18 +19,18 @@ foreach($definition_values as $definition_id => $definition_value) ?>
- 'control-label col-xs-3']) ?> + 'control-label col-xs-3']) ?>
attribute_date)) ? NOW : strtotime($attribute_value->attribute_date); echo form_input ([ - 'name' => esc("attribute_links[$definition_id]"), + 'name' => "attribute_links[$definition_id]", 'value' => to_date($value), 'class' => 'form-control input-sm datetime', 'data-definition-id' => $definition_id, @@ -40,17 +40,17 @@ foreach($definition_values as $definition_id => $definition_value) else if ($definition_value['definition_type'] == DROPDOWN) //TODO: === ? { $selected_value = $definition_value['selected_value']; - echo form_dropdown(esc("attribute_links[$definition_id]"), esc($definition_value['values']), esc($selected_value), "class='form-control' data-definition-id='$definition_id'"); + echo form_dropdown("attribute_links[$definition_id]", $definition_value['values'], $selected_value, "class='form-control' data-definition-id='$definition_id'"); } else if ($definition_value['definition_type'] == TEXT) //TODO: === ? { $value = (empty($attribute_value) || empty($attribute_value->attribute_value)) ? $definition_value['selected_value'] : $attribute_value->attribute_value; - echo form_input(esc("attribute_links[$definition_id]"), esc($value), "class='form-control valid_chars' data-definition-id='$definition_id'"); + echo form_input("attribute_links[$definition_id]", $value, "class='form-control valid_chars' data-definition-id='$definition_id'"); } else if ($definition_value['definition_type'] == DECIMAL) //TODO: === ? { $value = (empty($attribute_value) || empty($attribute_value->attribute_decimal)) ? $definition_value['selected_value'] : $attribute_value->attribute_decimal; - echo form_input(esc("attribute_links[$definition_id]"), esc($value), "class='form-control valid_chars' data-definition-id='$definition_id'"); + echo form_input("attribute_links[$definition_id]", $value, "class='form-control valid_chars' data-definition-id='$definition_id'"); } else if ($definition_value['definition_type'] == CHECKBOX) //TODO: === ? { @@ -59,16 +59,16 @@ foreach($definition_values as $definition_id => $definition_value) //Sends 0 if the box is unchecked instead of not sending anything. echo form_input ([ 'type' => 'hidden', - 'name' => esc("attribute_links[$definition_id]"), + 'name' => "attribute_links[$definition_id]", 'id' => "attribute_links[$definition_id]", 'value' => 0, 'data-definition-id' => $definition_id ]); echo form_checkbox ([ - 'name' => esc("attribute_links[$definition_id]"), + 'name' => "attribute_links[$definition_id]", 'id' => "attribute_links[$definition_id]", 'value' => 1, - 'checked' => ($value ? 1 : 0), + 'checked' => $value == 1, 'class' => 'checkbox-inline', 'data-definition-id' => $definition_id ]); @@ -100,7 +100,7 @@ foreach($definition_values as $definition_id => $definition_value) $("input[name='attribute_ids[" + definition_id + "]']").val(''); }).autocomplete({ source: function(request, response) { - $.get('' + this.element.data('definition-id') + '?term=' + request.term, function(data) { + $.get('' + this.element.data('definition-id') + '?term=' + request.term, function(data) { return response(data); }, 'json'); }, @@ -125,7 +125,7 @@ foreach($definition_values as $definition_id => $definition_value) var definition_id = $("#definition_name option:selected").val(); var attribute_values = definition_values(); attribute_values[definition_id] = ''; - $('#attributes').load('', { + $('#attributes').load('', { 'definition_ids': JSON.stringify(attribute_values) }, enable_delete); }; diff --git a/app/Views/cashups/form.php b/app/Views/cashups/form.php index fd7562f87..297dbdcd4 100644 --- a/app/Views/cashups/form.php +++ b/app/Views/cashups/form.php @@ -34,7 +34,7 @@
'control-label col-xs-3']) ?>
- open_employee_id, 'id="open_employee_id" class="form-control"') ?> + open_employee_id, 'id="open_employee_id" class="form-control"') ?>
@@ -97,7 +97,7 @@
'control-label col-xs-3']) ?>
- close_employee_id, 'id="close_employee_id" class="form-control"') ?> + close_employee_id, 'id="close_employee_id" class="form-control"') ?>
@@ -128,8 +128,8 @@ 'name' => 'note', 'id' => 'note', 'value'=>0, - 'checked'=>($cash_ups_info->note) ? 1 : 0] - ) ?> + 'checked'=>$cash_ups_info->note == 1 + ]) ?>
@@ -239,8 +239,8 @@ 'name' => 'deleted', 'id' => 'deleted', 'value'=>1, - 'checked'=>($cash_ups_info->deleted) ? 1 : 0] - ) ?> + 'checked'=>$cash_ups_info->deleted == 1 + ]) ?>
- 'barcode_config_form', 'class' => 'form-horizontal']) ?> + 'barcode_config_form', 'class' => 'form-horizontal']) ?>
@@ -12,7 +12,12 @@
'control-label col-xs-2']) ?>
- 'form-control input-sm']) ?> +
@@ -52,9 +57,9 @@
barcode_lib->listfonts('fonts')), - esc($config['barcode_font']), - ['class' => 'form-control input-sm required'] + $barcode_fonts, + $config['barcode_font'], + "class='form-control input-sm' required" ) ?>
@@ -77,7 +82,7 @@ 'name' => 'allow_duplicate_barcodes', 'id' => 'allow_duplicate_barcodes', 'value' => 'allow_duplicate_barcodes', - 'checked' => $config['allow_duplicate_barcodes'] + 'checked' => $config['allow_duplicate_barcodes'] == 1 ]) ?>   @@ -101,7 +106,8 @@ 'barcode_content', 'value' => 'number', - 'checked' => $config['barcode_content'] === 'number']) ?> + 'checked' => $config['barcode_content'] == 'number' + ]) ?>   @@ -110,7 +116,7 @@ 'barcode_generate_if_empty', 'value' => 'barcode_generate_if_empty', - 'checked' => $config['barcode_generate_if_empty'] + 'checked' => $config['barcode_generate_if_empty'] == 1 ]) ?> @@ -122,12 +128,13 @@
'barcode_formats[]', - 'id' => 'barcode_formats', - 'options' => !empty($barcode_formats) ? esc(array_combine($barcode_formats, $barcode_formats)) : [], - 'multiple' => 'multiple', - 'data-role' => 'tagsinput']) ?> + echo form_dropdown ( + 'barcode_formats[]', + 'barcode_formats', + !empty($barcode_formats) ? array_combine($barcode_formats, $barcode_formats) : [], + 'multiple', + 'tagsinput' + ) ?>
diff --git a/app/Views/configs/email_config.php b/app/Views/configs/email_config.php index b23b31c1c..e5897f0c1 100644 --- a/app/Views/configs/email_config.php +++ b/app/Views/configs/email_config.php @@ -1,4 +1,4 @@ - 'email_config_form', 'enctype' => 'multipart/form-data', 'class' => 'form-horizontal']) ?> + 'email_config_form', 'enctype' => 'multipart/form-data', 'class' => 'form-horizontal']) ?>
@@ -8,14 +8,15 @@ 'control-label col-xs-2']) ?>
'mail', 'sendmail' => 'sendmail', 'smtp' => 'smtp' ], - esc($config['protocol']), - ['class' => 'form-control input-sm', 'id' => 'protocol']) - ?> + $config['protocol'], + "class='form-control input-sm' id='protocol'" + ) ?>
@@ -26,7 +27,7 @@ 'name' => 'mailpath', 'id' => 'mailpath', 'class' => 'form-control input-sm', - 'value' => esc($config['mailpath']) + 'value' => $config['mailpath'] ]) ?>
@@ -38,7 +39,7 @@ 'name' => 'smtp_host', 'id' => 'smtp_host', 'class' => 'form-control input-sm', - 'value' => esc($config['smtp_host']) + 'value' => $config['smtp_host'] ]) ?> @@ -58,14 +59,16 @@
'control-label col-xs-2']) ?>
- 'None', 'tls' => 'TLS', 'ssl' => 'SSL' ], - esc($config['smtp_crypto']), - ['class' => 'form-control input-sm', 'id' => 'smtp_crypto']) - ?> + $config['smtp_crypto'], + "class='form-control input-sm' id='smtp_crypto'" + ) ?>
@@ -90,7 +93,7 @@ 'name' => 'smtp_user', 'id' => 'smtp_user', 'class' => 'form-control input-sm', - 'value' => esc($config['smtp_user']) + 'value' => $config['smtp_user'] ]) ?> @@ -105,7 +108,7 @@ 'name' => 'smtp_pass', 'id' => 'smtp_pass', 'class' => 'form-control input-sm', - 'value' => esc($config['smtp_pass']) + 'value' => $config['smtp_pass'] ]) ?> diff --git a/app/Views/configs/general_config.php b/app/Views/configs/general_config.php index 7d9b8130c..ee06b516e 100644 --- a/app/Views/configs/general_config.php +++ b/app/Views/configs/general_config.php @@ -7,7 +7,7 @@ * @var string $controller_name */ ?> - 'general_config_form', 'enctype' => 'multipart/form-data', 'class' => 'form-horizontal']) ?> + 'general_config_form', 'enctype' => 'multipart/form-data', 'class' => 'form-horizontal']) ?>
@@ -18,7 +18,12 @@
- 'form-control input-sm', 'id' => 'theme-change']) ?> +
@@ -33,14 +38,14 @@ 'control-label col-xs-2']) ?>
lang('Config.floating_labels'), - 'input_groups' => lang('Config.input_groups') - ], - esc($config['login_form']), - ['class' => 'form-control input-sm'] - ) ?> + 'login_form', + [ + 'floating_labels' => lang('Config.floating_labels'), + 'input_groups' => lang('Config.input_groups') + ], + $config['login_form'], + "class='form-control input-sm'" + ) ?>
@@ -67,7 +72,7 @@ 'data-onstyle' => 'success', 'data-on' => '' . esc($config['currency_symbol']).'', 'data-off' => '%', - 'checked' => $config['default_sales_discount_type'] + 'checked' => $config['default_sales_discount_type'] == 1 ]) ?>
@@ -97,7 +102,7 @@ 'data-onstyle' => 'success', 'data-on' => '' . esc($config['currency_symbol']) . '', 'data-off' => '%', - 'checked' => $config['default_receivings_discount_type'] + 'checked' => $config['default_receivings_discount_type'] == 1 ]) ?>
@@ -111,7 +116,7 @@ 'name' => 'enforce_privacy', 'id' => 'enforce_privacy', 'value' => 'enforce_privacy', - 'checked' => $config['enforce_privacy'] + 'checked' => $config['enforce_privacy'] == 1 ]) ?>  
@@ -158,8 +163,8 @@ 'top' => lang('Config.top'), 'bottom' => lang('Config.bottom') ], - esc($config['notify_vertical_position']), - ['class' => 'form-control input-sm'] + $config['notify_vertical_position'], + "class='form-control input-sm'" ) ?>
@@ -170,8 +175,8 @@ 'center' => lang('Config.center'), 'right' => lang('Config.right') ], - esc($config['notify_horizontal_position']), - ['class' => 'form-control input-sm'] + $config['notify_horizontal_position'], + "class='form-control input-sm'" ) ?>
@@ -236,13 +241,16 @@
- 'image_allowed_types', - 'class' => 'selectpicker show-menu-arrow', - 'data-none-selected-text'=>lang('Common.none_selected_text'), - 'data-selected-text-format' => 'count > 1', - 'data-style' => 'btn-default btn-sm', - 'data-width' => '100%' + 'image_allowed_types', + 'options' => $image_allowed_types, + 'selected' => $selected_image_allowed_types, + 'extra' => "id='image_allowed_types'". + "class='selectpicker show-menu-arrow'". + "data-none-selected-text=".lang('Common.none_selected_text'). + "data-selected-text-format='count > 1'". + "data-style='btn-default btn-sm'". + "data-width='100%'" ]) ?>
@@ -257,7 +265,7 @@ 'name' => 'gcaptcha_enable', 'id' => 'gcaptcha_enable', 'value' => 'gcaptcha_enable', - 'checked' => $config['gcaptcha_enable'] + 'checked' => $config['gcaptcha_enable'] == 1 ]) ?> @@ -274,7 +282,7 @@ 'name' => 'gcaptcha_site_key', 'id' => 'gcaptcha_site_key', 'class' => 'form-control input-sm required', - 'value' => esc($config['gcaptcha_site_key']) + 'value' => $config['gcaptcha_site_key'] ]) ?> @@ -286,7 +294,7 @@ 'name' => 'gcaptcha_secret_key', 'id' => 'gcaptcha_secret_key', 'class' => 'form-control input-sm required', - 'value' => esc($config['gcaptcha_secret_key']) + 'value' => $config['gcaptcha_secret_key'] ]) ?> @@ -306,8 +314,8 @@ 'unit_price' => lang('Items.unit_price'), 'cost_price' => lang('Items.cost_price') ], - esc($config['suggestions_first_column']), - ['class' => 'form-control input-sm'] + $config['suggestions_first_column'], + "class='form-control input-sm'" ) ?> @@ -323,8 +331,8 @@ 'unit_price' => lang('Items.unit_price'), 'cost_price' => lang('Items.cost_price') ], - esc($config['suggestions_second_column']), - ['class' => 'form-control input-sm'] + $config['suggestions_second_column'], + "class='form-control input-sm'" ) ?> @@ -340,8 +348,8 @@ 'unit_price' => lang('Items.unit_price'), 'cost_price' => lang('Items.cost_price') ], - esc($config['suggestions_third_column']), - ['class' => 'form-control input-sm'] + $config['suggestions_third_column'], + "class='form-control input-sm'" ) ?> @@ -376,7 +384,7 @@ 'name' => 'derive_sale_quantity', 'id' => 'derive_sale_quantity', 'value' => 'derive_sale_quantity', - 'checked' => $config['derive_sale_quantity'] + 'checked' => $config['derive_sale_quantity'] == 1 ]) ?>  
diff --git a/app/Views/items/form_count_details.php b/app/Views/items/form_count_details.php index 581bd5c53..8c1d93de6 100644 --- a/app/Views/items/form_count_details.php +++ b/app/Views/items/form_count_details.php @@ -58,7 +58,7 @@ use App\Models\Employee;
'control-label col-xs-3']) ?>
- 'display_stock(this.value);', 'class' => 'form-control']) ?> + 'display_stock(this.value);', 'class' => 'form-control']) ?>
diff --git a/app/Views/items/form_inventory.php b/app/Views/items/form_inventory.php index 9584a5c2f..a66a8a1fa 100644 --- a/app/Views/items/form_inventory.php +++ b/app/Views/items/form_inventory.php @@ -60,7 +60,7 @@
'control-label col-xs-3']) ?>
- 'fill_quantity(this.value)', 'class' => 'form-control']) ?> + 'fill_quantity(this.value)', 'class' => 'form-control']) ?>
diff --git a/app/Views/items/manage.php b/app/Views/items/manage.php index ee505bd4c..4cd4aded6 100644 --- a/app/Views/items/manage.php +++ b/app/Views/items/manage.php @@ -114,7 +114,7 @@ $(document).ready(function() { echo form_dropdown( 'stock_location', - esc($stock_locations), + $stock_locations, $stock_location, [ 'id' => 'stock_location', diff --git a/app/Views/people/form_basic_info.php b/app/Views/people/form_basic_info.php index 1e55292af..485116d7c 100644 --- a/app/Views/people/form_basic_info.php +++ b/app/Views/people/form_basic_info.php @@ -10,7 +10,7 @@ 'name' => 'first_name', 'id' => 'first_name', 'class' => 'form-control input-sm', - 'value' => esc($person_info->first_name) + 'value' => $person_info->first_name ]) ?> @@ -22,7 +22,7 @@ 'name' => 'last_name', 'id' => 'last_name', 'class' => 'form-control input-sm', - 'value' => esc($person_info->last_name) + 'value' => $person_info->last_name ]) ?> @@ -61,7 +61,7 @@ 'name' => 'email', 'id' => 'email', 'class' => 'form-control input-sm', - 'value' => esc($person_info->email) + 'value' => $person_info->email ]) ?> @@ -76,7 +76,7 @@ 'name' => 'phone_number', 'id' => 'phone_number', 'class' => 'form-control input-sm', - 'value' => esc($person_info->phone_number) + 'value' => $person_info->phone_number ]) ?> @@ -89,7 +89,7 @@ 'name' => 'address_1', 'id' => 'address_1', 'class' => 'form-control input-sm', - 'value' => esc($person_info->address_1) + 'value' => $person_info->address_1 ]) ?> @@ -101,7 +101,7 @@ 'name' => 'address_2', 'id' => 'address_2', 'class' => 'form-control input-sm', - 'value' => esc($person_info->address_2) + 'value' => $person_info->address_2 ]) ?> @@ -113,7 +113,7 @@ 'name' => 'city', 'id' => 'city', 'class' => 'form-control input-sm', - 'value' => esc($person_info->city) + 'value' => $person_info->city ]) ?> @@ -125,7 +125,7 @@ 'name' => 'state', 'id' => 'state', 'class' => 'form-control input-sm', - 'value' => esc($person_info->state) + 'value' => $person_info->state ]) ?> @@ -137,7 +137,7 @@ 'name' => 'zip', 'id' => 'postcode', 'class' => 'form-control input-sm', - 'value' => esc($person_info->zip) + 'value' => $person_info->zip ]) ?> @@ -149,7 +149,7 @@ 'name' => 'country', 'id' => 'country', 'class' => 'form-control input-sm', - 'value' => esc($person_info->country) + 'value' => $person_info->country ]) ?> @@ -161,7 +161,7 @@ 'name' => 'comments', 'id' => 'comments', 'class' => 'form-control input-sm', - 'value' => esc($person_info->comments) + 'value' => $person_info->comments ]) ?> diff --git a/app/Views/receivings/form.php b/app/Views/receivings/form.php index a14438200..d81b6d987 100644 --- a/app/Views/receivings/form.php +++ b/app/Views/receivings/form.php @@ -49,7 +49,7 @@
'control-label col-xs-3']) ?>
- +
diff --git a/app/Views/receivings/receiving.php b/app/Views/receivings/receiving.php index 7bb3d3a53..f53d0e980 100644 --- a/app/Views/receivings/receiving.php +++ b/app/Views/receivings/receiving.php @@ -46,7 +46,7 @@ if (isset($success))
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
    • 'quantity', 'class' => 'form-control input-sm', 'value' => to_quantity_decimals($item['quantity']),'onClick' => 'this.select();']) ?> 'form-control input-sm'] ) ?> @@ -207,7 +207,7 @@ if (isset($success)) 'data-on' => '' . esc($config['currency_symbol']) .'', 'data-off' => '%', 'data-line' => esc($line), - 'checked' => $item['discount_type'] + 'checked' => $item['discount_type'] == 1 ]) ?> @@ -424,7 +424,7 @@ if (isset($success)) 'id' => 'recv_print_after_sale', 'class' => 'checkbox', 'value' => 1, - 'checked' => $print_after_sale + 'checked' => $print_after_sale == 1 ]) ?> @@ -452,7 +452,7 @@ if (isset($success)) 'payment_types', diff --git a/app/Views/reports/date_input.php b/app/Views/reports/date_input.php index d97d6ff72..77682f547 100644 --- a/app/Views/reports/date_input.php +++ b/app/Views/reports/date_input.php @@ -38,7 +38,7 @@ if(isset($error)) ?> 'required control-label col-xs-2']) ?>
    - 'input_type', 'class' => 'form-control']) ?> + 'input_type', 'class' => 'form-control']) ?>
    'required control-label col-xs-2']) ?>
    - 'discount_type_id', 'class' => 'form-control']) ?> + 'discount_type_id', 'class' => 'form-control']) ?>
    'required control-label col-xs-2']) ?>
    - 'location_id', 'class' => 'form-control']) ?> + 'location_id', 'class' => 'form-control']) ?>
    'required control-label col-xs-2']) ?>
    - +
    'required control-label col-xs-2']) ?>
    - +
    diff --git a/app/Views/reports/specific_customer_input.php b/app/Views/reports/specific_customer_input.php index ba948baa2..711dd4180 100644 --- a/app/Views/reports/specific_customer_input.php +++ b/app/Views/reports/specific_customer_input.php @@ -33,21 +33,21 @@ if(isset($error))
    'required control-label col-xs-2']) ?>
    - +
    'required control-label col-xs-2']) ?>
    - +
    'required control-label col-xs-2']) ?>
    - +
    diff --git a/app/Views/reports/specific_input.php b/app/Views/reports/specific_input.php index 38397f781..61090e101 100644 --- a/app/Views/reports/specific_input.php +++ b/app/Views/reports/specific_input.php @@ -36,7 +36,7 @@ if(isset($error))
    'required control-label col-xs-2']) ?>
    - 'discount_type_id', 'class' => 'form-control']) ?> + 'discount_type_id', 'class' => 'form-control']) ?>
    'required control-label col-xs-2']) ?>
    - +
    'required control-label col-xs-2']) ?>
    - +
    diff --git a/app/Views/sales/form.php b/app/Views/sales/form.php index de753fb0a..9a255ef47 100644 --- a/app/Views/sales/form.php +++ b/app/Views/sales/form.php @@ -59,7 +59,7 @@
    'control-label col-xs-3']) ?>
    - 'payment_types_new', 'class' => 'form-control']) ?> + 'payment_types_new', 'class' => 'form-control']) ?>
    @@ -113,7 +113,7 @@ payment_type, lang('Sales.giftcard')))): ?> "refund_type_$i", 'value'=>lang('Sales.cash'), 'id' => "refund_type_$i", 'class' => 'form-control input-sm', 'readonly' => 'true']) ?> - "refund_types_$i", 'class' => 'form-control']) ?> + "refund_types_$i", 'class' => 'form-control']) ?>
    diff --git a/app/Views/sales/register.php b/app/Views/sales/register.php index e41d68978..278f47152 100644 --- a/app/Views/sales/register.php +++ b/app/Views/sales/register.php @@ -70,7 +70,7 @@ if(isset($success))
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
  • - "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + "$('#mode_form').submit();", 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?>
    • - 'payment_types', 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit', 'disabled' => 'disabled']) ?> + 'payment_types', 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit', 'disabled' => 'disabled']) ?> @@ -557,7 +557,7 @@ if(isset($success)) - 'payment_types', 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> + 'payment_types', 'class' => 'selectpicker show-menu-arrow', 'data-style' => 'btn-default btn-sm', 'data-width' => 'fit']) ?> @@ -873,12 +873,12 @@ $(document).ready(function() }); $('#finish_sale_button').click(function() { - $('#buttons_form').attr('action', ""); + $('#buttons_form').attr('action', ""); $('#buttons_form').submit(); }); $('#finish_invoice_quote_button').click(function() { - $('#buttons_form').attr('action', ""); + $('#buttons_form').attr('action', ""); $('#buttons_form').submit(); }); @@ -1024,7 +1024,7 @@ document.body.onkeyup = function(e) break; case 55: // Alt + 7 Add Payment and Complete Sales/Invoice $("#add_payment_button").click(); - window.location.href = ""; + window.location.href = ""; break; case 56: // Alt + 8 Finish Quote/Invoice without payment $("#finish_invoice_quote_button").click(); diff --git a/app/Views/suppliers/form.php b/app/Views/suppliers/form.php index a551e08a9..bee836bb0 100644 --- a/app/Views/suppliers/form.php +++ b/app/Views/suppliers/form.php @@ -27,7 +27,7 @@
    'required control-label col-xs-3']) ?>
    - category), ['class' => 'form-control', 'id' => 'category']) ?> + category, ['class' => 'form-control', 'id' => 'category']) ?>
    diff --git a/app/Views/taxes/tax_rates_form.php b/app/Views/taxes/tax_rates_form.php index 681545820..8d9ee868f 100644 --- a/app/Views/taxes/tax_rates_form.php +++ b/app/Views/taxes/tax_rates_form.php @@ -19,21 +19,21 @@
    'control-label col-xs-3']) ?>
    - 'form-control input-sm']) ?> + 'form-control input-sm']) ?>
    'control-label col-xs-3']) ?>
    - 'form-control input-sm']) ?> + 'form-control input-sm']) ?>
    'control-label col-xs-3']) ?>
    - 'form-control input-sm']) ?> + 'form-control input-sm']) ?>
    @@ -55,7 +55,7 @@
    'control-label col-xs-3']) ?>
    - 'form-control input-sm']) ?> + 'form-control input-sm']) ?>