Release 3.2.3

README.md

@@ -30,6 +30,7 @@ The main features are:
 * Selectable Boostrap (Bootswatch) based UI theme
 * Mailchimp integration
 * reCAPTCHA to protect login page from brute force attacks
+* GDPR ready
 
 The software is written in PHP language, it uses MySQL (or MariaDB) as data storage back-end and has a simple but intuitive user interface.
 

WHATS_NEW.txt

@@ -1,3 +1,12 @@
+Version 3.2.3
+-------------
++ Further revert of CSRF change causing regression
++ Code Igniter 3.1.9 upgrade
+
+Version 3.2.2
+-------------
++ Revert CSRF change causing regression
+
 Version 3.2.1
 -------------
 + Support for GDPR

application/config/config.php

@@ -8,7 +8,7 @@
 | 
 | 
 */ 
-$config['application_version'] = '3.2.1';
+$config['application_version'] = '3.2.3';
 
 /* 
 |-------------------------------------------------------------------------- 

application/views/configs/locale_config.php

@@ -234,7 +234,7 @@ $(document).ready(function()
 		var data = { number_locale: $('#number_locale').val() };
 		data[field] = value;
 		$.post("<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
-			data,
+			$.extend(csrf_form_base(), data),
 			function(response) {
 				$('#number_locale_example').text(response.number_locale_example);
 			},
@@ -253,10 +253,10 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'number_locale': $('#number_locale').val(),
 						'thousands_separator': $('#thousands_separator').is(':checked')
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);

application/views/configs/mailchimp_config.php

@@ -50,9 +50,10 @@
 $(document).ready(function()
 {
 	$('#mailchimp_api_key').change(function() {
-		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>", {
+		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>",
+			$.extend(csrf_form_base(), {
 				'mailchimp_api_key': $('#mailchimp_api_key').val()
-			},
+			}),
 			function(response) {
 				$.notify(response.message, {type: response.success ? 'success' : 'danger'} );
 				$('#mailchimp_list_id').empty();

application/views/customers/form.php

@@ -454,38 +454,38 @@ $(document).ready(function()
 			first_name: 'required',
 			last_name: 'required',
 			consent: 'required',
-    		email:
+			email:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_email')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// email is posted by default
-					}
+					})
 				}
 			},
-    		account_number:
+			account_number:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_account_number')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// account_number is posted by default
-					}
+					})
 				}
 			}
-   		},
+		},
 
-		messages: 
+		messages:
 		{
-     		first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
-     		last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
-     		consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
-     		email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
+			first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
+			last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
+			consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
+			email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
 			account_number: "<?php echo $this->lang->line('customers_account_number_duplicate'); ?>"
 		}
 	}, form_support.error));

application/views/giftcards/form.php

@@ -76,7 +76,7 @@ $(document).ready(function()
 		source: '<?php echo site_url("customers/suggest"); ?>',
 		minChars: 0,
 		delay: 15, 
-	   	cacheLength: 1,
+		cacheLength: 1,
 		appendTo: '.modal-content',
 		select: fill_value,
 		focus: fill_value
@@ -125,9 +125,9 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_giftcard')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'amount': $('#giftcard_amount').val()
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);

application/views/items/form.php

@@ -379,7 +379,7 @@ $(document).ready(function()
 					type: 'POST',
 					url: "<?php echo site_url('items/suggest_custom');?>",
 					dataType: 'json',
-					data: $.extend(request, {field_no: <?php echo $i; ?>}),
+					data: $.extend(request, $extend(csrf_form_base(), {field_no: <?php echo $i; ?>})),
 					success: function(data) {
 						response($.map(data, function(item) {
 							return {
@@ -439,12 +439,12 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/check_item_number')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						"item_id": "<?php echo $item_info->item_id; ?>",
 						"item_number": function() {
 							return $("#item_number").val();
 						}
-					}
+					})
 				}
 			},
 			cost_price:

application/views/partial/header.php

@@ -72,10 +72,10 @@
 		<![endif]-->
 		<!-- start mincss template tags -->
 		<link rel="stylesheet" type="text/css" href="dist/jquery-ui/jquery-ui.min.css"/>
-		<link rel="stylesheet" type="text/css" href="dist/opensourcepos.min.css?rel=a9e24293b8"/>
+		<link rel="stylesheet" type="text/css" href="dist/opensourcepos.min.css?rel=84371241b2"/>
 		<!-- end mincss template tags -->
 		<!-- start minjs template tags -->
-		<script type="text/javascript" src="dist/opensourcepos.min.js?rel=2b33cdf0fb"></script>
+		<script type="text/javascript" src="dist/opensourcepos.min.js?rel=c206fd4a9f"></script>
 		<!-- end minjs template tags -->
 	<?php endif; ?>
 

application/views/partial/header_js.php

@@ -16,6 +16,8 @@
 		from: '<?php echo $this->config->item('notify_vertical_position'); ?>'
 	}});
 
+	var post = $.post;
+
 	var csrf_token = function() {
 		return Cookies.get('<?php echo $this->config->item('csrf_cookie_name'); ?>');
 	};
@@ -24,23 +26,9 @@
 		return { <?php echo $this->security->get_csrf_token_name(); ?> : function () { return csrf_token();  } };
 	};
 
-	var ajax = $.ajax;
-
-	$.ajax = function() {
-	    var args = arguments[0];
-
-		if (args['type'] && args['type'].toLowerCase() == 'post' && csrf_token()) {
-			if (typeof args['data'] === 'string')
-			{
-				args['data'] += $.param(csrf_form_base());
-			}
-			else
-			{
-				args['data'] = $.extend(args['data'], csrf_form_base());
-			}
-		}
-
-		return ajax.apply(this, arguments);
+	$.post = function() {
+		arguments[1] = csrf_token() ? $.extend(arguments[1], csrf_form_base()) : arguments[1];
+		post.apply(this, arguments);
 	};
 
 	var setup_csrf_token = function() {

application/views/sales/form.php

@@ -165,7 +165,7 @@ $(document).ready(function()
 	});
 
 	var submit_form = function()
-	{ 
+	{
 		$(this).ajaxSubmit(
 		{
 			success: function(response)
@@ -191,12 +191,12 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/check_invoice_number')?>",
 					type: 'POST',
-					data: {
-						'sale_id': <?php echo $sale_info['sale_id']; ?>,
-						'invoice_number': function() {
+					data: $.extend(csrf_form_base(), {
+						'sale_id' : <?php echo $sale_info['sale_id']; ?>,
+						'invoice_number' : function() {
 							return $('#invoice_number').val();
 						}
-					}
+					})
 				}
 			}
 		},

bower.json

@@ -1,7 +1,7 @@
 {
   "name": "opensourcepos",
   "description": "Open Source Point of Sale is a web based POS system written in the PHP language. It uses MySQL as backend and has a simple user interface",
-  "version": "3.2.1",
+  "version": "3.2.3",
   "license": "MIT",
   "authors": [
     "jekkos <jeroen.peelaerts - at - gmail.com>",

composer.lock

@@ -9,16 +9,16 @@
     "packages": [
         {
             "name": "codeigniter/framework",
-            "version": "3.1.8",
+            "version": "3.1.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/bcit-ci/CodeIgniter.git",
-                "reference": "02a0518e1c56ba3506f370362ac5ebdb8a138312"
+                "reference": "30e2eafa86c4c7b6b39cea3e7089a90df9f603fb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/bcit-ci/CodeIgniter/zipball/71e647782764184e3aab4faffe6d99176758979f",
-                "reference": "02a0518e1c56ba3506f370362ac5ebdb8a138312",
+                "url": "https://api.github.com/repos/bcit-ci/CodeIgniter/zipball/30e2eafa86c4c7b6b39cea3e7089a90df9f603fb",
+                "reference": "30e2eafa86c4c7b6b39cea3e7089a90df9f603fb",
                 "shasum": ""
             },
             "require": {
@@ -38,7 +38,7 @@
             ],
             "description": "The CodeIgniter framework",
             "homepage": "https://codeigniter.com",
-            "time": "2018-01-13 11:57:11"
+            "time": "2018-06-12 13:45:46"
         },
         {
             "name": "dompdf/dompdf",
@@ -103,16 +103,16 @@
         },
         {
             "name": "paragonie/random_compat",
-            "version": "v2.0.11",
+            "version": "v2.0.15",
             "source": {
                 "type": "git",
                 "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
+                "reference": "10bcb46e8f3d365170f6de9d05245aa066b81f09"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
-                "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/10bcb46e8f3d365170f6de9d05245aa066b81f09",
+                "reference": "10bcb46e8f3d365170f6de9d05245aa066b81f09",
                 "shasum": ""
             },
             "require": {
@@ -144,10 +144,11 @@
             "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
             "keywords": [
                 "csprng",
+                "polyfill",
                 "pseudorandom",
                 "random"
             ],
-            "time": "2017-09-27 21:40:39"
+            "time": "2018-06-08 15:26:40"
         },
         {
             "name": "phenx/php-font-lib",

deployment.json

@@ -14,7 +14,7 @@
         "public_stats": true
     },
     "version": {
-        "name": "3.2.1"
+        "name": "3.2.3"
     },
     "files": [
         {"includePattern": "dist(.*)\\.(zip)", "uploadPattern": "$1.$2"}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "opensourcepos",
-  "version": "3.2.1",
+  "version": "3.2.3",
   "description": "Open Source Point of Sale is a web based point of sale system written in the PHP language. It uses MySQL as the data storage back-end and has a simple user interface.",
   "main": "index.php",
   "license": "MIT",

public/license/composer.LICENSES

@@ -1,6 +1,6 @@
 {
     "name": "OpenSourcePOS",
-    "version": "3.2.1",
+    "version": "3.2.3",
     "license": [
         "MIT"
     ],