mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-01-18 06:17:55 -05:00
f49d763254
* Remove HtmlPurifier calls - All calls to Services::htmlPurifier()->purify() removed from data received from view. - Bootstrap and bootswatch bump in package-lock.json Signed-off-by: objecttothis <objecttothis@gmail.com> * Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis <objecttothis@gmail.com> * Pre-view filtering Customers Controller - Refactored code for clarity - Replaced == with === operator to prevent type juggling - Added Sanitization of Customer data before being sent to the view Signed-off-by: objecttothis <objecttothis@gmail.com> * Bump bootstrap-table to 1.23.1 - Bump bootstrap-table to 1.23.1 in attempt to resolve issue with sticky headers - Sanitize attribute data in tables - Sanitize item data with controller function. Signed-off-by: objecttothis <objecttothis@gmail.com> * Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis <objecttothis@gmail.com> * Sanitize Item data - Sanitize category and item_number before display in forms. - refactor check in pic_filename for empty to be best practices compliant. - Added TODO Signed-off-by: objecttothis <objecttothis@gmail.com> * Minor changes - Refactored for code clarity. - Removed extra blank lines. - Minor reformatting. - Added PHPdocs - bumped bootstrap-table to 1.23.2 Signed-off-by: objecttothis <objecttothis@gmail.com> * Pre-view filtering Items Controller - Refactored code for clarity - Created and called sanitization functions. - Sanitize TEXT type Attributes before being sent to the view. Signed-off-by: objecttothis <objecttothis@gmail.com> * Sanitize Item data - Sanitize category and item_number before display in forms. - refactor check in pic_filename for empty to be best practices compliant. - Added TODO Signed-off-by: objecttothis <objecttothis@gmail.com> --------- Signed-off-by: objecttothis <objecttothis@gmail.com> Co-authored-by: objecttothis <objecttothis@gmail.com>
137 lines
2.9 KiB
PHP
137 lines
2.9 KiB
PHP
<?php
|
|
|
|
use CodeIgniter\Encryption\Encryption;
|
|
use Config\Services;
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
function check_encryption(): bool
|
|
{
|
|
$old_key = config('Encryption')->key;
|
|
|
|
if((empty($old_key)) || (strlen($old_key) < 64))
|
|
{
|
|
//Create Key
|
|
$encryption = new Encryption();
|
|
$key = bin2hex($encryption->createKey());
|
|
config('Encryption')->key = $key;
|
|
|
|
//Write to .env
|
|
$config_path = ROOTPATH . '.env';
|
|
$new_config_path = WRITEPATH . '/backup/.env' ;
|
|
$backup_path = WRITEPATH . '/backup/.env.bak';
|
|
|
|
$backup_folder = WRITEPATH . '/backup';
|
|
|
|
if (!file_exists($backup_folder) && !mkdir($backup_folder))
|
|
{
|
|
log_message('error', 'Could not create backup folder');
|
|
return false;
|
|
}
|
|
|
|
if(!copy($config_path, $backup_path))
|
|
{
|
|
log_message('error', "Unable to copy $config_path to $backup_path");
|
|
}
|
|
|
|
//Copy to backup
|
|
@chmod($config_path, 0660);
|
|
@chmod($backup_path, 0660);
|
|
|
|
$config_file = file_get_contents($config_path);
|
|
$config_file = preg_replace("/(encryption\.key.*=.*)('.*')/", "$1'$key'", $config_file);
|
|
|
|
if(!empty($old_key))
|
|
{
|
|
$old_line = "# encryption.key = '$old_key' REMOVE IF UNNEEDED\r\n";
|
|
$insertion_point = stripos($config_file, 'encryption.key');
|
|
$config_file = substr_replace($config_file, $old_line, $insertion_point,0);
|
|
}
|
|
|
|
$handle = @fopen($config_path, 'w+');
|
|
|
|
if(empty($handle))
|
|
{
|
|
log_message('error', "Unable to open $config_path for updating");
|
|
return false;
|
|
}
|
|
|
|
@chmod($config_path, 0660);
|
|
$write_failed = !fwrite($handle, $config_file);
|
|
fclose($handle);
|
|
|
|
if($write_failed)
|
|
{
|
|
log_message('error', "Unable to write to $config_path for updating.");
|
|
return false;
|
|
}
|
|
log_message('info', "File $config_path has been updated.");
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @return void
|
|
*/
|
|
function abort_encryption_conversion(): void
|
|
{
|
|
$config_path = ROOTPATH . '.env';
|
|
$backup_path = WRITEPATH . '/backup/.env.bak';
|
|
|
|
$config_file = file_get_contents($backup_path);
|
|
|
|
$handle = @fopen($config_path, 'w+');
|
|
|
|
if(empty($handle))
|
|
{
|
|
log_message('error', "Unable to open $config_path to undo encryption conversion");
|
|
}
|
|
else
|
|
{
|
|
@chmod($config_path, 0660);
|
|
$write_failed = !fwrite($handle, $config_file);
|
|
fclose($handle);
|
|
|
|
if($write_failed)
|
|
{
|
|
log_message('error', "Unable to write to $config_path to undo encryption conversion.");
|
|
return;
|
|
}
|
|
log_message('info', "File $config_path has been updated to undo encryption conversion");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @return void
|
|
*/
|
|
function remove_backup(): void
|
|
{
|
|
$backup_path = WRITEPATH . '/backup/.env.bak';
|
|
if( ! file_exists($backup_path))
|
|
{
|
|
return;
|
|
}
|
|
if(!unlink($backup_path))
|
|
{
|
|
log_message('error', "Unable to remove $backup_path.");
|
|
return;
|
|
}
|
|
log_message('info', "File $backup_path has been removed");
|
|
}
|
|
|
|
function purifyHtml($data)
|
|
{
|
|
if(is_array($data))
|
|
{
|
|
return array_map('purifyHtml', $data);
|
|
}
|
|
elseif(is_string($data))
|
|
{
|
|
return Services::HtmlPurifier()->purify($data);
|
|
}
|
|
|
|
return $data;
|
|
}
|