opensourcepos/app at 1100712c9bd1221263f3e6535cfabb80353dcad5 - opensourcepos - Gitea: Git with a cup of tea

mirror/opensourcepos

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-15 19:09:09 -04:00

Files

History

Ollama 1100712c9b fix(security): Escape email addresses in mailto() to prevent XSS

Email columns in bootstrap tables had escaping disabled (line 52) and
mailto() function doesn't escape its parameters. This fix escapes email
addresses before passing to mailto() in:
- get_person_data_row() (employees)
- get_customer_data_row() (customers)
- get_supplier_data_row() (suppliers)

Attack vector: Malicious email via CSV import renders XSS in table view.

2026-06-06 22:37:34 +02:00

..

Add fallback for allowedHostnames environment variable (#4565 )

2026-06-03 22:00:30 +04:00

fix(security): Fix DOMPDF RCE and customer email sanitization

2026-06-06 22:37:34 +02:00

Add Guards to Database Migration (#4571 )

2026-06-06 02:02:42 +04:00

[Feature]: Case-sensitive attribute updates and CSV Import attribute deletion capability (#4384 )

2026-04-09 11:13:22 +04:00

Upgrade to CodeIgniter 4.1.3

2024-06-15 17:19:15 +02:00

fix(security): Escape email addresses in mailto() to prevent XSS

2026-06-06 22:37:34 +02:00

feat: Bank transfer and wallet payment option added #4540 (#4547 )

2026-05-15 20:50:34 +02:00

fix: cast string returns to int in MY_Migration (#4560 )

2026-05-22 16:07:21 +02:00

fix: Allow searching by Sale ID in Takings/Daily Sales view (#4569 )

2026-06-04 10:09:35 +02:00

Improve code style and PSR-12 compliance (#4204 )

2025-05-02 19:37:06 +02:00

fix(security): SQL injection and path traversal vulnerabilities (#4539 )

2026-05-15 23:10:04 +02:00

.htaccess

Improve code style and PSR-12 compliance (#4204 )

2025-05-02 19:37:06 +02:00

Common.php

Upgrade CI to 4.4.3

2024-06-15 17:19:15 +02:00

index.html

Corrected link in README.md

2024-06-15 17:19:15 +02:00