opensourcepos/app/Controllers at 31d25e06dcd165973b54291f8f3f12a4169532ba - opensourcepos - Gitea: Git with a cup of tea

mirror/opensourcepos

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-10 11:10:47 -04:00

Files

History

jekkos 31d25e06dc fix(security): whitelist and validate invoice template types (#4393 )

- Add whitelist validation for invoice_type to prevent path traversal and LFI
- Validate invoice_type against allowed values in Sale_lib
- Sanitize invoice_type input in Config controller before saving
- Default to 'invoice' template for invalid types

Security: Prevents arbitrary file inclusion via user-controlled invoice_type config

2026-03-06 13:18:47 +01:00

..

Attributes.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

BaseController.php

Feature bump ci to 4.6.0 (#4197 )

2025-04-03 14:16:06 +04:00

Cashups.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Config.php

fix(security): whitelist and validate invoice template types (#4393 )

2026-03-06 13:18:47 +01:00

Customers.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Employees.php

Fix broken object-level authorization in Employees controller (CVE-worthy) (#4391 )

2026-03-05 19:46:39 +01:00

Expenses_categories.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Expenses.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Giftcards.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Home.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

index.html

Replace tabs with spaces (#4196 )

2025-03-28 21:24:21 +04:00

Item_kits.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Items.php

dd validation for invalid stock locations in CSV import (#4399 )

2026-03-06 13:17:52 +01:00

Login.php

Improve code style and PSR-12 compliance (#4204 )

2025-05-02 19:37:06 +02:00

Messages.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

No_access.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Office.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Persons.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Receivings.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Reports.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Sales.php

fix(security): whitelist and validate invoice template types (#4393 )

2026-03-06 13:18:47 +01:00

Secure_Controller.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Suppliers.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Tax_categories.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Tax_codes.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Tax_jurisdictions.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Taxes.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00