opensourcepos/app/Controllers at 90da63cb1353aafcb778632ebc1cd81f5eb2a9e4 - opensourcepos - Gitea: Git with a cup of tea

mirror/opensourcepos

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-17 05:19:43 -04:00

Files

History

Ollama 90da63cb13 fix(security): prevent SQL injection in tax controller sort columns

Add sanitizeSortColumn() validation to prevent SQL injection in the
sort parameter of search() methods in tax-related controllers.

Vulnerable controllers:
- Taxes.php: sort column was passed directly to model
- Tax_categories.php: sort column was passed directly to model
- Tax_codes.php: sort column was passed directly to model
- Tax_jurisdictions.php: sort column was passed directly to model

Fix: Use sanitizeSortColumn() to validate sort column against
allowed headers, defaulting to primary key if invalid.

2026-04-06 18:37:07 +00:00

..

Attributes.php

Fix stored XSS vulnerability in Attribute Definitions (GHSA-rvfg-ww4r-rwqf) (#4429 )

2026-03-14 15:33:58 +00:00

BaseController.php

Feature bump ci to 4.6.0 (#4197 )

2025-04-03 14:16:06 +04:00

Cashups.php

Add filter persistence for table views via URL query string (#4400 )

2026-03-11 20:11:00 +01:00

Config.php

fix(security): prevent command injection in sendmail path configuration

2026-04-06 18:37:07 +00:00

Customers.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Employees.php

Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase

2026-03-06 17:25:25 +01:00

Expenses_categories.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Expenses.php

Fix review comments: remove redundant loop and add XSS escaping

2026-03-17 15:32:16 +00:00

Giftcards.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Home.php

Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch) (#4427 )

2026-03-13 12:13:21 +01:00

index.html

Replace tabs with spaces (#4196 )

2025-03-28 21:24:21 +04:00

Item_kits.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Items.php

Add filter persistence for table views via URL query string (#4400 )

2026-03-11 20:11:00 +01:00

Login.php

Improve code style and PSR-12 compliance (#4204 )

2025-05-02 19:37:06 +02:00

Messages.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

No_access.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Office.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Persons.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Receivings.php

Fix: Restrict employee selection in expenses and receivings forms

2026-03-17 15:32:16 +00:00

Reports.php

Fix DECIMAL attribute not respecting locale format (#4422 )

2026-03-13 21:23:52 +00:00

Sales.php

Fix negative price/quantity/discount validation (GHSA-wv3j-pp8r-7q43) (#4450 )

2026-04-03 14:49:42 +04:00

Secure_Controller.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Suppliers.php

Use Content-Type application/json for AJAX responses (#4357 )

2026-03-04 21:42:35 +01:00

Tax_categories.php

fix(security): prevent SQL injection in tax controller sort columns

2026-04-06 18:37:07 +00:00

Tax_codes.php

fix(security): prevent SQL injection in tax controller sort columns

2026-04-06 18:37:07 +00:00

Tax_jurisdictions.php

fix(security): prevent SQL injection in tax controller sort columns

2026-04-06 18:37:07 +00:00

Taxes.php

fix(security): prevent SQL injection in tax controller sort columns

2026-04-06 18:37:07 +00:00