mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-15 19:09:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
968d850b9df186e66964e5437fad0caf6f0103ae
opensourcepos/app/Controllers
History
Ollama 968d850b9d fix(security): Fix DOMPDF RCE and customer email sanitization 
- Disable isPhpEnabled in DOMPDF to prevent RCE via embedded PHP in HTML
- Disable isRemoteEnabled to prevent SSRF attacks
- Add email validation and sanitization in CSV import (FILTER_SANITIZE_EMAIL, FILTER_VALIDATE_EMAIL)
- Reject invalid email formats during customer import
2026-06-06 22:37:34 +02:00
..
Attributes.php
[Feature]: Case-sensitive attribute updates and CSV Import attribute deletion capability (#4384)
2026-04-09 11:13:22 +04:00
BaseController.php
chore: sync project files to match upstream templates (#4537)
2026-05-12 15:55:36 +02:00
Cashups.php
Add filter persistence for table views via URL query string (#4400)
2026-03-11 20:11:00 +01:00
Config.php
fix(security): SQL injection and path traversal vulnerabilities (#4539)
2026-05-15 23:10:04 +02:00
Customers.php
fix(security): Fix DOMPDF RCE and customer email sanitization
2026-06-06 22:37:34 +02:00
Employees.php
Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase
2026-03-06 17:25:25 +01:00
Expenses_categories.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Expenses.php
Fix review comments: remove redundant loop and add XSS escaping
2026-03-17 15:32:16 +00:00
Giftcards.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Home.php
fix(home): improve internal data type handling for user identification in auth process
2026-04-28 09:56:56 +02:00
index.html
Replace tabs with spaces (#4196)
2025-03-28 21:24:21 +04:00
Item_kits.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Items.php
fix: Capture CSV import failures in save_tax_data and save_inventory_quantities (#4507)
2026-05-17 22:23:43 +02:00
Login.php
Bugfixes to get Migration working on MySQL and MariaDB (#4551)
2026-05-19 16:02:05 +04:00
Messages.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
No_access.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Office.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Persons.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Receivings.php
Update to CodeIgniter 4.7.2 (#4485)
2026-04-14 01:05:10 +04:00
Reports.php
feat: Bank transfer and wallet payment option added #4540 (#4547)
2026-05-15 20:50:34 +02:00
Sales.php
Bugfix: Sale search in register not handling trailing space properly (#4557)
2026-05-22 01:43:24 +04:00
Secure_Controller.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Suppliers.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Tax_categories.php
fix(security): prevent SQL injection in tax controller sort columns
2026-04-06 18:37:07 +00:00
Tax_codes.php
fix(security): prevent SQL injection in tax controller sort columns
2026-04-06 18:37:07 +00:00
Tax_jurisdictions.php
fix(security): prevent SQL injection in tax controller sort columns
2026-04-06 18:37:07 +00:00
Taxes.php
fix(security): prevent SQL injection in tax controller sort columns
2026-04-06 18:37:07 +00:00