jekkos 31d25e06dc fix(security): whitelist and validate invoice template types (#4393) ...

- Add whitelist validation for invoice_type to prevent path traversal and LFI
- Validate invoice_type against allowed values in Sale_lib
- Sanitize invoice_type input in Config controller before saving
- Default to 'invoice' template for invalid types

Security: Prevents arbitrary file inclusion via user-controlled invoice_type config

2026-03-06 13:18:47 +01:00

72 KiB

Raw Blame History

View Raw