mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-12 12:14:22 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
b2fadea44a232a98506b473f9629d7619ba81702
opensourcepos/app/Models
History
Ollama b2fadea44a Fix broken SQL injection fix - use havingLike() instead of having() with named params 
The previous SQL injection fix (GHSA-hmjv-wm3j-pfhw) used named parameter
syntax :search: with having(), but CodeIgniter 4's having() method does
not support named parameters. This caused the query to fail.

The fix uses havingLike() which properly:
- Escapes the search value to prevent SQL injection
- Handles the LIKE clause construction internally (wraps value with %)
- Works correctly with HAVING clauses for aggregated columns

This maintains the security fix while actually working on CI4.
2026-03-08 22:48:43 +01:00
..
Enums
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Reports
Fix second-order SQL injection in currency_symbol config (#4390)
2026-03-06 17:01:38 +01:00
Tokens
Allow anonymous giftcard creation (#4278)
2025-11-24 22:54:52 +01:00
.gitkeep
Corrected link in README.md
2024-06-15 17:19:15 +02:00
Appconfig.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Attribute.php
Fix creation of date attribute value (#4310) (#4344)
2025-12-02 07:19:14 +01:00
Cashup.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Customer_rewards.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Customer.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Dinner_table.php
Fix for suspended sales (#4283) (#4303)
2025-08-15 23:12:35 +02:00
Employee.php
Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase
2026-03-06 17:25:25 +01:00
Expense_category.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Expense.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Giftcard.php
Allow anonymous giftcard creation (#4278)
2025-11-24 22:54:52 +01:00
index.html
Replace tabs with spaces (#4196)
2025-03-28 21:24:21 +04:00
Inventory.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Item_kit_items.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Item_kit.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Item_quantity.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Item_taxes.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Item.php
Fix broken SQL injection fix - use havingLike() instead of having() with named params
2026-03-08 22:48:43 +01:00
Module.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Person.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Receiving.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Rewards.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Sale.php
Fix creation of date attribute value (#4310) (#4344)
2025-12-02 07:19:14 +01:00
Stock_location.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Supplier.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Tax_category.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Tax_code.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Tax_jurisdiction.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Tax.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00