From e096650fa0456d15d3afe6519d97fe4b856e1ad6 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 20 Feb 2022 19:52:00 +0000
Subject: [PATCH 1/4] Show OS if asset is a switch/router/fw

---
 client_asset_edit_modal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client_asset_edit_modal.php b/client_asset_edit_modal.php
index c8c3181f..09634dfc 100644
--- a/client_asset_edit_modal.php
+++ b/client_asset_edit_modal.php
@@ -95,7 +95,7 @@
               </div>
               <?php } ?>
 
-              <?php if($asset_type !== 'Phone' AND $asset_type !== 'Mobile Phone' AND $asset_type !== 'Tablet' AND $asset_type !== 'Firewall/Router' AND $asset_type !== 'Switch' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Camera' AND $asset_type !== 'TV' AND $asset_type !== 'Other'){ ?>
+              <?php if($asset_type !== 'Phone' AND $asset_type !== 'Mobile Phone' AND $asset_type !== 'Tablet' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Camera' AND $asset_type !== 'TV' AND $asset_type !== 'Other'){ ?>
               <div class="form-group">
                 <label>Operating System</label>
                 <div class="input-group">

From 633eeb129685597161c3e4a9967fa140f9e87697 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 20 Feb 2022 20:42:48 +0000
Subject: [PATCH 2/4] Allow service notes to use multiple lines

---
 client_service_view_modal.php | 2 +-
 post.php                      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/client_service_view_modal.php b/client_service_view_modal.php
index 1ad1b39b..e921d4d0 100644
--- a/client_service_view_modal.php
+++ b/client_service_view_modal.php
@@ -18,7 +18,7 @@
                             <b>Backup Info:</b> <?php echo $service_backup; ?> <br><br>
 
                             <h5><i class="nav-icon fas fa-sticky-note"></i> Notes</h5>
-                            <p><?php echo $service_notes; ?></p>
+                            <?php echo nl2br($service_notes); ?>
                             <hr>
 
                             <!-- Assets -->
diff --git a/post.php b/post.php
index 2449ccc7..f1fdb355 100644
--- a/post.php
+++ b/post.php
@@ -5766,7 +5766,7 @@ if(isset($_POST['add_service'])){
     $service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
     $service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
     $service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
-    $service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
+    $service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
 
     // Create Service
     $service_sql = mysqli_query($mysqli, "INSERT INTO services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_created_at = NOW(), service_client_id = '$client_id', company_id = '$session_company_id'");
@@ -5859,7 +5859,7 @@ if(isset($_POST['edit_service'])){
     $service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
     $service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
     $service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
-    $service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
+    $service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
 
     // Update main service details
     mysqli_query($mysqli, "UPDATE services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_updated_at = NOW() WHERE service_id = '$service_id' AND company_id = '$session_company_id'");

From d5c142c86f927ead5041728493a2cec25d8cabf8 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 21 Feb 2022 20:51:19 +0000
Subject: [PATCH 3/4] Revert services to strip_tags

---
 post.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index f1fdb355..2449ccc7 100644
--- a/post.php
+++ b/post.php
@@ -5766,7 +5766,7 @@ if(isset($_POST['add_service'])){
     $service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
     $service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
     $service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
-    $service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
+    $service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
 
     // Create Service
     $service_sql = mysqli_query($mysqli, "INSERT INTO services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_created_at = NOW(), service_client_id = '$client_id', company_id = '$session_company_id'");
@@ -5859,7 +5859,7 @@ if(isset($_POST['edit_service'])){
     $service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
     $service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
     $service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
-    $service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
+    $service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
 
     // Update main service details
     mysqli_query($mysqli, "UPDATE services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_updated_at = NOW() WHERE service_id = '$service_id' AND company_id = '$session_company_id'");

From 957bb5308ffa25e4425213b6b57c5ec4f9b680bd Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 21 Feb 2022 21:37:39 +0000
Subject: [PATCH 4/4] Use div styling instead for service note line breaks

---
 client_service_view_modal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client_service_view_modal.php b/client_service_view_modal.php
index e921d4d0..4864560e 100644
--- a/client_service_view_modal.php
+++ b/client_service_view_modal.php
@@ -18,7 +18,7 @@
                             <b>Backup Info:</b> <?php echo $service_backup; ?> <br><br>
 
                             <h5><i class="nav-icon fas fa-sticky-note"></i> Notes</h5>
-                            <?php echo nl2br($service_notes); ?>
+                            <div style="white-space: pre-line"><?php echo $service_notes; ?></div>
                             <hr>
 
                             <!-- Assets -->