mirror of https://github.com/itflow-org/itflow
Replace the remaining php files with nullable_htmlentites()
This commit is contained in:
johnnyq
parent
ccf0d3ab77
commit
37fb696e63
|
|
@ -64,7 +64,7 @@ $key = randomString(156);
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']); ?>
|
||||
$client_name = nullable_htmlentities($row['client_name']); ?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo "$client_name (Client ID: $client_id)"; ?></option>
|
||||
<?php } ?>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -51,8 +51,8 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$calendar_id = intval($row['calendar_id']);
|
||||
$calendar_name = htmlentities($row['calendar_name']);
|
||||
$calendar_color = htmlentities($row['calendar_color']);
|
||||
$calendar_name = nullable_htmlentities($row['calendar_name']);
|
||||
$calendar_color = nullable_htmlentities($row['calendar_color']);
|
||||
?>
|
||||
<option <?php if ($config_default_calendar == $calendar_id) { echo "selected"; } ?> data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color; ?>;'></i> <?php echo $calendar_name; ?>" value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -120,8 +120,8 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -53,8 +53,8 @@
|
|||
$sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_calendars_select)) {
|
||||
$calendar_id_select = intval($row['calendar_id']);
|
||||
$calendar_name_select = htmlentities($row['calendar_name']);
|
||||
$calendar_color_select = htmlentities($row['calendar_color']);
|
||||
$calendar_name_select = nullable_htmlentities($row['calendar_name']);
|
||||
$calendar_color_select = nullable_htmlentities($row['calendar_color']);
|
||||
?>
|
||||
<option data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color_select; ?>;'></i> <?php echo $calendar_name_select; ?>"<?php if ($calendar_id == $calendar_id_select) { echo "selected"; } ?> value="<?php echo $calendar_id_select; ?>"><?php echo $calendar_name_select; ?></option>
|
||||
|
||||
|
|
@ -119,8 +119,8 @@
|
|||
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_clients)) {
|
||||
$client_id_select = intval($row['client_id']);
|
||||
$client_name_select = htmlentities($row['client_name']);
|
||||
$contact_email_select = htmlentities($row['contact_email']);
|
||||
$client_name_select = nullable_htmlentities($row['client_name']);
|
||||
$contact_email_select = nullable_htmlentities($row['contact_email']);
|
||||
?>
|
||||
<option <?php if ($client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -21,14 +21,14 @@ require_once("category_quick_add_modal.php");
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$event_id = intval($row['event_id']);
|
||||
$event_title = htmlentities($row['event_title']);
|
||||
$event_description = htmlentities($row['event_description']);
|
||||
$event_start = htmlentities($row['event_start']);
|
||||
$event_end = htmlentities($row['event_end']);
|
||||
$event_repeat = htmlentities($row['event_repeat']);
|
||||
$event_title = nullable_htmlentities($row['event_title']);
|
||||
$event_description = nullable_htmlentities($row['event_description']);
|
||||
$event_start = nullable_htmlentities($row['event_start']);
|
||||
$event_end = nullable_htmlentities($row['event_end']);
|
||||
$event_repeat = nullable_htmlentities($row['event_repeat']);
|
||||
$calendar_id = intval($row['calendar_id']);
|
||||
$calendar_name = htmlentities($row['calendar_name']);
|
||||
$calendar_color = htmlentities($row['calendar_color']);
|
||||
$calendar_name = nullable_htmlentities($row['calendar_name']);
|
||||
$calendar_color = nullable_htmlentities($row['calendar_color']);
|
||||
$client_id = intval($row['event_client_id']);
|
||||
|
||||
require("calendar_event_edit_modal.php");
|
||||
|
|
|
|||
|
|
@ -46,18 +46,18 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
|
|||
|
||||
<div class="card card-dark">
|
||||
<div class="card-header py-2">
|
||||
<h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo htmlentities($category); ?> Categories</h3>
|
||||
<h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo nullable_htmlentities($category); ?> Categories</h3>
|
||||
<div class="card-tools">
|
||||
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-plus mr-2"></i>New</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<form autocomplete="off">
|
||||
<input type="hidden" name="category" value="<?php echo htmlentities($category); ?>">
|
||||
<input type="hidden" name="category" value="<?php echo nullable_htmlentities($category); ?>">
|
||||
<div class="row">
|
||||
<div class="col-sm-4 mb-2">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Categories">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -88,8 +88,8 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_color = htmlentities($row['category_color']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
$category_color = nullable_htmlentities($row['category_color']);
|
||||
//$colors_used_array[] = $row['category_color'];
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@
|
|||
<div class="modal-dialog">
|
||||
<div class="modal-content bg-dark">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>New <?php echo htmlentities($category); ?> Category</h5>
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>New <?php echo nullable_htmlentities($category); ?> Category</h5>
|
||||
<button type="button" class="close text-white" data-dismiss="modal">
|
||||
<span>×</span>
|
||||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="type" value="<?php echo htmlentities($category); ?>">
|
||||
<input type="hidden" name="type" value="<?php echo nullable_htmlentities($category); ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="category_id" value="<?php echo $category_id; ?>">
|
||||
<input type="hidden" name="type" value="<?php echo htmlentities($category); ?>">
|
||||
<input type="hidden" name="type" value="<?php echo nullable_htmlentities($category); ?>">
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
<div class="form-group">
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@
|
|||
|
||||
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($referral_sql)) {
|
||||
$referral = htmlentities($row['category_name']); ?>
|
||||
$referral = nullable_htmlentities($row['category_name']); ?>
|
||||
<option><?php echo $referral; ?></option>
|
||||
<?php } ?>
|
||||
|
||||
|
|
@ -296,9 +296,9 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_tags_select)) {
|
||||
$tag_id_select = intval($row['tag_id']);
|
||||
$tag_name_select = htmlentities($row['tag_name']);
|
||||
$tag_color_select = htmlentities($row['tag_color']);
|
||||
$tag_icon_select = htmlentities($row['tag_icon']);
|
||||
$tag_name_select = nullable_htmlentities($row['tag_name']);
|
||||
$tag_color_select = nullable_htmlentities($row['tag_color']);
|
||||
$tag_icon_select = nullable_htmlentities($row['tag_icon']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -148,7 +148,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
|
||||
|
||||
|
|
@ -187,8 +187,8 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$network_id = intval($row['network_id']);
|
||||
$network_name = htmlentities($row['network_name']);
|
||||
$network = htmlentities($row['network']);
|
||||
$network_name = nullable_htmlentities($row['network_name']);
|
||||
$network = nullable_htmlentities($row['network']);
|
||||
|
||||
?>
|
||||
<option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>
|
||||
|
|
@ -235,7 +235,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@
|
|||
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_locations)) {
|
||||
$location_id_select = intval($row['location_id']);
|
||||
$location_name_select = htmlentities($row['location_name']);
|
||||
$location_name_select = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -182,8 +182,8 @@
|
|||
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_networks)) {
|
||||
$network_id_select = intval($row['network_id']);
|
||||
$network_name_select = htmlentities($row['network_name']);
|
||||
$network_select = htmlentities($row['network']);
|
||||
$network_name_select = nullable_htmlentities($row['network_name']);
|
||||
$network_select = nullable_htmlentities($row['network']);
|
||||
|
||||
?>
|
||||
<option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
|
||||
|
|
@ -230,7 +230,7 @@
|
|||
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id_select = intval($row['vendor_id']);
|
||||
$vendor_name_select = htmlentities($row['vendor_name']);
|
||||
$vendor_name_select = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
<?php
|
||||
while ($row = mysqli_fetch_array($sql_related_documents)) {
|
||||
$related_document_id = intval($row['document_id']);
|
||||
$related_document_name = htmlentities($row['document_name']);
|
||||
$related_document_name = nullable_htmlentities($row['document_name']);
|
||||
?>
|
||||
<p>
|
||||
<i class="fas fa-fw fa-document text-secondary"></i>
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@
|
|||
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_locations)) {
|
||||
$location_id_select = intval($row['location_id']);
|
||||
$location_name_select = htmlentities($row['location_name']);
|
||||
$location_name_select = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
|
||||
|
||||
|
|
@ -146,7 +146,7 @@
|
|||
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id_select = intval($row['contact_id']);
|
||||
$contact_name_select = htmlentities($row['contact_name']);
|
||||
$contact_name_select = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option <?php if ($asset_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>">
|
||||
<?php echo $contact_name_select; ?> <?php if (!empty($row['contact_archived_at'])) { echo " (Archived " . date('Y-m-d', strtotime($row['contact_archived_at'])) .")"; } ?>
|
||||
|
|
@ -184,8 +184,8 @@
|
|||
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_networks)) {
|
||||
$network_id_select = intval($row['network_id']);
|
||||
$network_name_select = htmlentities($row['network_name']);
|
||||
$network_select = htmlentities($row['network']);
|
||||
$network_name_select = nullable_htmlentities($row['network_name']);
|
||||
$network_select = nullable_htmlentities($row['network']);
|
||||
|
||||
?>
|
||||
<option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
|
||||
|
|
@ -232,7 +232,7 @@
|
|||
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id_select = intval($row['vendor_id']);
|
||||
$vendor_name_select = htmlentities($row['vendor_name']);
|
||||
$vendor_name_select = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -78,8 +78,8 @@
|
|||
$sql_network_select = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_network_select)) {
|
||||
$network_id = $row['network_id'];
|
||||
$network_name = htmlentities($row['network_name']);
|
||||
$network = htmlentities($row['network']);
|
||||
$network_name = nullable_htmlentities($row['network_name']);
|
||||
$network = nullable_htmlentities($row['network']);
|
||||
|
||||
?>
|
||||
<option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>
|
||||
|
|
|
|||
|
|
@ -13,12 +13,12 @@
|
|||
// Query is run from client_assets.php
|
||||
while ($row = mysqli_fetch_array($sql_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = htmlentities($row['ticket_updated_at']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
|
||||
?>
|
||||
<p>
|
||||
<i class="fas fa-fw fa-ticket-alt"></i>
|
||||
|
|
|
|||
|
|
@ -75,18 +75,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="card-header py-2">
|
||||
<h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
|
||||
<div class="card-tools">
|
||||
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button>
|
||||
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(nullable_htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<form autocomplete="off">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<input type="hidden" name="type" value="<?php echo stripslashes(htmlentities($_GET['type'])); ?>">
|
||||
<input type="hidden" name="type" value="<?php echo stripslashes(nullable_htmlentities($_GET['type'])); ?>">
|
||||
<div class="row">
|
||||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(stripslashes(htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(stripslashes(nullable_htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -161,40 +161,40 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_type = htmlentities($row['asset_type']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_make = htmlentities($row['asset_make']);
|
||||
$asset_model = htmlentities($row['asset_model']);
|
||||
$asset_serial = htmlentities($row['asset_serial']);
|
||||
$asset_type = nullable_htmlentities($row['asset_type']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
$asset_make = nullable_htmlentities($row['asset_make']);
|
||||
$asset_model = nullable_htmlentities($row['asset_model']);
|
||||
$asset_serial = nullable_htmlentities($row['asset_serial']);
|
||||
if (empty($asset_serial)) {
|
||||
$asset_serial_display = "-";
|
||||
} else {
|
||||
$asset_serial_display = $asset_serial;
|
||||
}
|
||||
$asset_os = htmlentities($row['asset_os']);
|
||||
$asset_os = nullable_htmlentities($row['asset_os']);
|
||||
if (empty($asset_os)) {
|
||||
$asset_os_display = "-";
|
||||
} else {
|
||||
$asset_os_display = $asset_os;
|
||||
}
|
||||
$asset_ip = htmlentities($row['asset_ip']);
|
||||
$asset_ip = nullable_htmlentities($row['asset_ip']);
|
||||
if (empty($asset_ip)) {
|
||||
$asset_ip_display = "-";
|
||||
} else {
|
||||
$asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text=" . $asset_ip . "><i class='far fa-copy text-secondary'></i></button>";
|
||||
}
|
||||
$asset_mac = htmlentities($row['asset_mac']);
|
||||
$asset_status = htmlentities($row['asset_status']);
|
||||
$asset_purchase_date = htmlentities($row['asset_purchase_date']);
|
||||
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
|
||||
$asset_install_date = htmlentities($row['asset_install_date']);
|
||||
$asset_mac = nullable_htmlentities($row['asset_mac']);
|
||||
$asset_status = nullable_htmlentities($row['asset_status']);
|
||||
$asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
|
||||
$asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
|
||||
$asset_install_date = nullable_htmlentities($row['asset_install_date']);
|
||||
if (empty($asset_install_date)) {
|
||||
$asset_install_date_display = "-";
|
||||
} else {
|
||||
$asset_install_date_display = $asset_install_date;
|
||||
}
|
||||
$asset_notes = htmlentities($row['asset_notes']);
|
||||
$asset_created_at = htmlentities($row['asset_created_at']);
|
||||
$asset_notes = nullable_htmlentities($row['asset_notes']);
|
||||
$asset_created_at = nullable_htmlentities($row['asset_created_at']);
|
||||
$asset_vendor_id = intval($row['asset_vendor_id']);
|
||||
$asset_location_id = intval($row['asset_location_id']);
|
||||
$asset_contact_id = intval($row['asset_contact_id']);
|
||||
|
|
@ -202,19 +202,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
$device_icon = getAssetIcon($asset_type);
|
||||
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
if (empty($contact_name)) {
|
||||
$contact_name = "-";
|
||||
}
|
||||
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
if (empty($location_name)) {
|
||||
$location_name = "-";
|
||||
}
|
||||
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
// Related tickets
|
||||
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_asset_id = $asset_id ORDER BY ticket_number DESC");
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@
|
|||
$domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
|
||||
while ($domain_row = mysqli_fetch_array($domains_sql)) {
|
||||
$domain_id = intval($domain_row['domain_id']);
|
||||
$domain_name = htmlentities($domain_row['domain_name']);
|
||||
$domain_name = nullable_htmlentities($domain_row['domain_name']);
|
||||
echo "<option value=\"$domain_id\">$domain_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Certificates">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -86,10 +86,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$certificate_id = intval($row['certificate_id']);
|
||||
$certificate_name = htmlentities($row['certificate_name']);
|
||||
$certificate_domain = htmlentities($row['certificate_domain']);
|
||||
$certificate_issued_by = htmlentities($row['certificate_issued_by']);
|
||||
$certificate_expire = htmlentities($row['certificate_expire']);
|
||||
$certificate_name = nullable_htmlentities($row['certificate_name']);
|
||||
$certificate_domain = nullable_htmlentities($row['certificate_domain']);
|
||||
$certificate_issued_by = nullable_htmlentities($row['certificate_issued_by']);
|
||||
$certificate_expire = nullable_htmlentities($row['certificate_expire']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT location_id, location_name FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -11,33 +11,33 @@ if (isset($_GET['contact_id'])) {
|
|||
");
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_department =htmlentities($row['contact_department']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_department =nullable_htmlentities($row['contact_department']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_photo = htmlentities($row['contact_photo']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_photo = nullable_htmlentities($row['contact_photo']);
|
||||
$contact_initials = initials($contact_name);
|
||||
$contact_notes = htmlentities($row['contact_notes']);
|
||||
$contact_notes = nullable_htmlentities($row['contact_notes']);
|
||||
$contact_important = intval($row['contact_important']);
|
||||
$contact_billing = intval($row['contact_billing']);
|
||||
$contact_technical = intval($row['contact_technical']);
|
||||
$contact_created_at = htmlentities($row['contact_created_at']);
|
||||
$contact_created_at = nullable_htmlentities($row['contact_created_at']);
|
||||
if ($contact_id == $primary_contact) {
|
||||
$primary_contact_display = "<small class='text-success'>Primary Contact</small>";
|
||||
} else {
|
||||
$primary_contact_display = false;
|
||||
}
|
||||
$contact_location_id = intval($row['contact_location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
if (empty($location_name)) {
|
||||
$location_name_display = "-";
|
||||
} else {
|
||||
$location_name_display = $location_name;
|
||||
}
|
||||
$auth_method = htmlentities($row['contact_auth_method']);
|
||||
$auth_method = nullable_htmlentities($row['contact_auth_method']);
|
||||
|
||||
// Related Assets Query
|
||||
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC");
|
||||
|
|
@ -165,48 +165,48 @@ if (isset($_GET['contact_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_related_assets)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_type = htmlentities($row['asset_type']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_make = htmlentities($row['asset_make']);
|
||||
$asset_model = htmlentities($row['asset_model']);
|
||||
$asset_serial = htmlentities($row['asset_serial']);
|
||||
$asset_type = nullable_htmlentities($row['asset_type']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
$asset_make = nullable_htmlentities($row['asset_make']);
|
||||
$asset_model = nullable_htmlentities($row['asset_model']);
|
||||
$asset_serial = nullable_htmlentities($row['asset_serial']);
|
||||
if (empty($asset_serial)) {
|
||||
$asset_serial_display = "-";
|
||||
} else {
|
||||
$asset_serial_display = $asset_serial;
|
||||
}
|
||||
$asset_os = htmlentities($row['asset_os']);
|
||||
$asset_os = nullable_htmlentities($row['asset_os']);
|
||||
if (empty($asset_os)) {
|
||||
$asset_os_display = "-";
|
||||
} else {
|
||||
$asset_os_display = $asset_os;
|
||||
}
|
||||
$asset_ip = htmlentities($row['asset_ip']);
|
||||
$asset_ip = nullable_htmlentities($row['asset_ip']);
|
||||
if (empty($asset_ip)) {
|
||||
$asset_ip_display = "-";
|
||||
} else {
|
||||
$asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text='$asset_ip'><i class='far fa-copy text-secondary'></i></button>";
|
||||
}
|
||||
$asset_mac = htmlentities($row['asset_mac']);
|
||||
$asset_status = htmlentities($row['asset_status']);
|
||||
$asset_purchase_date = htmlentities($row['asset_purchase_date']);
|
||||
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
|
||||
$asset_install_date = htmlentities($row['asset_install_date']);
|
||||
$asset_mac = nullable_htmlentities($row['asset_mac']);
|
||||
$asset_status = nullable_htmlentities($row['asset_status']);
|
||||
$asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
|
||||
$asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
|
||||
$asset_install_date = nullable_htmlentities($row['asset_install_date']);
|
||||
if (empty($asset_install_date)) {
|
||||
$asset_install_date_display = "-";
|
||||
} else {
|
||||
$asset_install_date_display = $asset_install_date;
|
||||
}
|
||||
$asset_notes = htmlentities($row['asset_notes']);
|
||||
$asset_created_at = htmlentities($row['asset_created_at']);
|
||||
$asset_notes = nullable_htmlentities($row['asset_notes']);
|
||||
$asset_created_at = nullable_htmlentities($row['asset_created_at']);
|
||||
$asset_vendor_id = intval($row['asset_vendor_id']);
|
||||
$asset_location_id = intval($row['asset_location_id']);
|
||||
$asset_network_id = intval($row['asset_network_id']);
|
||||
$asset_contact_id = intval($row['asset_contact_id']);
|
||||
|
||||
$login_id = $row['login_id'];
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
$device_icon = getAssetIcon($asset_type);
|
||||
|
||||
|
|
@ -286,28 +286,28 @@ if (isset($_GET['contact_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_related_logins)) {
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_name = htmlentities($row['login_name']);
|
||||
$login_uri = htmlentities($row['login_uri']);
|
||||
$login_name = nullable_htmlentities($row['login_name']);
|
||||
$login_uri = nullable_htmlentities($row['login_uri']);
|
||||
if (empty($login_uri)) {
|
||||
$login_uri_display = "-";
|
||||
} else {
|
||||
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
|
||||
}
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
if (empty($login_username)) {
|
||||
$login_username_display = "-";
|
||||
} else {
|
||||
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
|
||||
}
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_otp_secret = htmlentities($row['login_otp_secret']);
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
|
||||
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
|
||||
if (empty($login_otp_secret)) {
|
||||
$otp_display = "-";
|
||||
} else {
|
||||
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
|
||||
}
|
||||
$login_note = htmlentities($row['login_note']);
|
||||
$login_note = nullable_htmlentities($row['login_note']);
|
||||
$login_important = intval($row['login_important']);
|
||||
$login_contact_id = intval($row['login_contact_id']);
|
||||
$login_vendor_id = intval($row['login_vendor_id']);
|
||||
|
|
@ -386,22 +386,22 @@ if (isset($_GET['contact_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_related_software)) {
|
||||
$software_id = intval($row['software_id']);
|
||||
$software_name = htmlentities($row['software_name']);
|
||||
$software_version = htmlentities($row['software_version']);
|
||||
$software_type = htmlentities($row['software_type']);
|
||||
$software_license_type = htmlentities($row['software_license_type']);
|
||||
$software_key = htmlentities($row['software_key']);
|
||||
$software_seats = htmlentities($row['software_seats']);
|
||||
$software_purchase = htmlentities($row['software_purchase']);
|
||||
$software_expire = htmlentities($row['software_expire']);
|
||||
$software_notes = htmlentities($row['software_notes']);
|
||||
$software_name = nullable_htmlentities($row['software_name']);
|
||||
$software_version = nullable_htmlentities($row['software_version']);
|
||||
$software_type = nullable_htmlentities($row['software_type']);
|
||||
$software_license_type = nullable_htmlentities($row['software_license_type']);
|
||||
$software_key = nullable_htmlentities($row['software_key']);
|
||||
$software_seats = nullable_htmlentities($row['software_seats']);
|
||||
$software_purchase = nullable_htmlentities($row['software_purchase']);
|
||||
$software_expire = nullable_htmlentities($row['software_expire']);
|
||||
$software_notes = nullable_htmlentities($row['software_notes']);
|
||||
|
||||
$seat_count = 0;
|
||||
|
||||
// Get Login
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
// Asset Licenses
|
||||
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
|
||||
|
|
@ -483,13 +483,13 @@ if (isset($_GET['contact_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_related_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_priority = htmlentities($row['ticket_priority']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = htmlentities($row['ticket_updated_at']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_priority = nullable_htmlentities($row['ticket_priority']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
|
||||
if (empty($ticket_updated_at)) {
|
||||
if ($ticket_status == "Closed") {
|
||||
$ticket_updated_at_display = "<p>Never</p>";
|
||||
|
|
@ -499,7 +499,7 @@ if (isset($_GET['contact_id'])) {
|
|||
} else {
|
||||
$ticket_updated_at_display = $ticket_updated_at;
|
||||
}
|
||||
$ticket_closed_at = htmlentities($row['ticket_closed_at']);
|
||||
$ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']);
|
||||
|
||||
if ($ticket_status == "Open") {
|
||||
$ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>";
|
||||
|
|
@ -526,7 +526,7 @@ if (isset($_GET['contact_id'])) {
|
|||
$ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
|
||||
}
|
||||
} else {
|
||||
$ticket_assigned_to_display = htmlentities($row['user_name']);
|
||||
$ticket_assigned_to_display = nullable_htmlentities($row['user_name']);
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@
|
|||
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_locations)) {
|
||||
$location_id_select = intval($row['location_id']);
|
||||
$location_name_select = htmlentities($row['location_name']);
|
||||
$location_name_select = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option <?php if ($contact_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Contacts">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -78,14 +78,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
if (empty($contact_title)) {
|
||||
$contact_title_display = "-";
|
||||
} else {
|
||||
$contact_title_display = "<small class='text-secondary'>$contact_title</small>";
|
||||
}
|
||||
$contact_department = htmlentities($row['contact_department']);
|
||||
$contact_department = nullable_htmlentities($row['contact_department']);
|
||||
if (empty($contact_department)) {
|
||||
$contact_department_display = "-";
|
||||
} else {
|
||||
|
|
@ -97,39 +97,39 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
} else {
|
||||
$contact_phone_display = "$contact_phone";
|
||||
}
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
if (empty($contact_mobile)) {
|
||||
$contact_mobile_display = "-";
|
||||
} else {
|
||||
$contact_mobile_display = "$contact_mobile";
|
||||
}
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
if (empty($contact_email)) {
|
||||
$contact_email_display = "-";
|
||||
} else {
|
||||
$contact_email_display = "<a href='mailto:$contact_email'>$contact_email</a><button class='btn btn-sm clipboardjs' data-clipboard-text='$contact_email'><i class='far fa-copy text-secondary'></i></button>";
|
||||
}
|
||||
$contact_photo = htmlentities($row['contact_photo']);
|
||||
$contact_photo = nullable_htmlentities($row['contact_photo']);
|
||||
$contact_initials = initials($contact_name);
|
||||
$contact_notes = htmlentities($row['contact_notes']);
|
||||
$contact_notes = nullable_htmlentities($row['contact_notes']);
|
||||
$contact_important = intval($row['contact_important']);
|
||||
$contact_billing = intval($row['contact_billing']);
|
||||
$contact_technical = intval($row['contact_technical']);
|
||||
$contact_created_at = htmlentities($row['contact_created_at']);
|
||||
$contact_created_at = nullable_htmlentities($row['contact_created_at']);
|
||||
if ($contact_id == $primary_contact) {
|
||||
$primary_contact_display = "<small class='text-success'>Primary Contact</small>";
|
||||
} else {
|
||||
$primary_contact_display = false;
|
||||
}
|
||||
$contact_location_id = intval($row['contact_location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
if (empty($location_name)) {
|
||||
$location_name_display = "-";
|
||||
} else {
|
||||
$location_name_display = $location_name;
|
||||
}
|
||||
$auth_method = htmlentities($row['contact_auth_method']);
|
||||
$auth_method = nullable_htmlentities($row['contact_auth_method']);
|
||||
|
||||
// Related Assets Query
|
||||
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_archived_at IS NULL ORDER BY document_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_document_templates)) {
|
||||
$document_template_id = intval($row['document_id']);
|
||||
$document_template_name = htmlentities($row['document_name']);
|
||||
$document_template_name = nullable_htmlentities($row['document_name']);
|
||||
|
||||
?>
|
||||
<option value="<?php echo $document_template_id ?>"><?php echo $document_template_name; ?></option>
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_folders)) {
|
||||
$folder_id = intval($row['folder_id']);
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
|
||||
?>
|
||||
<option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_folders)) {
|
||||
$folder_id = intval($row['folder_id']);
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
|
||||
?>
|
||||
<option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>
|
||||
|
|
|
|||
|
|
@ -17,11 +17,11 @@ $sql_document = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN folders
|
|||
|
||||
$row = mysqli_fetch_array($sql_document);
|
||||
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = $purifier->purify($row['document_content']);
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$document_updated_at = htmlentities($row['document_updated_at']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
$document_updated_at = nullable_htmlentities($row['document_updated_at']);
|
||||
$document_folder_id = intval($row['document_folder_id']);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
$sql_folders_select = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_folders_select)) {
|
||||
$folder_id_select = intval($row['folder_id']);
|
||||
$folder_name_select = htmlentities($row['folder_name']);
|
||||
$folder_name_select = nullable_htmlentities($row['folder_name']);
|
||||
?>
|
||||
<option <?php if ($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option>
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@ $sql_document = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_te
|
|||
|
||||
$row = mysqli_fetch_array($sql_document);
|
||||
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = $purifier->purify($row['document_content']);
|
||||
//$document_content = $row['document_content'];
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$document_updated_at = htmlentities($row['document_updated_at']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
$document_updated_at = nullable_htmlentities($row['document_updated_at']);
|
||||
|
||||
?>
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<form autocomplete="off">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search templates">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search templates">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -80,10 +80,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_content = htmlentities($row['document_content']);
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$document_updated_at = htmlentities($row['document_updated_at']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = nullable_htmlentities($row['document_content']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
$document_updated_at = nullable_htmlentities($row['document_updated_at']);
|
||||
$document_folder_id = intval($row['document_folder_id']);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_folders)) {
|
||||
$folder_id = intval($row['folder_id']);
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id"));
|
||||
$num_documents = intval($row['num']);
|
||||
|
|
@ -141,7 +141,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Documents">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -172,10 +172,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_content = htmlentities($row['document_content']);
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$document_updated_at = htmlentities($row['document_updated_at']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = nullable_htmlentities($row['document_content']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
$document_updated_at = nullable_htmlentities($row['document_updated_at']);
|
||||
$document_folder_id = intval($row['document_folder_id']);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Domains">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -64,18 +64,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$domain_id = intval($row['domain_id']);
|
||||
$domain_name = htmlentities($row['domain_name']);
|
||||
$domain_name = nullable_htmlentities($row['domain_name']);
|
||||
$domain_registrar = intval($row['domain_registrar']);
|
||||
$domain_webhost = intval($row['domain_webhost']);
|
||||
$domain_expire = htmlentities($row['domain_expire']);
|
||||
$domain_registrar_name = htmlentities($row['vendor_name']);
|
||||
$domain_expire = nullable_htmlentities($row['domain_expire']);
|
||||
$domain_registrar_name = nullable_htmlentities($row['vendor_name']);
|
||||
if (empty($domain_registrar_name)) {
|
||||
$domain_registrar_name = "-";
|
||||
}
|
||||
|
||||
$sql_domain_webhost = mysqli_query($mysqli, "SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
|
||||
$row = mysqli_fetch_array($sql_domain_webhost);
|
||||
$domain_webhost_name = htmlentities($row['vendor_name']);
|
||||
$domain_webhost_name = nullable_htmlentities($row['vendor_name']);
|
||||
if (empty($domain_webhost_name)) {
|
||||
$domain_webhost_name = "-";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
|
||||
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($referral_sql)) {
|
||||
$referral = htmlentities($row['category_name']);
|
||||
$referral = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($client_referral == $referral) { echo "selected"; } ?> > <?php echo $referral; ?></option>
|
||||
|
||||
|
|
@ -162,9 +162,9 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_tags_select)) {
|
||||
$tag_id_select = intval($row['tag_id']);
|
||||
$tag_name_select = htmlentities($row['tag_name']);
|
||||
$tag_color_select = htmlentities($row['tag_color']);
|
||||
$tag_icon_select = htmlentities($row['tag_icon']);
|
||||
$tag_name_select = nullable_htmlentities($row['tag_name']);
|
||||
$tag_color_select = nullable_htmlentities($row['tag_color']);
|
||||
$tag_icon_select = nullable_htmlentities($row['tag_icon']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
|
|||
|
|
@ -22,14 +22,14 @@ include("calendar_add_modal.php");
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$event_id = intval($row['event_id']);
|
||||
$event_title = htmlentities($row['event_title']);
|
||||
$event_description = htmlentities($row['event_description']);
|
||||
$event_start = htmlentities($row['event_start']);
|
||||
$event_end = htmlentities($row['event_end']);
|
||||
$event_repeat = htmlentities($row['event_repeat']);
|
||||
$event_title = nullable_htmlentities($row['event_title']);
|
||||
$event_description = nullable_htmlentities($row['event_description']);
|
||||
$event_start = nullable_htmlentities($row['event_start']);
|
||||
$event_end = nullable_htmlentities($row['event_end']);
|
||||
$event_repeat = nullable_htmlentities($row['event_repeat']);
|
||||
$calendar_id = intval($row['calendar_id']);
|
||||
$calendar_name = htmlentities($row['calendar_name']);
|
||||
$calendar_color = htmlentities($row['calendar_color']);
|
||||
$calendar_name = nullable_htmlentities($row['calendar_name']);
|
||||
$calendar_color = nullable_htmlentities($row['calendar_color']);
|
||||
|
||||
require("calendar_event_edit_modal.php");
|
||||
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_files_images)) {
|
||||
$file_id = intval($row['file_id']);
|
||||
$file_name = htmlentities($row['file_name']);
|
||||
$file_reference_name = htmlentities($row['file_reference_name']);
|
||||
$file_ext = htmlentities($row['file_ext']);
|
||||
$file_name = nullable_htmlentities($row['file_name']);
|
||||
$file_reference_name = nullable_htmlentities($row['file_reference_name']);
|
||||
$file_ext = nullable_htmlentities($row['file_ext']);
|
||||
|
||||
?>
|
||||
|
||||
|
|
@ -65,9 +65,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
|
|||
<?php
|
||||
while ($row = mysqli_fetch_array($sql_files_other)) {
|
||||
$file_id = intval($row['file_id']);
|
||||
$file_name = htmlentities($row['file_name']);
|
||||
$file_reference_name = htmlentities($row['file_reference_name']);
|
||||
$file_ext = htmlentities($row['file_ext']);
|
||||
$file_name = nullable_htmlentities($row['file_name']);
|
||||
$file_reference_name = nullable_htmlentities($row['file_reference_name']);
|
||||
$file_ext = nullable_htmlentities($row['file_ext']);
|
||||
if ($file_ext == 'pdf') {
|
||||
$file_icon = "file-pdf";
|
||||
} elseif ($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar') {
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Invoices">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -71,22 +71,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = htmlentities($row['invoice_number']);
|
||||
$invoice_scope = htmlentities($row['invoice_scope']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = nullable_htmlentities($row['invoice_number']);
|
||||
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
|
||||
if (empty($invoice_scope)) {
|
||||
$invoice_scope_display = "-";
|
||||
} else {
|
||||
$invoice_scope_display = $invoice_scope;
|
||||
}
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_created_at = htmlentities($row['invoice_created_at']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
|
||||
if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time()) {
|
||||
$overdue_color = "text-danger font-weight-bold";
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@
|
|||
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id = $row['contact_id'];
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@
|
|||
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id_select = intval($row['contact_id']);
|
||||
$contact_name_select = htmlentities($row['contact_name']);
|
||||
$contact_name_select = nullable_htmlentities($row['contact_name']);
|
||||
|
||||
?>
|
||||
<option <?php if ($location_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Locations">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -69,27 +69,27 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_country = htmlentities($row['location_country']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
$location_country = nullable_htmlentities($row['location_country']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$location_phone = formatPhoneNumber($row['location_phone']);
|
||||
if (empty($location_phone)) {
|
||||
$location_phone_display = "-";
|
||||
} else {
|
||||
$location_phone_display = $location_phone;
|
||||
}
|
||||
$location_hours = htmlentities($row['location_hours']);
|
||||
$location_hours = nullable_htmlentities($row['location_hours']);
|
||||
if (empty($location_hours)) {
|
||||
$location_hours_display = "-";
|
||||
} else {
|
||||
$location_hours_display = $location_hours;
|
||||
}
|
||||
$location_photo = htmlentities($row['location_photo']);
|
||||
$location_notes = htmlentities($row['location_notes']);
|
||||
$location_created_at = htmlentities($row['location_created_at']);
|
||||
$location_photo = nullable_htmlentities($row['location_photo']);
|
||||
$location_notes = nullable_htmlentities($row['location_notes']);
|
||||
$location_created_at = nullable_htmlentities($row['location_created_at']);
|
||||
$location_contact_id = intval($row['location_contact_id']);
|
||||
if ($location_id == $primary_location) {
|
||||
$primary_location_display = "<p class='text-success'>Primary Location</p>";
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
|
||||
|
||||
|
|
@ -134,7 +134,7 @@
|
|||
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
|
||||
|
||||
|
|
@ -158,7 +158,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
?>
|
||||
<option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option>
|
||||
|
||||
|
|
@ -182,7 +182,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$software_id = intval($row['software_id']);
|
||||
$software_name = htmlentities($row['software_name']);
|
||||
$software_name = nullable_htmlentities($row['software_name']);
|
||||
?>
|
||||
<option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@
|
|||
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id_select = intval($row['contact_id']);
|
||||
$contact_name_select = htmlentities($row['contact_name']);
|
||||
$contact_name_select = nullable_htmlentities($row['contact_name']);
|
||||
?>
|
||||
<option <?php if ($login_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -139,7 +139,7 @@
|
|||
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id_select = intval($row['vendor_id']);
|
||||
$vendor_name_select = htmlentities($row['vendor_name']);
|
||||
$vendor_name_select = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option <?php if ($login_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -161,7 +161,7 @@
|
|||
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_assets)) {
|
||||
$asset_id_select = intval($row['asset_id']);
|
||||
$asset_name_select = htmlentities($row['asset_name']);
|
||||
$asset_name_select = nullable_htmlentities($row['asset_name']);
|
||||
?>
|
||||
<option <?php if ($login_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
|
||||
|
||||
|
|
@ -183,7 +183,7 @@
|
|||
$sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_software)) {
|
||||
$software_id_select = intval($row['software_id']);
|
||||
$software_name_select = htmlentities($row['software_name']);
|
||||
$software_name_select = nullable_htmlentities($row['software_name']);
|
||||
?>
|
||||
<option <?php if ($login_software_id == $software_id_select) { echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Passwords">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -69,28 +69,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_name = htmlentities($row['login_name']);
|
||||
$login_uri = htmlentities($row['login_uri']);
|
||||
$login_name = nullable_htmlentities($row['login_name']);
|
||||
$login_uri = nullable_htmlentities($row['login_uri']);
|
||||
if (empty($login_uri)) {
|
||||
$login_uri_display = "-";
|
||||
} else {
|
||||
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
|
||||
}
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
if (empty($login_username)) {
|
||||
$login_username_display = "-";
|
||||
} else {
|
||||
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
|
||||
}
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_otp_secret = htmlentities($row['login_otp_secret']);
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
|
||||
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
|
||||
if (empty($login_otp_secret)) {
|
||||
$otp_display = "-";
|
||||
} else {
|
||||
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
|
||||
}
|
||||
$login_note = htmlentities($row['login_note']);
|
||||
$login_note = nullable_htmlentities($row['login_note']);
|
||||
$login_important = intval($row['login_important']);
|
||||
$login_contact_id = intval($row['login_contact_id']);
|
||||
$login_vendor_id = intval($row['login_vendor_id']);
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Logs">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -66,16 +66,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$log_id = intval($row['log_id']);
|
||||
$log_type = htmlentities($row['log_type']);
|
||||
$log_action = htmlentities($row['log_action']);
|
||||
$log_description = htmlentities($row['log_description']);
|
||||
$log_ip = htmlentities($row['log_ip']);
|
||||
$log_user_agent = htmlentities($row['log_user_agent']);
|
||||
$log_type = nullable_htmlentities($row['log_type']);
|
||||
$log_action = nullable_htmlentities($row['log_action']);
|
||||
$log_description = nullable_htmlentities($row['log_description']);
|
||||
$log_ip = nullable_htmlentities($row['log_ip']);
|
||||
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
|
||||
$log_user_os = getOS($log_user_agent);
|
||||
$log_user_browser = getWebBrowser($log_user_agent);
|
||||
$log_created_at = htmlentities($row['log_created_at']);
|
||||
$log_created_at = nullable_htmlentities($row['log_created_at']);
|
||||
$user_id = intval($row['user_id']);
|
||||
$user_name = htmlentities($row['user_name']);
|
||||
$user_name = nullable_htmlentities($row['user_name']);
|
||||
if (empty($user_name)) {
|
||||
$user_name_display = "-";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
?>
|
||||
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Networks">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -70,23 +70,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$network_id = intval($row['network_id']);
|
||||
$network_name = htmlentities($row['network_name']);
|
||||
$network_name = nullable_htmlentities($row['network_name']);
|
||||
$network_vlan = intval($row['network_vlan']);
|
||||
if (empty($network_vlan)) {
|
||||
$network_vlan_display = "-";
|
||||
} else {
|
||||
$network_vlan_display = $network_vlan;
|
||||
}
|
||||
$network = htmlentities($row['network']);
|
||||
$network_gateway = htmlentities($row['network_gateway']);
|
||||
$network_dhcp_range = htmlentities($row['network_dhcp_range']);
|
||||
$network = nullable_htmlentities($row['network']);
|
||||
$network_gateway = nullable_htmlentities($row['network_gateway']);
|
||||
$network_dhcp_range = nullable_htmlentities($row['network_dhcp_range']);
|
||||
if (empty($network_dhcp_range)) {
|
||||
$network_dhcp_range_display = "-";
|
||||
} else {
|
||||
$network_dhcp_range_display = $network_dhcp_range;
|
||||
}
|
||||
$network_location_id = intval($row['network_location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
if (empty($location_name)) {
|
||||
$location_name_display = "-";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -61,11 +61,11 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_important_contacts)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
|
||||
?>
|
||||
|
|
@ -109,8 +109,8 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_updated_at = htmlentities($row['contact_updated_at']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_updated_at = nullable_htmlentities($row['contact_updated_at']);
|
||||
|
||||
?>
|
||||
<p class="mb-1">
|
||||
|
|
@ -125,8 +125,8 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_updated_at = htmlentities($row['vendor_updated_at']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
$vendor_updated_at = nullable_htmlentities($row['vendor_updated_at']);
|
||||
|
||||
?>
|
||||
<p class="mb-1">
|
||||
|
|
@ -160,8 +160,8 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_domains_expiring)) {
|
||||
$domain_id = intval($row['domain_id']);
|
||||
$domain_name = htmlentities($row['domain_name']);
|
||||
$domain_expire = htmlentities($row['domain_expire']);
|
||||
$domain_name = nullable_htmlentities($row['domain_name']);
|
||||
$domain_expire = nullable_htmlentities($row['domain_expire']);
|
||||
|
||||
?>
|
||||
<p class="mb-1">
|
||||
|
|
@ -177,8 +177,8 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_asset_warranties_expiring)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
$asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
|
||||
|
||||
?>
|
||||
<p class="mb-1">
|
||||
|
|
@ -196,8 +196,8 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_asset_retire)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_install_date = htmlentities($row['asset_install_date']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
$asset_install_date = nullable_htmlentities($row['asset_install_date']);
|
||||
|
||||
?>
|
||||
<p class="mb-1">
|
||||
|
|
@ -234,10 +234,10 @@ $sql_domains_expiring = mysqli_query(
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_tickets_stale)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_created_at = htmlentities($row['ticket_created_at']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Payments">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -69,23 +69,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$payment_date = htmlentities($row['payment_date']);
|
||||
$payment_method = htmlentities($row['payment_method']);
|
||||
$payment_reference = htmlentities($row['payment_reference']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$payment_date = nullable_htmlentities($row['payment_date']);
|
||||
$payment_method = nullable_htmlentities($row['payment_method']);
|
||||
$payment_reference = nullable_htmlentities($row['payment_reference']);
|
||||
if (empty($payment_reference)) {
|
||||
$payment_reference_display = "-";
|
||||
} else {
|
||||
$payment_reference_display = $payment_reference;
|
||||
}
|
||||
$payment_amount = floatval($row['payment_amount']);
|
||||
$payment_currency_code = htmlentities($row['payment_currency_code']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Quotes">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -70,21 +70,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_number = htmlentities($row['quote_number']);
|
||||
$quote_scope = htmlentities($row['quote_scope']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = nullable_htmlentities($row['quote_number']);
|
||||
$quote_scope = nullable_htmlentities($row['quote_scope']);
|
||||
if (empty($quote_scope)) {
|
||||
$quote_scope_display = "-";
|
||||
} else {
|
||||
$quote_scope_display = $quote_scope;
|
||||
}
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_currency_code = htmlentities($row['quote_currency_code']);
|
||||
$quote_created_at = htmlentities($row['quote_created_at']);
|
||||
$quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
|
||||
$quote_created_at = nullable_htmlentities($row['quote_created_at']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
|
||||
//Set Badge color based off of quote status
|
||||
if ($quote_status == "Sent") {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -71,21 +71,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$recurring_id = intval($row['recurring_id']);
|
||||
$recurring_prefix = htmlentities($row['recurring_prefix']);
|
||||
$recurring_prefix = nullable_htmlentities($row['recurring_prefix']);
|
||||
$recurring_number = intval($row['recurring_number']);
|
||||
$recurring_scope = htmlentities($row['recurring_scope']);
|
||||
$recurring_frequency = htmlentities($row['recurring_frequency']);
|
||||
$recurring_status = htmlentities($row['recurring_status']);
|
||||
$recurring_last_sent = htmlentities($row['recurring_last_sent']);
|
||||
$recurring_scope = nullable_htmlentities($row['recurring_scope']);
|
||||
$recurring_frequency = nullable_htmlentities($row['recurring_frequency']);
|
||||
$recurring_status = nullable_htmlentities($row['recurring_status']);
|
||||
$recurring_last_sent = nullable_htmlentities($row['recurring_last_sent']);
|
||||
if ($recurring_last_sent == 0) {
|
||||
$recurring_last_sent = "-";
|
||||
}
|
||||
$recurring_next_date = htmlentities($row['recurring_next_date']);
|
||||
$recurring_next_date = nullable_htmlentities($row['recurring_next_date']);
|
||||
$recurring_amount = floatval($row['recurring_amount']);
|
||||
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
|
||||
$recurring_created_at = htmlentities($row['recurring_created_at']);
|
||||
$recurring_currency_code = nullable_htmlentities($row['recurring_currency_code']);
|
||||
$recurring_created_at = nullable_htmlentities($row['recurring_created_at']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
if ($recurring_status == 1) {
|
||||
$status = "Active";
|
||||
$status_badge_color = "success";
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -75,10 +75,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$scheduled_ticket_id = intval($row['scheduled_ticket_id']);
|
||||
$scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
|
||||
$scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
|
||||
$scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
|
||||
$scheduled_ticket_next_run = htmlentities($row['scheduled_ticket_next_run']);
|
||||
$scheduled_ticket_subject = nullable_htmlentities($row['scheduled_ticket_subject']);
|
||||
$scheduled_ticket_priority = nullable_htmlentities($row['scheduled_ticket_priority']);
|
||||
$scheduled_ticket_frequency = nullable_htmlentities($row['scheduled_ticket_frequency']);
|
||||
$scheduled_ticket_next_run = nullable_htmlentities($row['scheduled_ticket_next_run']);
|
||||
?>
|
||||
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
echo "<option value=\"$contact_id\">$contact_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -116,7 +116,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
echo "<option value=\"$vendor_id\">$vendor_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -130,7 +130,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
echo "<option value=\"$document_id\">$document_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -154,7 +154,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
echo "<option value=\"$asset_id\">$asset_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -170,7 +170,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_name = htmlentities($row['login_name']);
|
||||
$login_name = nullable_htmlentities($row['login_name']);
|
||||
echo "<option value=\"$login_id\">$login_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -191,7 +191,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$domain_id = intval($row['domain_id']);
|
||||
$domain_name = htmlentities($row['domain_name']);
|
||||
$domain_name = nullable_htmlentities($row['domain_name']);
|
||||
echo "<option value=\"$domain_id\">$domain_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
@ -207,8 +207,8 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$cert_id = intval($row['certificate_id']);
|
||||
$cert_name = htmlentities($row['certificate_name']);
|
||||
$cert_domain = htmlentities($row['certificate_domain']);
|
||||
$cert_name = nullable_htmlentities($row['certificate_name']);
|
||||
$cert_domain = nullable_htmlentities($row['certificate_domain']);
|
||||
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@
|
|||
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$contact_id = intval($row_all['contact_id']);
|
||||
$contact_name = htmlentities($row_all['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row_all['contact_name']);
|
||||
|
||||
if (in_array($contact_id, $selected_ids)) {
|
||||
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$vendor_id = intval($row_all['vendor_id']);
|
||||
$vendor_name = htmlentities($row_all['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row_all['vendor_name']);
|
||||
|
||||
if (in_array($vendor_id, $selected_ids)) {
|
||||
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
|
||||
|
|
@ -153,7 +153,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$document_id = intval($row_all['document_id']);
|
||||
$document_name = htmlentities($row_all['document_name']);
|
||||
$document_name = nullable_htmlentities($row_all['document_name']);
|
||||
|
||||
if (in_array($document_id, $selected_ids)) {
|
||||
echo "<option value=\"$document_id\" selected>$document_name</option>";
|
||||
|
|
@ -186,7 +186,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$asset_id = intval($row_all['asset_id']);
|
||||
$asset_name = htmlentities($row_all['asset_name']);
|
||||
$asset_name = nullable_htmlentities($row_all['asset_name']);
|
||||
|
||||
if (in_array($asset_id, $selected_ids)) {
|
||||
echo "<option value=\"$asset_id\" selected>$asset_name</option>";
|
||||
|
|
@ -210,7 +210,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$login_id = intval($row_all['login_id']);
|
||||
$login_name = htmlentities($row_all['login_name']);
|
||||
$login_name = nullable_htmlentities($row_all['login_name']);
|
||||
|
||||
if (in_array($login_id, $selected_ids)) {
|
||||
echo "<option value=\"$login_id\" selected>$login_name</option>";
|
||||
|
|
@ -239,7 +239,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$domain_id = intval($row_all['domain_id']);
|
||||
$domain_name = htmlentities($row_all['domain_name']);
|
||||
$domain_name = nullable_htmlentities($row_all['domain_name']);
|
||||
|
||||
if (in_array($domain_id, $selected_ids)) {
|
||||
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
|
||||
|
|
@ -263,7 +263,7 @@
|
|||
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
|
||||
while ($row_all = mysqli_fetch_array($sql_all)) {
|
||||
$cert_id = intval($row_all['certificate_id']);
|
||||
$cert_name = htmlentities($row_all['certificate_name']);
|
||||
$cert_name = nullable_htmlentities($row_all['certificate_name']);
|
||||
|
||||
if (in_array($cert_id, $selected_ids)) {
|
||||
echo "<option value=\"$cert_id\" selected>$cert_name</option>";
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_assets)) {
|
||||
if (!empty($row['asset_ip'])) {
|
||||
$ip = '('.htmlentities($row["asset_ip"]).')';
|
||||
$ip = '('.nullable_htmlentities($row["asset_ip"]).')';
|
||||
} else {
|
||||
$ip = '';
|
||||
}
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
// Get networks linked to assets - push name to array
|
||||
while ($row = mysqli_fetch_array($sql_assets)) {
|
||||
if (!empty($row['network_name'])) {
|
||||
$network_data = htmlentities("$row[network_name]:$row[network_vlan]");
|
||||
$network_data = nullable_htmlentities("$row[network_name]:$row[network_vlan]");
|
||||
array_push($networks, $network_data);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<form autocomplete="off">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services">
|
||||
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Services">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -58,14 +58,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$service_id = intval($row['service_id']);
|
||||
$service_name = htmlentities($row['service_name']);
|
||||
$service_description = htmlentities($row['service_description']);
|
||||
$service_category = htmlentities($row['service_category']);
|
||||
$service_importance = htmlentities($row['service_importance']);
|
||||
$service_backup = htmlentities($row['service_backup']);
|
||||
$service_notes = htmlentities($row['service_notes']);
|
||||
$service_updated_at = htmlentities($row['service_updated_at']);
|
||||
$service_review_due = htmlentities($row['service_review_due']);
|
||||
$service_name = nullable_htmlentities($row['service_name']);
|
||||
$service_description = nullable_htmlentities($row['service_description']);
|
||||
$service_category = nullable_htmlentities($row['service_category']);
|
||||
$service_importance = nullable_htmlentities($row['service_importance']);
|
||||
$service_backup = nullable_htmlentities($row['service_backup']);
|
||||
$service_notes = nullable_htmlentities($row['service_notes']);
|
||||
$service_updated_at = nullable_htmlentities($row['service_updated_at']);
|
||||
$service_review_due = nullable_htmlentities($row['service_review_due']);
|
||||
|
||||
// Service Importance
|
||||
if ($service_importance == "High") {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Shared Items">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Shared Items">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -61,28 +61,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_active = htmlentities($row['item_active']);
|
||||
$item_key = htmlentities($row['item_key']);
|
||||
$item_type = htmlentities($row['item_type']);
|
||||
$item_active = nullable_htmlentities($row['item_active']);
|
||||
$item_key = nullable_htmlentities($row['item_key']);
|
||||
$item_type = nullable_htmlentities($row['item_type']);
|
||||
$item_related_id = intval($row['item_related_id']);
|
||||
$item_note = htmlentities($row['item_note']);
|
||||
$item_views = htmlentities($row['item_views']);
|
||||
$item_view_limit = htmlentities($row['item_view_limit']);
|
||||
$item_created_at = htmlentities($row['item_created_at']);
|
||||
$item_expire_at = htmlentities($row['item_expire_at']);
|
||||
$item_note = nullable_htmlentities($row['item_note']);
|
||||
$item_views = nullable_htmlentities($row['item_views']);
|
||||
$item_view_limit = nullable_htmlentities($row['item_view_limit']);
|
||||
$item_created_at = nullable_htmlentities($row['item_created_at']);
|
||||
$item_expire_at = nullable_htmlentities($row['item_expire_at']);
|
||||
|
||||
if ($item_type == 'Login') {
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = htmlentities($share_item['login_name']);
|
||||
$item_name = nullable_htmlentities($share_item['login_name']);
|
||||
} elseif ($item_type == 'Document') {
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = htmlentities($share_item['document_name']);
|
||||
$item_name = nullable_htmlentities($share_item['document_name']);
|
||||
} elseif ($item_type == 'File') {
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = htmlentities($share_item['file_name']);
|
||||
$item_name = nullable_htmlentities($share_item['file_name']);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<!-- Main Sidebar Container -->
|
||||
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
|
||||
<aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
|
||||
|
||||
<!-- Sidebar -->
|
||||
<div class="sidebar">
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Licenses">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -77,20 +77,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$software_id = intval($row['software_id']);
|
||||
$software_name = htmlentities($row['software_name']);
|
||||
$software_version = htmlentities($row['software_version']);
|
||||
$software_type = htmlentities($row['software_type']);
|
||||
$software_license_type = htmlentities($row['software_license_type']);
|
||||
$software_key = htmlentities($row['software_key']);
|
||||
$software_seats = htmlentities($row['software_seats']);
|
||||
$software_purchase = htmlentities($row['software_purchase']);
|
||||
$software_expire = htmlentities($row['software_expire']);
|
||||
$software_notes = htmlentities($row['software_notes']);
|
||||
$software_name = nullable_htmlentities($row['software_name']);
|
||||
$software_version = nullable_htmlentities($row['software_version']);
|
||||
$software_type = nullable_htmlentities($row['software_type']);
|
||||
$software_license_type = nullable_htmlentities($row['software_license_type']);
|
||||
$software_key = nullable_htmlentities($row['software_key']);
|
||||
$software_seats = nullable_htmlentities($row['software_seats']);
|
||||
$software_purchase = nullable_htmlentities($row['software_purchase']);
|
||||
$software_expire = nullable_htmlentities($row['software_expire']);
|
||||
$software_notes = nullable_htmlentities($row['software_notes']);
|
||||
|
||||
// Get Login
|
||||
$login_id = intval($row['login_id']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
$seat_count = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND software_archived_at IS NULL ORDER BY software_name ASC");
|
||||
while($row = mysqli_fetch_array($sql_software_templates)){
|
||||
$software_template_id = intval($row['software_id']);
|
||||
$software_template_name = htmlentities($row['software_name']);
|
||||
$software_template_name = nullable_htmlentities($row['software_name']);
|
||||
|
||||
?>
|
||||
<option value="<?php echo $software_template_id ?>"><?php echo $software_template_name; ?></option>
|
||||
|
|
|
|||
|
|
@ -140,9 +140,9 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$asset_id = intval($row['asset_id']);
|
||||
$asset_name = htmlentities($row['asset_name']);
|
||||
$asset_type = htmlentities($row['asset_type']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$asset_name = nullable_htmlentities($row['asset_name']);
|
||||
$asset_type = nullable_htmlentities($row['asset_type']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
@ -171,8 +171,8 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
|
|||
|
|
@ -141,9 +141,9 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_assets_select)) {
|
||||
$asset_id_select = intval($row['asset_id']);
|
||||
$asset_name_select = htmlentities($row['asset_name']);
|
||||
$asset_type_select = htmlentities($row['asset_type']);
|
||||
$contact_name_select = htmlentities($row['contact_name']);
|
||||
$asset_name_select = nullable_htmlentities($row['asset_name']);
|
||||
$asset_type_select = nullable_htmlentities($row['asset_type']);
|
||||
$contact_name_select = nullable_htmlentities($row['contact_name']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
@ -172,8 +172,8 @@
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_contacts_select)) {
|
||||
$contact_id_select = intval($row['contact_id']);
|
||||
$contact_name_select = htmlentities($row['contact_name']);
|
||||
$contact_email_select = htmlentities($row['contact_email']);
|
||||
$contact_name_select = nullable_htmlentities($row['contact_name']);
|
||||
$contact_email_select = nullable_htmlentities($row['contact_email']);
|
||||
|
||||
?>
|
||||
<li class="list-group-item">
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tickets">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Tickets">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -79,14 +79,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = htmlentities($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_details = htmlentities($row['ticket_details']);
|
||||
$ticket_priority = htmlentities($row['ticket_priority']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = htmlentities($row['ticket_updated_at']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = nullable_htmlentities($row['ticket_number']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_details = nullable_htmlentities($row['ticket_details']);
|
||||
$ticket_priority = nullable_htmlentities($row['ticket_priority']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
$ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
|
||||
$ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
|
||||
if (empty($ticket_updated_at)) {
|
||||
if ($ticket_status == "Closed") {
|
||||
$ticket_updated_at_display = "<p>Never</p>";
|
||||
|
|
@ -96,7 +96,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
} else {
|
||||
$ticket_updated_at_display = $ticket_updated_at;
|
||||
}
|
||||
$ticket_closed_at = htmlentities($row['ticket_closed_at']);
|
||||
$ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']);
|
||||
|
||||
if ($ticket_status == "Open") {
|
||||
$ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>";
|
||||
|
|
@ -123,19 +123,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
$ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
|
||||
}
|
||||
} else {
|
||||
$ticket_assigned_to_display = htmlentities($row['user_name']);
|
||||
$ticket_assigned_to_display = nullable_htmlentities($row['user_name']);
|
||||
}
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
if (empty($contact_name)) {
|
||||
$contact_display = "-";
|
||||
} else {
|
||||
$contact_display = "$contact_name<br><small class='text-secondary'>$contact_email</small>";
|
||||
}
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
|
||||
$asset_id = intval($row['asset_id']);
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Trips">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -70,13 +70,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$trip_id = intval($row['trip_id']);
|
||||
$trip_date = htmlentities($row['trip_date']);
|
||||
$trip_purpose = htmlentities($row['trip_purpose']);
|
||||
$trip_source = htmlentities($row['trip_source']);
|
||||
$trip_destination = htmlentities($row['trip_destination']);
|
||||
$trip_miles = htmlentities($row['trip_miles']);
|
||||
$trip_date = nullable_htmlentities($row['trip_date']);
|
||||
$trip_purpose = nullable_htmlentities($row['trip_purpose']);
|
||||
$trip_source = nullable_htmlentities($row['trip_source']);
|
||||
$trip_destination = nullable_htmlentities($row['trip_destination']);
|
||||
$trip_miles = nullable_htmlentities($row['trip_miles']);
|
||||
$trip_user_id = intval($row['trip_user_id']);
|
||||
$round_trip = htmlentities($row['round_trip']);
|
||||
$round_trip = nullable_htmlentities($row['round_trip']);
|
||||
$client_id = intval($row['trip_client_id']);
|
||||
|
||||
if ($round_trip == 1) {
|
||||
|
|
@ -84,7 +84,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
} else {
|
||||
$round_trip_display = "";
|
||||
}
|
||||
$user_name = htmlentities($row['user_name']);
|
||||
$user_name = nullable_htmlentities($row['user_name']);
|
||||
if (empty($user_name)) {
|
||||
$user_name_display = "-";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Vendors">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -75,28 +75,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_description = htmlentities($row['vendor_description']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
$vendor_description = nullable_htmlentities($row['vendor_description']);
|
||||
if (empty($vendor_description)) {
|
||||
$vendor_description_display = "-";
|
||||
} else {
|
||||
$vendor_description_display = $vendor_description;
|
||||
}
|
||||
$vendor_account_number = htmlentities($row['vendor_account_number']);
|
||||
$vendor_contact_name = htmlentities($row['vendor_contact_name']);
|
||||
$vendor_account_number = nullable_htmlentities($row['vendor_account_number']);
|
||||
$vendor_contact_name = nullable_htmlentities($row['vendor_contact_name']);
|
||||
if (empty($vendor_contact_name)) {
|
||||
$vendor_contact_name_display = "-";
|
||||
} else {
|
||||
$vendor_contact_name_display = $vendor_contact_name;
|
||||
}
|
||||
$vendor_phone = formatPhoneNumber($row['vendor_phone']);
|
||||
$vendor_extension = htmlentities($row['vendor_extension']);
|
||||
$vendor_email = htmlentities($row['vendor_email']);
|
||||
$vendor_website = htmlentities($row['vendor_website']);
|
||||
$vendor_hours = htmlentities($row['vendor_hours']);
|
||||
$vendor_sla = htmlentities($row['vendor_sla']);
|
||||
$vendor_code = htmlentities($row['vendor_code']);
|
||||
$vendor_notes = htmlentities($row['vendor_notes']);
|
||||
$vendor_extension = nullable_htmlentities($row['vendor_extension']);
|
||||
$vendor_email = nullable_htmlentities($row['vendor_email']);
|
||||
$vendor_website = nullable_htmlentities($row['vendor_website']);
|
||||
$vendor_hours = nullable_htmlentities($row['vendor_hours']);
|
||||
$vendor_sla = nullable_htmlentities($row['vendor_sla']);
|
||||
$vendor_code = nullable_htmlentities($row['vendor_code']);
|
||||
$vendor_notes = nullable_htmlentities($row['vendor_notes']);
|
||||
$vendor_template_id = intval($row['vendor_template_id']);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ function addReply($from_email, $date, $subject, $ticket_number, $message, $attac
|
|||
// Capture just the latest/most recent email reply content
|
||||
// based off the "#--itflow#" line that we prepend the outgoing emails with (similar to the old school --reply above this line--)
|
||||
$message = explode("##- Please type your reply above this line -##", $message);
|
||||
$message = nl2br(htmlentities(strip_tags($message[0])));
|
||||
$message = nl2br(nullable_htmlentities(strip_tags($message[0])));
|
||||
$message = "<i>Email from: $from_email at $date:-</i> <br><br>$message";
|
||||
|
||||
// Lookup the ticket ID
|
||||
|
|
@ -312,13 +312,13 @@ if ($emails) {
|
|||
// Process message attributes
|
||||
|
||||
$from_array = $parser->getAddresses('from')[0];
|
||||
$from_name = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($from_array['display']))));
|
||||
$from_email = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($from_array['address']))));
|
||||
$from_name = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($from_array['display']))));
|
||||
$from_email = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($from_array['address']))));
|
||||
$from_domain = explode("@", $from_array['address']);
|
||||
$from_domain = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags(end($from_domain))))); // Use the final element in the array (as technically legal to have multiple @'s)
|
||||
$from_domain = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags(end($from_domain))))); // Use the final element in the array (as technically legal to have multiple @'s)
|
||||
|
||||
$subject = sanitizeInput($parser->getHeader('subject'));
|
||||
$date = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($parser->getHeader('date')))));
|
||||
$date = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($parser->getHeader('date')))));
|
||||
$attachments = $parser->getAttachments();
|
||||
|
||||
$message = $parser->getMessageBody('text');
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@
|
|||
<div class="modal-dialog">
|
||||
<div class="modal-content bg-dark">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>Create <?php echo htmlentities($table); ?> field</h5>
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>Create <?php echo nullable_htmlentities($table); ?> field</h5>
|
||||
<button type="button" class="close text-white" data-dismiss="modal">
|
||||
<span>×</span>
|
||||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="table" value="<?php echo htmlentities($table); ?>">
|
||||
<input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
|
|
|
|||
|
|
@ -320,7 +320,7 @@ $vendors_added = intval($row['vendors_added']);
|
|||
<?php
|
||||
while ($row = mysqli_fetch_array($sql_accounts)) {
|
||||
$account_id = intval($row['account_id']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
|
||||
?>
|
||||
|
|
@ -379,11 +379,11 @@ $vendors_added = intval($row['vendors_added']);
|
|||
<tbody>
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($sql_latest_invoice_payments)) {
|
||||
$payment_date = htmlentities($row['payment_date']);
|
||||
$payment_date = nullable_htmlentities($row['payment_date']);
|
||||
$payment_amount = floatval($row['payment_amount']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<tr>
|
||||
<td><?php echo $payment_date; ?></td>
|
||||
|
|
@ -422,10 +422,10 @@ $vendors_added = intval($row['vendors_added']);
|
|||
<tbody>
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($sql_latest_expenses)) {
|
||||
$expense_date = htmlentities($row['expense_date']);
|
||||
$expense_date = nullable_htmlentities($row['expense_date']);
|
||||
$expense_amount = floatval($row['expense_amount']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$account_id = intval($row['account_id']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
|
||||
|
|
@ -86,7 +86,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$vendor_id = intval($row['vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
|
||||
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
@ -164,7 +164,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
$sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts ORDER BY account_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_accounts)) {
|
||||
$account_id_select = intval($row['account_id']);
|
||||
$account_name_select = htmlentities($row['account_name']);
|
||||
$account_name_select = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
|
||||
|
|
@ -85,7 +85,7 @@
|
|||
$sql_vendors = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_id_select = intval($row['vendor_id']);
|
||||
$vendor_name_select = htmlentities($row['vendor_name']);
|
||||
$vendor_name_select = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
|
||||
<?php
|
||||
|
|
@ -127,7 +127,7 @@
|
|||
$sql_categories = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_categories)) {
|
||||
$category_id_select = intval($row['category_id']);
|
||||
$category_name_select = htmlentities($row['category_name']);
|
||||
$category_name_select = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
|
||||
<?php
|
||||
|
|
@ -155,7 +155,7 @@
|
|||
$sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_clients)) {
|
||||
$client_id_select = intval($row['client_id']);
|
||||
$client_name_select = htmlentities($row['client_name']);
|
||||
$client_name_select = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
$sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_accounts)) {
|
||||
$account_id_select = intval($row['account_id']);
|
||||
$account_name_select = htmlentities($row['account_name']);
|
||||
$account_name_select = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
$sql_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_select)) {
|
||||
$vendor_id_select = intval($row['vendor_id']);
|
||||
$vendor_name_select = htmlentities($row['vendor_name']);
|
||||
$vendor_name_select = nullable_htmlentities($row['vendor_name']);
|
||||
?>
|
||||
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
|
||||
<?php
|
||||
|
|
@ -133,7 +133,7 @@
|
|||
$sql_select = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_select)) {
|
||||
$category_id_select = intval($row['category_id']);
|
||||
$category_name_select = htmlentities($row['category_name']);
|
||||
$category_name_select = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
|
||||
<?php
|
||||
|
|
@ -164,7 +164,7 @@
|
|||
$sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_clients)) {
|
||||
$client_id_select = intval($row['client_id']);
|
||||
$client_name_select = htmlentities($row['client_name']);
|
||||
$client_name_select = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
|
||||
</div>
|
||||
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
@ -28,7 +28,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
|
||||
</div>
|
||||
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
26
expenses.php
26
expenses.php
|
|
@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Expenses">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Expenses">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
|
|
@ -73,13 +73,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date From</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date To</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -105,20 +105,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$expense_id = intval($row['expense_id']);
|
||||
$expense_date = htmlentities($row['expense_date']);
|
||||
$expense_date = nullable_htmlentities($row['expense_date']);
|
||||
$expense_amount = floatval($row['expense_amount']);
|
||||
$expense_currency_code = htmlentities($row['expense_currency_code']);
|
||||
$expense_description = htmlentities($row['expense_description']);
|
||||
$expense_receipt = htmlentities($row['expense_receipt']);
|
||||
$expense_reference = htmlentities($row['expense_reference']);
|
||||
$expense_created_at = htmlentities($row['expense_created_at']);
|
||||
$expense_currency_code = nullable_htmlentities($row['expense_currency_code']);
|
||||
$expense_description = nullable_htmlentities($row['expense_description']);
|
||||
$expense_receipt = nullable_htmlentities($row['expense_receipt']);
|
||||
$expense_reference = nullable_htmlentities($row['expense_reference']);
|
||||
$expense_created_at = nullable_htmlentities($row['expense_created_at']);
|
||||
$expense_vendor_id = intval($row['expense_vendor_id']);
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
$expense_category_id = intval($row['expense_category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
$expense_account_id = intval($row['expense_account_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
if(empty($client_name)) {
|
||||
$client_name_display = "-";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ function key32gen()
|
|||
}
|
||||
|
||||
function nullable_htmlentities($unsanitizedInput) {
|
||||
return htmlentities($unsanitizedInput ?? '');
|
||||
return nullable_htmlentities($unsanitizedInput ?? '');
|
||||
}
|
||||
|
||||
function initials($str) {
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ if (isset($_GET['host'])) {
|
|||
if (mysqli_num_rows($sql_logins) > 0) {
|
||||
$row = mysqli_fetch_array($sql_logins);
|
||||
$data['found'] = "TRUE";
|
||||
$data['username'] = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$data['username'] = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
|
||||
echo json_encode($data);
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ if (isset($_GET['query'])) {
|
|||
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') ORDER BY ticket_id DESC LIMIT 5");
|
||||
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' ORDER BY login_id DESC LIMIT 5");
|
||||
|
||||
$q = htmlentities($_GET['query']);
|
||||
$q = nullable_htmlentities($_GET['query']);
|
||||
?>
|
||||
|
||||
<h4 class="text-center"><i class="fas fa-fw fa-search mr-2"></i>Search all things</h4>
|
||||
|
|
@ -50,9 +50,9 @@ if (isset($_GET['query'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_clients)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$location_phone = formatPhoneNumber($row['location_phone']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -95,15 +95,15 @@ if (isset($_GET['query'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_contacts)) {
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$contact_department = htmlentities($row['contact_department']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$contact_department = nullable_htmlentities($row['contact_department']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -148,8 +148,8 @@ if (isset($_GET['query'])) {
|
|||
<?php
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_vendors)) {
|
||||
$vendor_name = htmlentities($row['vendor_name']);
|
||||
$vendor_description = htmlentities($row['vendor_description']);
|
||||
$vendor_name = nullable_htmlentities($row['vendor_name']);
|
||||
$vendor_description = nullable_htmlentities($row['vendor_description']);
|
||||
$vendor_phone = formatPhoneNumber($row['vendor_phone']);
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -189,8 +189,8 @@ if (isset($_GET['query'])) {
|
|||
<?php
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_products)) {
|
||||
$product_name = htmlentities($row['product_name']);
|
||||
$product_description = htmlentities($row['product_description']);
|
||||
$product_name = nullable_htmlentities($row['product_name']);
|
||||
$product_description = nullable_htmlentities($row['product_description']);
|
||||
?>
|
||||
<tr>
|
||||
<td><a href="products.php?q=<?php echo $q ?>"><?php echo $product_name; ?></a></td>
|
||||
|
|
@ -229,9 +229,9 @@ if (isset($_GET['query'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_documents)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$client_id = intval($row['document_client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -275,11 +275,11 @@ if (isset($_GET['query'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_client = htmlentities($row['client_name']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_client = nullable_htmlentities($row['client_name']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -322,10 +322,10 @@ if (isset($_GET['query'])) {
|
|||
<?php
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_logins)) {
|
||||
$login_name = htmlentities($row['login_name']);
|
||||
$login_name = nullable_htmlentities($row['login_name']);
|
||||
$login_client_id = intval($row['login_client_id']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -42,12 +42,12 @@ if (isset($_GET['stripe_create_pi'])) {
|
|||
|
||||
// Invoice exists - get details for payment
|
||||
$row = mysqli_fetch_array($invoice_sql);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
|
||||
// Add up all the payments for the invoice and get the total amount paid to the invoice
|
||||
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
|
|||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<meta name="robots" content="noindex">
|
||||
|
||||
<title><?php echo htmlentities($config_app_name); ?></title>
|
||||
<title><?php echo nullable_htmlentities($config_app_name); ?></title>
|
||||
|
||||
<!-- Font Awesome Icons -->
|
||||
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
|
||||
|
|
@ -52,7 +52,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
|
|||
}
|
||||
?>
|
||||
<div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
|
||||
<?php echo htmlentities($_SESSION['alert_message']); ?>
|
||||
<?php echo nullable_htmlentities($_SESSION['alert_message']); ?>
|
||||
<button class='close' data-dismiss='alert'>×</button>
|
||||
</div>
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ DEFINE("WORDING_PAYMENT_FAILED", "<br><h2>There was an error verifying your paym
|
|||
// Defaulting to company id of 1 (as multi-company is being removed)
|
||||
$stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account FROM settings WHERE company_id = 1"));
|
||||
$config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
|
||||
$config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishable']);
|
||||
$config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']);
|
||||
$config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']);
|
||||
$config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
|
||||
$config_stripe_account = intval($stripe_vars['config_stripe_account']);
|
||||
|
||||
// Check Stripe is configured
|
||||
|
|
@ -50,19 +50,19 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
|
|||
// Process invoice, client and company details/settings
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_locale = htmlentities($row['company_locale']);
|
||||
$company_locale = nullable_htmlentities($row['company_locale']);
|
||||
|
||||
// Add up all the payments for the invoice and get the total amount paid to the invoice
|
||||
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
|
||||
|
|
@ -105,7 +105,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
|
|||
$item_total = 0;
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_invoice_items)) {
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_total = floatval($row['item_total']);
|
||||
?>
|
||||
|
|
@ -208,22 +208,22 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
|
|||
// Invoice exists - get details
|
||||
$row = mysqli_fetch_array($invoice_sql);
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$contact_name = $row['contact_name'];
|
||||
$contact_email = $row['contact_email'];
|
||||
|
||||
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql_company);
|
||||
|
||||
$company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name']));
|
||||
$company_phone = htmlentities($row['company_phone']);
|
||||
$company_locale = htmlentities($row['company_locale']);
|
||||
$company_name = mysqli_real_escape_string($mysqli, nullable_htmlentities($row['company_name']));
|
||||
$company_phone = nullable_htmlentities($row['company_phone']);
|
||||
$company_locale = nullable_htmlentities($row['company_locale']);
|
||||
|
||||
// Set Currency Formatting
|
||||
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
|
||||
|
|
|
|||
|
|
@ -31,28 +31,28 @@ if (mysqli_num_rows($sql) !== 1) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_note = htmlentities($row['invoice_note']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_note = nullable_htmlentities($row['invoice_note']);
|
||||
$invoice_category_id = intval($row['invoice_category_id']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_name_escaped = sanitizeInput($row['client_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = intval($row['config_default_net_terms']);
|
||||
|
|
@ -61,20 +61,20 @@ if ($client_net_terms == 0) {
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_name = htmlentities($row['company_name']);
|
||||
$company_address = htmlentities($row['company_address']);
|
||||
$company_city = htmlentities($row['company_city']);
|
||||
$company_state = htmlentities($row['company_state']);
|
||||
$company_zip = htmlentities($row['company_zip']);
|
||||
$company_name = nullable_htmlentities($row['company_name']);
|
||||
$company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = htmlentities($row['company_email']);
|
||||
$company_website = htmlentities($row['company_website']);
|
||||
$company_logo = htmlentities($row['company_logo']);
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
if (!empty($company_logo)) {
|
||||
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
|
||||
}
|
||||
$company_locale = htmlentities($row['company_locale']);
|
||||
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
|
||||
$company_locale = nullable_htmlentities($row['company_locale']);
|
||||
$config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']);
|
||||
$config_stripe_enable = intval($row['config_stripe_enable']);
|
||||
|
||||
//Set Currency Format
|
||||
|
|
@ -212,8 +212,8 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_invoice_items)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_description = htmlentities($row['item_description']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_description = nullable_htmlentities($row['item_description']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_price = floatval($row['item_price']);
|
||||
$item_tax = floatval($row['item_tax']);
|
||||
|
|
@ -734,13 +734,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
|
||||
$difference = time() - strtotime($invoice_due);
|
||||
$days = floor($difference / (60*60*24));
|
||||
|
|
@ -792,13 +792,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
|
||||
$difference = strtotime($invoice_due) - time();
|
||||
$days = floor($difference / (60*60*24));
|
||||
|
|
@ -850,13 +850,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
|
||||
|
||||
?>
|
||||
|
|
@ -878,11 +878,11 @@ if (mysqli_num_rows($sql) > 1) { ?>
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_payments)) {
|
||||
$payment_id = intval($row['payment_id']);
|
||||
$payment_date = htmlentities($row['payment_date']);
|
||||
$payment_date = nullable_htmlentities($row['payment_date']);
|
||||
$payment_amount = floatval($row['payment_amount']);
|
||||
$payment_currency_code = htmlentities($row['payment_currency_code']);
|
||||
$payment_method = htmlentities($row['payment_method']);
|
||||
$payment_reference = htmlentities($row['payment_reference']);
|
||||
$payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
|
||||
$payment_method = nullable_htmlentities($row['payment_method']);
|
||||
$payment_reference = nullable_htmlentities($row['payment_reference']);
|
||||
if (strtotime($payment_date) > strtotime($invoice_due)) {
|
||||
$payment_note = "Late";
|
||||
$difference = strtotime($payment_date) - strtotime($invoice_due);
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ $purifier = new HTMLPurifier($purifier_config);
|
|||
?>
|
||||
|
||||
<br>
|
||||
<h1> <?php echo htmlentities($config_app_name); ?> Guest sharing </h1>
|
||||
<h1> <?php echo nullable_htmlentities($config_app_name); ?> Guest sharing </h1>
|
||||
<hr>
|
||||
|
||||
<?php
|
||||
|
|
@ -49,13 +49,13 @@ if ($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']
|
|||
|
||||
echo "<div class='alert alert-warning'>You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
|
||||
|
||||
$item_type = htmlentities($row['item_type']);
|
||||
$item_type = nullable_htmlentities($row['item_type']);
|
||||
$item_related_id = intval($row['item_related_id']);
|
||||
$item_encrypted_credential = htmlentities($row['item_encrypted_credential']);
|
||||
$item_note = htmlentities($row['item_note']);
|
||||
$item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']);
|
||||
$item_note = nullable_htmlentities($row['item_note']);
|
||||
$item_views = intval($row['item_views']);
|
||||
$item_created = htmlentities($row['item_created_at']);
|
||||
$item_expire = htmlentities($row['item_expire_at']);
|
||||
$item_created = nullable_htmlentities($row['item_created_at']);
|
||||
$item_expire = nullable_htmlentities($row['item_expire_at']);
|
||||
$client_id = intval($row['item_client_id']);
|
||||
|
||||
if ($item_type == "Document") {
|
||||
|
|
@ -68,7 +68,7 @@ if ($item_type == "Document") {
|
|||
exit();
|
||||
}
|
||||
|
||||
$doc_title = htmlentities($doc_row['document_name']);
|
||||
$doc_title = nullable_htmlentities($doc_row['document_name']);
|
||||
$doc_title_escaped = sanitizeInput($doc_row['document_name']);
|
||||
$doc_content = $purifier->purify($row['document_content']);
|
||||
|
||||
|
|
@ -98,7 +98,7 @@ if ($item_type == "Document") {
|
|||
exit();
|
||||
}
|
||||
|
||||
$file_name = htmlentities($file_row['file_name']);
|
||||
$file_name = nullable_htmlentities($file_row['file_name']);
|
||||
|
||||
echo "<h3>A file has been shared with you</h3>";
|
||||
if (!empty($item_note)) {
|
||||
|
|
@ -118,19 +118,19 @@ if ($item_type == "Document") {
|
|||
exit();
|
||||
}
|
||||
|
||||
$login_name = htmlentities($login_row['login_name']);
|
||||
$login_uri = htmlentities($login_row['login_uri']);
|
||||
$login_name = nullable_htmlentities($login_row['login_name']);
|
||||
$login_uri = nullable_htmlentities($login_row['login_uri']);
|
||||
|
||||
$username_iv = substr($row['item_encrypted_username'], 0, 16);
|
||||
$username_ciphertext = substr($row['item_encrypted_username'], 16);
|
||||
$login_username = htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
|
||||
$login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
|
||||
|
||||
$password_iv = substr($row['item_encrypted_credential'], 0, 16);
|
||||
$password_ciphertext = substr($row['item_encrypted_credential'], 16);
|
||||
$login_password = htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
|
||||
$login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
|
||||
|
||||
$login_otp = htmlentities($login_row['login_otp_secret']);
|
||||
$login_notes = htmlentities($login_row['login_note']);
|
||||
$login_otp = nullable_htmlentities($login_row['login_otp_secret']);
|
||||
$login_notes = nullable_htmlentities($login_row['login_note']);
|
||||
|
||||
echo "<h3>A login entry has been shared with you</h3>";
|
||||
if (!empty($item_note)) {
|
||||
|
|
|
|||
|
|
@ -32,27 +32,27 @@ if (mysqli_num_rows($sql) !== 1) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = intval($row['quote_number']);
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_currency_code = htmlentities($row['quote_currency_code']);
|
||||
$quote_note = htmlentities($row['quote_note']);
|
||||
$quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
|
||||
$quote_note = nullable_htmlentities($row['quote_note']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_name_escaped = sanitizeInput($row['client_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = intval($row['config_default_net_terms']);
|
||||
|
|
@ -60,20 +60,20 @@ if ($client_net_terms == 0) {
|
|||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_name = htmlentities($row['company_name']);
|
||||
$company_address = htmlentities($row['company_address']);
|
||||
$company_city = htmlentities($row['company_city']);
|
||||
$company_state = htmlentities($row['company_state']);
|
||||
$company_zip = htmlentities($row['company_zip']);
|
||||
$company_name = nullable_htmlentities($row['company_name']);
|
||||
$company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = htmlentities($row['company_email']);
|
||||
$company_website = htmlentities($row['company_website']);
|
||||
$company_logo = htmlentities($row['company_logo']);
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
if (!empty($company_logo)) {
|
||||
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
|
||||
}
|
||||
$company_locale = htmlentities($row['company_locale']);
|
||||
$config_quote_footer = htmlentities($row['config_quote_footer']);
|
||||
$company_locale = nullable_htmlentities($row['company_locale']);
|
||||
$config_quote_footer = nullable_htmlentities($row['config_quote_footer']);
|
||||
|
||||
//Set Currency Format
|
||||
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
|
||||
|
|
@ -189,8 +189,8 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_items)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_description = htmlentities($row['item_description']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_description = nullable_htmlentities($row['item_description']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_price = floatval($row['item_price']);
|
||||
$item_tax = floatval($row['item_tax']);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ header("X-Frame-Options: DENY");
|
|||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<meta name="robots" content="noindex">
|
||||
|
||||
<title><?php echo htmlentities($session_company_name); ?> | <?php echo htmlentities($config_app_name); ?></title>
|
||||
<title><?php echo nullable_htmlentities($session_company_name); ?> | <?php echo nullable_htmlentities($config_app_name); ?></title>
|
||||
|
||||
<!-- Font Awesome Icons -->
|
||||
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
|
||||
|
|
@ -36,5 +36,5 @@ header("X-Frame-Options: DENY");
|
|||
<script src="plugins/toastr/toastr.min.js"></script>
|
||||
|
||||
</head>
|
||||
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo htmlentities($config_theme); ?>">
|
||||
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo nullable_htmlentities($config_theme); ?>">
|
||||
<div class="wrapper text-sm">
|
||||
|
|
|
|||
|
|
@ -25,35 +25,35 @@ if (isset($_GET['client_id'])) {
|
|||
} else {
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_type = htmlentities($row['client_type']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_referral = htmlentities($row['client_referral']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_type = nullable_htmlentities($row['client_type']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_referral = nullable_htmlentities($row['client_referral']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = $config_default_net_terms;
|
||||
}
|
||||
$client_tax_id_number = htmlentities($row['client_tax_id_number']);
|
||||
$client_tax_id_number = nullable_htmlentities($row['client_tax_id_number']);
|
||||
$client_rate = floatval($row['client_rate']);
|
||||
$client_notes = htmlentities($row['client_notes']);
|
||||
$client_created_at = htmlentities($row['client_created_at']);
|
||||
$client_notes = nullable_htmlentities($row['client_notes']);
|
||||
$client_created_at = nullable_htmlentities($row['client_created_at']);
|
||||
$primary_contact = intval($row['primary_contact']);
|
||||
$primary_location = intval($row['primary_location']);
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_name = htmlentities($row['location_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$location_country = htmlentities($row['location_country']);
|
||||
$location_name = nullable_htmlentities($row['location_name']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$location_country = nullable_htmlentities($row['location_country']);
|
||||
$location_phone = formatPhoneNumber($row['location_phone']);
|
||||
|
||||
//Client Tags
|
||||
|
|
@ -64,9 +64,9 @@ if (isset($_GET['client_id'])) {
|
|||
while ($row = mysqli_fetch_array($sql_client_tags)) {
|
||||
|
||||
$client_tag_id = intval($row['tag_id']);
|
||||
$client_tag_name = htmlentities($row['tag_name']);
|
||||
$client_tag_color = htmlentities($row['tag_color']);
|
||||
$client_tag_icon = htmlentities($row['tag_icon']);
|
||||
$client_tag_name = nullable_htmlentities($row['tag_name']);
|
||||
$client_tag_color = nullable_htmlentities($row['tag_color']);
|
||||
$client_tag_icon = nullable_htmlentities($row['tag_icon']);
|
||||
if (empty($client_tag_icon)) {
|
||||
$client_tag_icon = "tag";
|
||||
}
|
||||
|
|
|
|||
76
invoice.php
76
invoice.php
|
|
@ -23,30 +23,30 @@ if (isset($_GET['invoice_id'])) {
|
|||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_scope = htmlentities($row['invoice_scope']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_note = htmlentities($row['invoice_note']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_created_at = htmlentities($row['invoice_created_at']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_note = nullable_htmlentities($row['invoice_note']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
$invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
|
||||
$category_id = intval($row['invoice_category_id']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = $config_default_net_terms;
|
||||
|
|
@ -55,16 +55,16 @@ if (isset($_GET['invoice_id'])) {
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_id = intval($row['company_id']);
|
||||
$company_name = htmlentities($row['company_name']);
|
||||
$company_country = htmlentities($row['company_country']);
|
||||
$company_address = htmlentities($row['company_address']);
|
||||
$company_city = htmlentities($row['company_city']);
|
||||
$company_state = htmlentities($row['company_state']);
|
||||
$company_zip = htmlentities($row['company_zip']);
|
||||
$company_name = nullable_htmlentities($row['company_name']);
|
||||
$company_country = nullable_htmlentities($row['company_country']);
|
||||
$company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = htmlentities($row['company_email']);
|
||||
$company_website = htmlentities($row['company_website']);
|
||||
$company_logo = htmlentities($row['company_logo']);
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
if (!empty($company_logo)) {
|
||||
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
|
||||
}
|
||||
|
|
@ -273,13 +273,13 @@ if (isset($_GET['invoice_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_invoice_items)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_description = htmlentities($row['item_description']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_description = nullable_htmlentities($row['item_description']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_price = floatval($row['item_price']);
|
||||
$item_tax = floatval($row['item_tax']);
|
||||
$item_total = floatval($row['item_total']);
|
||||
$item_created_at = htmlentities($row['item_created_at']);
|
||||
$item_created_at = nullable_htmlentities($row['item_created_at']);
|
||||
$tax_id = intval($row['item_tax_id']);
|
||||
$total_tax = $item_tax + $total_tax;
|
||||
$sub_total = $item_price * $item_quantity + $sub_total;
|
||||
|
|
@ -336,7 +336,7 @@ if (isset($_GET['invoice_id'])) {
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
@ -406,7 +406,7 @@ if (isset($_GET['invoice_id'])) {
|
|||
|
||||
<hr class="d-none d-print-block mt-5">
|
||||
|
||||
<div class="d-none d-print-block text-center"><?php echo nl2br(htmlentities($config_invoice_footer)); ?></div>
|
||||
<div class="d-none d-print-block text-center"><?php echo nl2br(nullable_htmlentities($config_invoice_footer)); ?></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
@ -438,8 +438,8 @@ if (isset($_GET['invoice_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_history)) {
|
||||
$history_created_at = $row['history_created_at'];
|
||||
$history_status = htmlentities($row['history_status']);
|
||||
$history_description = htmlentities($row['history_description']);
|
||||
$history_status = nullable_htmlentities($row['history_status']);
|
||||
$history_description = nullable_htmlentities($row['history_description']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
@ -486,11 +486,11 @@ if (isset($_GET['invoice_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_payments)) {
|
||||
$payment_id = intval($row['payment_id']);
|
||||
$payment_date = htmlentities($row['payment_date']);
|
||||
$payment_date = nullable_htmlentities($row['payment_date']);
|
||||
$payment_amount = floatval($row['payment_amount']);
|
||||
$payment_currency_code = htmlentities($row['payment_currency_code']);
|
||||
$payment_reference = htmlentities($row['payment_reference']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
|
||||
$payment_reference = nullable_htmlentities($row['payment_reference']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
|
||||
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@
|
|||
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_income_category)) {
|
||||
$category_id_select= intval($row['category_id']);
|
||||
$category_name_select = htmlentities($row['category_name']);
|
||||
$category_name_select = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$account_id = intval($row['account_id']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
|
||||
|
|
@ -96,7 +96,7 @@
|
|||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($config_default_payment_method == $category_name) { echo "selected"; } ?>><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
|
|||
26
invoices.php
26
invoices.php
|
|
@ -155,11 +155,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
<div class="card-body">
|
||||
<form class="mb-4" autocomplete="off">
|
||||
<input type="hidden" name="status" value="<?php if (isset($_GET['status'])) { echo htmlentities($_GET['status']); } ?>">
|
||||
<input type="hidden" name="status" value="<?php if (isset($_GET['status'])) { echo nullable_htmlentities($_GET['status']); } ?>">
|
||||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Invoices">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
|
|
@ -221,25 +221,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = htmlentities($row['invoice_number']);
|
||||
$invoice_scope = htmlentities($row['invoice_scope']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = nullable_htmlentities($row['invoice_number']);
|
||||
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
|
||||
if (empty($invoice_scope)) {
|
||||
$invoice_scope_display = "-";
|
||||
} else {
|
||||
$invoice_scope_display = $invoice_scope;
|
||||
}
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
|
||||
$invoice_created_at = htmlentities($row['invoice_created_at']);
|
||||
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
|
||||
$invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = $config_default_net_terms;
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id_select = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option <?php if ($tax_id_select == $tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
|
|||
|
|
@ -228,7 +228,7 @@ if (isset($_POST['login'])) {
|
|||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title><?php echo htmlentities($company_name); ?> | Login</title>
|
||||
<title><?php echo nullable_htmlentities($company_name); ?> | Login</title>
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex">
|
||||
|
|
@ -244,7 +244,7 @@ if (isset($_POST['login'])) {
|
|||
<div class="login-box">
|
||||
<div class="login-logo">
|
||||
<?php if (!empty($company_logo)) { ?>
|
||||
<img alt="<?=htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
|
||||
<img alt="<?=nullable_htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
|
||||
<?php } else { ?>
|
||||
<b>IT</b>Flow
|
||||
<?php } ?>
|
||||
|
|
|
|||
22
logs.php
22
logs.php
|
|
@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search audit logs">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
|
|
@ -61,13 +61,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date From</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date To</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -94,22 +94,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$log_id = intval($row['log_id']);
|
||||
$log_type = htmlentities($row['log_type']);
|
||||
$log_action = htmlentities($row['log_action']);
|
||||
$log_description = htmlentities($row['log_description']);
|
||||
$log_ip = htmlentities($row['log_ip']);
|
||||
$log_user_agent = htmlentities($row['log_user_agent']);
|
||||
$log_type = nullable_htmlentities($row['log_type']);
|
||||
$log_action = nullable_htmlentities($row['log_action']);
|
||||
$log_description = nullable_htmlentities($row['log_description']);
|
||||
$log_ip = nullable_htmlentities($row['log_ip']);
|
||||
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
|
||||
$log_user_os = getOS($log_user_agent);
|
||||
$log_user_browser = getWebBrowser($log_user_agent);
|
||||
$log_created_at = htmlentities($row['log_created_at']);
|
||||
$log_created_at = nullable_htmlentities($row['log_created_at']);
|
||||
$user_id = intval($row['user_id']);
|
||||
$user_name = htmlentities($row['user_name']);
|
||||
$user_name = nullable_htmlentities($row['user_name']);
|
||||
if (empty($user_name)) {
|
||||
$user_name_display = "-";
|
||||
} else {
|
||||
$user_name_display = $user_name;
|
||||
}
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_id = intval($row['client_id']);
|
||||
if (empty($client_name)) {
|
||||
$client_name_display = "-";
|
||||
|
|
|
|||
|
|
@ -34,10 +34,10 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$notification_id = intval($row['notification_id']);
|
||||
$notification_type = htmlentities($row['notification_type']);
|
||||
$notification = htmlentities($row['notification']);
|
||||
$notification_timestamp = htmlentities($row['notification_timestamp']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$notification_type = nullable_htmlentities($row['notification_type']);
|
||||
$notification = nullable_htmlentities($row['notification']);
|
||||
$notification_timestamp = nullable_htmlentities($row['notification_timestamp']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_id = intval($row['client_id']);
|
||||
if (empty($client_name)) {
|
||||
$client_name_display = "-";
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -51,13 +51,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date From</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date To</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -123,12 +123,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$notification_id = intval($row['notification_id']);
|
||||
$notification_timestamp = htmlentities($row['notification_timestamp']);
|
||||
$notification_type = htmlentities($row['notification_type']);
|
||||
$notification = htmlentities($row['notification']);
|
||||
$notification_dismissed_at = htmlentities($row['notification_dismissed_at']);
|
||||
$user_name = htmlentities($row['user_name']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$notification_timestamp = nullable_htmlentities($row['notification_timestamp']);
|
||||
$notification_type = nullable_htmlentities($row['notification_type']);
|
||||
$notification = nullable_htmlentities($row['notification']);
|
||||
$notification_dismissed_at = nullable_htmlentities($row['notification_dismissed_at']);
|
||||
$user_name = nullable_htmlentities($row['user_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_id = intval($row['client_id']);
|
||||
if (empty($client_name)) {
|
||||
$client_name_display = "-";
|
||||
|
|
|
|||
24
payments.php
24
payments.php
|
|
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Payments">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
|
|
@ -63,13 +63,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date From</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date To</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -95,23 +95,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$payment_date = htmlentities($row['payment_date']);
|
||||
$payment_method = htmlentities($row['payment_method']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$payment_date = nullable_htmlentities($row['payment_date']);
|
||||
$payment_method = nullable_htmlentities($row['payment_method']);
|
||||
$payment_amount = floatval($row['payment_amount']);
|
||||
$payment_currency_code = htmlentities($row['payment_currency_code']);
|
||||
$payment_reference = htmlentities($row['payment_reference']);
|
||||
$payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
|
||||
$payment_reference = nullable_htmlentities($row['payment_reference']);
|
||||
if (empty($payment_reference)) {
|
||||
$payment_reference_display = "-";
|
||||
} else {
|
||||
$payment_reference_display = $payment_reference;
|
||||
}
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
|
||||
?>
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
@ -74,7 +74,7 @@
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_archived_at IS NULL ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$product_created_at' OR category_archived_at IS NULL)");
|
||||
while ($row = mysqli_fetch_array($sql_select)) {
|
||||
$category_id_select = intval($row['category_id']);
|
||||
$category_name_select = htmlentities($row['category_name']);
|
||||
$category_name_select = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
|
||||
<?php
|
||||
|
|
@ -73,7 +73,7 @@
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$product_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id_select = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option <?php if ($tax_id_select == $product_tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
|
|||
12
products.php
12
products.php
|
|
@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Products">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Products">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
|
|
@ -58,18 +58,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$product_id = intval($row['product_id']);
|
||||
$product_name = htmlentities($row['product_name']);
|
||||
$product_description = htmlentities($row['product_description']);
|
||||
$product_name = nullable_htmlentities($row['product_name']);
|
||||
$product_description = nullable_htmlentities($row['product_description']);
|
||||
if (empty($product_description)) {
|
||||
$product_description_display = "-";
|
||||
} else {
|
||||
$product_description_display = "<div style='white-space:pre-line'>$product_description</div>";
|
||||
}
|
||||
$product_price = floatval($row['product_price']);
|
||||
$product_currency_code = htmlentities($row['product_currency_code']);
|
||||
$product_created_at = htmlentities($row['product_created_at']);
|
||||
$product_currency_code = nullable_htmlentities($row['product_currency_code']);
|
||||
$product_created_at = nullable_htmlentities($row['product_created_at']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
$product_tax_id = intval($row['product_tax_id']);
|
||||
|
||||
?>
|
||||
|
|
|
|||
68
quote.php
68
quote.php
|
|
@ -22,29 +22,29 @@ if (isset($_GET['quote_id'])) {
|
|||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = intval($row['quote_number']);
|
||||
$quote_scope = htmlentities($row['quote_scope']);
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_scope = nullable_htmlentities($row['quote_scope']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_currency_code = htmlentities($row['quote_currency_code']);
|
||||
$quote_note = htmlentities($row['quote_note']);
|
||||
$quote_url_key = htmlentities($row['quote_url_key']);
|
||||
$quote_created_at = htmlentities($row['quote_created_at']);
|
||||
$quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
|
||||
$quote_note = nullable_htmlentities($row['quote_note']);
|
||||
$quote_url_key = nullable_htmlentities($row['quote_url_key']);
|
||||
$quote_created_at = nullable_htmlentities($row['quote_created_at']);
|
||||
$category_id = intval($row['quote_category_id']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = $config_default_net_terms;
|
||||
|
|
@ -54,16 +54,16 @@ if (isset($_GET['quote_id'])) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_id = intval($row['company_id']);
|
||||
$company_name = htmlentities($row['company_name']);
|
||||
$company_country = htmlentities($row['company_country']);
|
||||
$company_address = htmlentities($row['company_address']);
|
||||
$company_city = htmlentities($row['company_city']);
|
||||
$company_state = htmlentities($row['company_state']);
|
||||
$company_zip = htmlentities($row['company_zip']);
|
||||
$company_name = nullable_htmlentities($row['company_name']);
|
||||
$company_country = nullable_htmlentities($row['company_country']);
|
||||
$company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = htmlentities($row['company_email']);
|
||||
$company_website = htmlentities($row['company_website']);
|
||||
$company_logo = htmlentities($row['company_logo']);
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
if (!empty($company_logo)) {
|
||||
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
|
||||
}
|
||||
|
|
@ -260,13 +260,13 @@ if (isset($_GET['quote_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_items)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_description = htmlentities($row['item_description']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_description = nullable_htmlentities($row['item_description']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_price = floatval($row['item_price']);
|
||||
$item_tax = floatval($row['item_tax']);
|
||||
$item_total = floatval($row['item_total']);
|
||||
$item_created_at = htmlentities($row['item_created_at']);
|
||||
$item_created_at = nullable_htmlentities($row['item_created_at']);
|
||||
$tax_id = intval($row['item_tax_id']);
|
||||
$total_tax = $item_tax + $total_tax;
|
||||
$sub_total = $item_price * $item_quantity + $sub_total;
|
||||
|
|
@ -326,7 +326,7 @@ if (isset($_GET['quote_id'])) {
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
@ -391,7 +391,7 @@ if (isset($_GET['quote_id'])) {
|
|||
|
||||
<hr class="d-none d-print-block mt-5">
|
||||
|
||||
<div class="d-none d-print-block text-center"><?php echo nl2br(htmlentities($config_quote_footer)); ?></div>
|
||||
<div class="d-none d-print-block text-center"><?php echo nl2br(nullable_htmlentities($config_quote_footer)); ?></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
@ -422,9 +422,9 @@ if (isset($_GET['quote_id'])) {
|
|||
<?php
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_history)) {
|
||||
$history_created_at = htmlentities($row['history_created_at']);
|
||||
$history_status = htmlentities($row['history_status']);
|
||||
$history_description = htmlentities($row['history_description']);
|
||||
$history_created_at = nullable_htmlentities($row['history_created_at']);
|
||||
$history_status = nullable_htmlentities($row['history_status']);
|
||||
$history_description = nullable_htmlentities($row['history_description']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
|
||||
<?php } ?>
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
|
|||
24
quotes.php
24
quotes.php
|
|
@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="row">
|
||||
<div class="col-sm-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Quotes">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
|
|
@ -64,13 +64,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date From</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date To</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -96,24 +96,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = intval($row['quote_number']);
|
||||
$quote_scope = htmlentities($row['quote_scope']);
|
||||
$quote_scope = nullable_htmlentities($row['quote_scope']);
|
||||
if (empty($quote_scope)) {
|
||||
$quote_scope_display = "-";
|
||||
} else {
|
||||
$quote_scope_display = $quote_scope;
|
||||
}
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_currency_code = htmlentities($row['quote_currency_code']);
|
||||
$quote_created_at = htmlentities($row['quote_created_at']);
|
||||
$quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
|
||||
$quote_created_at = nullable_htmlentities($row['quote_created_at']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
if ($client_net_terms == 0) {
|
||||
$client_net_terms = $config_default_net_terms;
|
||||
|
|
|
|||
|
|
@ -15,33 +15,33 @@ if (isset($_GET['recurring_id'])) {
|
|||
);
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$recurring_prefix = htmlentities($row['recurring_prefix']);
|
||||
$recurring_prefix = nullable_htmlentities($row['recurring_prefix']);
|
||||
$recurring_number = intval($row['recurring_number']);
|
||||
$recurring_scope = htmlentities($row['recurring_scope']);
|
||||
$recurring_frequency = htmlentities($row['recurring_frequency']);
|
||||
$recurring_status = htmlentities($row['recurring_status']);
|
||||
$recurring_scope = nullable_htmlentities($row['recurring_scope']);
|
||||
$recurring_frequency = nullable_htmlentities($row['recurring_frequency']);
|
||||
$recurring_status = nullable_htmlentities($row['recurring_status']);
|
||||
$recurring_created_at = date('Y-m-d', strtotime($row['recurring_created_at']));
|
||||
$recurring_last_sent = htmlentities($row['recurring_last_sent']);
|
||||
$recurring_last_sent = nullable_htmlentities($row['recurring_last_sent']);
|
||||
if ($recurring_last_sent == 0) {
|
||||
$recurring_last_sent = '-';
|
||||
}
|
||||
$recurring_next_date = htmlentities($row['recurring_next_date']);
|
||||
$recurring_next_date = nullable_htmlentities($row['recurring_next_date']);
|
||||
$recurring_amount = floatval($row['recurring_amount']);
|
||||
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
|
||||
$recurring_note = htmlentities($row['recurring_note']);
|
||||
$recurring_currency_code = nullable_htmlentities($row['recurring_currency_code']);
|
||||
$recurring_note = nullable_htmlentities($row['recurring_note']);
|
||||
$category_id = intval($row['recurring_category_id']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
|
||||
if ($recurring_status == 1) {
|
||||
|
|
@ -56,16 +56,16 @@ if (isset($_GET['recurring_id'])) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_id = intval($row['company_id']);
|
||||
$company_name = htmlentities($row['company_name']);
|
||||
$company_country = htmlentities($row['company_country']);
|
||||
$company_address = htmlentities($row['company_address']);
|
||||
$company_city = htmlentities($row['company_city']);
|
||||
$company_state = htmlentities($row['company_state']);
|
||||
$company_zip = htmlentities($row['company_zip']);
|
||||
$company_name = nullable_htmlentities($row['company_name']);
|
||||
$company_country = nullable_htmlentities($row['company_country']);
|
||||
$company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = htmlentities($row['company_email']);
|
||||
$company_website = htmlentities($row['company_website']);
|
||||
$company_logo = htmlentities($row['company_logo']);
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
|
||||
$sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_recurring_id = $recurring_id ORDER BY history_id DESC");
|
||||
|
||||
|
|
@ -205,13 +205,13 @@ if (isset($_GET['recurring_id'])) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_items)) {
|
||||
$item_id = intval($row['item_id']);
|
||||
$item_name = htmlentities($row['item_name']);
|
||||
$item_description = htmlentities($row['item_description']);
|
||||
$item_name = nullable_htmlentities($row['item_name']);
|
||||
$item_description = nullable_htmlentities($row['item_description']);
|
||||
$item_quantity = floatval($row['item_quantity']);
|
||||
$item_price = floatval($row['item_price']);
|
||||
$item_tax = floatval($row['item_tax']);
|
||||
$item_total = floatval($row['item_total']);
|
||||
$item_created_at = htmlentities($row['item_created_at']);
|
||||
$item_created_at = nullable_htmlentities($row['item_created_at']);
|
||||
$tax_id = intval($row['item_tax_id']);
|
||||
$total_tax = $item_tax + $total_tax;
|
||||
$sub_total = $item_price * $item_quantity + $sub_total;
|
||||
|
|
@ -263,7 +263,7 @@ if (isset($_GET['recurring_id'])) {
|
|||
$taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC");
|
||||
while ($row = mysqli_fetch_array($taxes_sql)) {
|
||||
$tax_id = intval($row['tax_id']);
|
||||
$tax_name = htmlentities($row['tax_name']);
|
||||
$tax_name = nullable_htmlentities($row['tax_name']);
|
||||
$tax_percent = floatval($row['tax_percent']);
|
||||
?>
|
||||
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
|
||||
|
|
@ -353,9 +353,9 @@ if (isset($_GET['recurring_id'])) {
|
|||
<?php
|
||||
|
||||
while ($row = mysqli_fetch_array($sql_history)) {
|
||||
$history_created_at = htmlentities($row['history_created_at']);
|
||||
$history_status = htmlentities($row['history_status']);
|
||||
$history_description = htmlentities($row['history_description']);
|
||||
$history_created_at = nullable_htmlentities($row['history_created_at']);
|
||||
$history_status = nullable_htmlentities($row['history_status']);
|
||||
$history_description = nullable_htmlentities($row['history_description']);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
?>
|
||||
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
|
||||
|
||||
|
|
@ -89,7 +89,7 @@
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$category_id = intval($row['category_id']);
|
||||
$category_name = htmlentities($row['category_name']);
|
||||
$category_name = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$recurring_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
|
||||
while ($row = mysqli_fetch_array($sql_income_category)) {
|
||||
$category_id_select= intval($row['category_id']);
|
||||
$category_name_select = htmlentities($row['category_name']);
|
||||
$category_name_select = nullable_htmlentities($row['category_name']);
|
||||
?>
|
||||
<option <?php if ($category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue