AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-04 21:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace the remaining php files with nullable_htmlentites()

Browse Source
This commit is contained in:
johnnyq
2023-05-11 18:27:48 -04:00
parent ccf0d3ab77
commit 37fb696e63
152 changed files with 1085 additions and 1085 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api_key_add_modal.php
View File

@@ -64,7 +64,7 @@ $key = randomString(156);
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); ?> $client_name = nullable_htmlentities($row['client_name']); ?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name (Client ID: $client_id)"; ?></option> <option value="<?php echo $client_id; ?>"><?php echo "$client_name (Client ID: $client_id)"; ?></option>
<?php } ?> <?php } ?>
</select> </select>

8
calendar_event_add_modal.php
View File

@@ -51,8 +51,8 @@
$sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$calendar_id = intval($row['calendar_id']); $calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']); $calendar_name = nullable_htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']); $calendar_color = nullable_htmlentities($row['calendar_color']);
?> ?>
<option <?php if ($config_default_calendar == $calendar_id) { echo "selected"; } ?> data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color; ?>;'></i> <?php echo $calendar_name; ?>" value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option> <option <?php if ($config_default_calendar == $calendar_id) { echo "selected"; } ?> data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color; ?>;'></i> <?php echo $calendar_name; ?>" value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
<?php } ?> <?php } ?>
@@ -120,8 +120,8 @@
$sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
?> ?>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option> <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>

8
calendar_event_edit_modal.php
View File

@@ -53,8 +53,8 @@
$sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC"); $sql_calendars_select = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
while ($row = mysqli_fetch_array($sql_calendars_select)) { while ($row = mysqli_fetch_array($sql_calendars_select)) {
$calendar_id_select = intval($row['calendar_id']); $calendar_id_select = intval($row['calendar_id']);
$calendar_name_select = htmlentities($row['calendar_name']); $calendar_name_select = nullable_htmlentities($row['calendar_name']);
$calendar_color_select = htmlentities($row['calendar_color']); $calendar_color_select = nullable_htmlentities($row['calendar_color']);
?> ?>
<option data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color_select; ?>;'></i> <?php echo $calendar_name_select; ?>"<?php if ($calendar_id == $calendar_id_select) { echo "selected"; } ?> value="<?php echo $calendar_id_select; ?>"><?php echo $calendar_name_select; ?></option> <option data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color_select; ?>;'></i> <?php echo $calendar_name_select; ?>"<?php if ($calendar_id == $calendar_id_select) { echo "selected"; } ?> value="<?php echo $calendar_id_select; ?>"><?php echo $calendar_name_select; ?></option>
@@ -119,8 +119,8 @@
$sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC"); $sql_clients = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql_clients)) { while ($row = mysqli_fetch_array($sql_clients)) {
$client_id_select = intval($row['client_id']); $client_id_select = intval($row['client_id']);
$client_name_select = htmlentities($row['client_name']); $client_name_select = nullable_htmlentities($row['client_name']);
$contact_email_select = htmlentities($row['contact_email']); $contact_email_select = nullable_htmlentities($row['contact_email']);
?> ?>
<option <?php if ($client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option> <option <?php if ($client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>

14
calendar_events.php
View File

@@ -21,14 +21,14 @@ require_once("category_quick_add_modal.php");
$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id"); $sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']); $event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']); $event_title = nullable_htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']); $event_description = nullable_htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']); $event_start = nullable_htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']); $event_end = nullable_htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']); $event_repeat = nullable_htmlentities($row['event_repeat']);
$calendar_id = intval($row['calendar_id']); $calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']); $calendar_name = nullable_htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']); $calendar_color = nullable_htmlentities($row['calendar_color']);
$client_id = intval($row['event_client_id']); $client_id = intval($row['event_client_id']);
require("calendar_event_edit_modal.php"); require("calendar_event_edit_modal.php");

10
categories.php
View File

@@ -46,18 +46,18 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo htmlentities($category); ?> Categories</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo nullable_htmlentities($category); ?> Categories</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-plus mr-2"></i>New</button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-plus mr-2"></i>New</button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="category" value="<?php echo htmlentities($category); ?>"> <input type="hidden" name="category" value="<?php echo nullable_htmlentities($category); ?>">
<div class="row"> <div class="row">
<div class="col-sm-4 mb-2"> <div class="col-sm-4 mb-2">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Categories">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -88,8 +88,8 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
$category_color = htmlentities($row['category_color']); $category_color = nullable_htmlentities($row['category_color']);
//$colors_used_array[] = $row['category_color']; //$colors_used_array[] = $row['category_color'];
?> ?>

4
category_add_modal.php
View File

@@ -2,13 +2,13 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>New <?php echo htmlentities($category); ?> Category</h5> <h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>New <?php echo nullable_htmlentities($category); ?> Category</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="type" value="<?php echo htmlentities($category); ?>"> <input type="hidden" name="type" value="<?php echo nullable_htmlentities($category); ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">

2
category_edit_modal.php
View File

@@ -9,7 +9,7 @@
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="category_id" value="<?php echo $category_id; ?>"> <input type="hidden" name="category_id" value="<?php echo $category_id; ?>">
<input type="hidden" name="type" value="<?php echo htmlentities($category); ?>"> <input type="hidden" name="type" value="<?php echo nullable_htmlentities($category); ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<div class="form-group"> <div class="form-group">

8
client_add_modal.php
View File

@@ -66,7 +66,7 @@
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL ORDER BY category_name ASC"); $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) { while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']); ?> $referral = nullable_htmlentities($row['category_name']); ?>
<option><?php echo $referral; ?></option> <option><?php echo $referral; ?></option>
<?php } ?> <?php } ?>
@@ -296,9 +296,9 @@
while ($row = mysqli_fetch_array($sql_tags_select)) { while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']); $tag_id_select = intval($row['tag_id']);
$tag_name_select = htmlentities($row['tag_name']); $tag_name_select = nullable_htmlentities($row['tag_name']);
$tag_color_select = htmlentities($row['tag_color']); $tag_color_select = nullable_htmlentities($row['tag_color']);
$tag_icon_select = htmlentities($row['tag_icon']); $tag_icon_select = nullable_htmlentities($row['tag_icon']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">

10
client_asset_add_modal.php
View File

@@ -125,7 +125,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
?> ?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option> <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
<?php } ?> <?php } ?>
@@ -148,7 +148,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -187,8 +187,8 @@
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$network_id = intval($row['network_id']); $network_id = intval($row['network_id']);
$network_name = htmlentities($row['network_name']); $network_name = nullable_htmlentities($row['network_name']);
$network = htmlentities($row['network']); $network = nullable_htmlentities($row['network']);
?> ?>
<option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option> <option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>
@@ -235,7 +235,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>

10
client_asset_copy_modal.php
View File

@@ -122,7 +122,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = intval($row['location_id']); $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = nullable_htmlentities($row['location_name']);
?> ?>
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
<?php } ?> <?php } ?>
@@ -145,7 +145,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
<?php } ?> <?php } ?>
@@ -182,8 +182,8 @@
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); $sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql_networks)) { while ($row = mysqli_fetch_array($sql_networks)) {
$network_id_select = intval($row['network_id']); $network_id_select = intval($row['network_id']);
$network_name_select = htmlentities($row['network_name']); $network_name_select = nullable_htmlentities($row['network_name']);
$network_select = htmlentities($row['network']); $network_select = nullable_htmlentities($row['network']);
?> ?>
<option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option> <option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@@ -230,7 +230,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = nullable_htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>

2
client_asset_documents_modal.php
View File

@@ -12,7 +12,7 @@
<?php <?php
while ($row = mysqli_fetch_array($sql_related_documents)) { while ($row = mysqli_fetch_array($sql_related_documents)) {
$related_document_id = intval($row['document_id']); $related_document_id = intval($row['document_id']);
$related_document_name = htmlentities($row['document_name']); $related_document_name = nullable_htmlentities($row['document_name']);
?> ?>
<p> <p>
<i class="fas fa-fw fa-document text-secondary"></i> <i class="fas fa-fw fa-document text-secondary"></i>

10
client_asset_edit_modal.php
View File

@@ -124,7 +124,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = intval($row['location_id']); $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = nullable_htmlentities($row['location_name']);
?> ?>
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -146,7 +146,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = intval($row['contact_id']); $contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = nullable_htmlentities($row['contact_name']);
?> ?>
<option <?php if ($asset_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"> <option <?php if ($asset_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>">
<?php echo $contact_name_select; ?> <?php if (!empty($row['contact_archived_at'])) { echo " (Archived " . date('Y-m-d', strtotime($row['contact_archived_at'])) .")"; } ?> <?php echo $contact_name_select; ?> <?php if (!empty($row['contact_archived_at'])) { echo " (Archived " . date('Y-m-d', strtotime($row['contact_archived_at'])) .")"; } ?>
@@ -184,8 +184,8 @@
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); $sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql_networks)) { while ($row = mysqli_fetch_array($sql_networks)) {
$network_id_select = intval($row['network_id']); $network_id_select = intval($row['network_id']);
$network_name_select = htmlentities($row['network_name']); $network_name_select = nullable_htmlentities($row['network_name']);
$network_select = htmlentities($row['network']); $network_select = nullable_htmlentities($row['network']);
?> ?>
<option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option> <option <?php if ($asset_network_id == $network_id_select) { echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@@ -232,7 +232,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = nullable_htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>

4
client_asset_interface_add_modal.php
View File

@@ -78,8 +78,8 @@
$sql_network_select = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC"); $sql_network_select = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql_network_select)) { while ($row = mysqli_fetch_array($sql_network_select)) {
$network_id = $row['network_id']; $network_id = $row['network_id'];
$network_name = htmlentities($row['network_name']); $network_name = nullable_htmlentities($row['network_name']);
$network = htmlentities($row['network']); $network = nullable_htmlentities($row['network']);
?> ?>
<option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option> <option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>

10
client_asset_tickets_modal.php
View File

@@ -13,12 +13,12 @@
// Query is run from client_assets.php // Query is run from client_assets.php
while ($row = mysqli_fetch_array($sql_tickets)) { while ($row = mysqli_fetch_array($sql_tickets)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']); $ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
$ticket_updated_at = htmlentities($row['ticket_updated_at']); $ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
?> ?>
<p> <p>
<i class="fas fa-fw fa-ticket-alt"></i> <i class="fas fa-fw fa-ticket-alt"></i>

42
client_assets.php
View File

@@ -75,18 +75,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(nullable_htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="type" value="<?php echo stripslashes(htmlentities($_GET['type'])); ?>"> <input type="hidden" name="type" value="<?php echo stripslashes(nullable_htmlentities($_GET['type'])); ?>">
<div class="row"> <div class="row">
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(stripslashes(htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(stripslashes(nullable_htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -161,40 +161,40 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_type = htmlentities($row['asset_type']); $asset_type = nullable_htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']); $asset_make = nullable_htmlentities($row['asset_make']);
$asset_model = htmlentities($row['asset_model']); $asset_model = nullable_htmlentities($row['asset_model']);
$asset_serial = htmlentities($row['asset_serial']); $asset_serial = nullable_htmlentities($row['asset_serial']);
if (empty($asset_serial)) { if (empty($asset_serial)) {
$asset_serial_display = "-"; $asset_serial_display = "-";
} else { } else {
$asset_serial_display = $asset_serial; $asset_serial_display = $asset_serial;
} }
$asset_os = htmlentities($row['asset_os']); $asset_os = nullable_htmlentities($row['asset_os']);
if (empty($asset_os)) { if (empty($asset_os)) {
$asset_os_display = "-"; $asset_os_display = "-";
} else { } else {
$asset_os_display = $asset_os; $asset_os_display = $asset_os;
} }
$asset_ip = htmlentities($row['asset_ip']); $asset_ip = nullable_htmlentities($row['asset_ip']);
if (empty($asset_ip)) { if (empty($asset_ip)) {
$asset_ip_display = "-"; $asset_ip_display = "-";
} else { } else {
$asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text=" . $asset_ip . "><i class='far fa-copy text-secondary'></i></button>"; $asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text=" . $asset_ip . "><i class='far fa-copy text-secondary'></i></button>";
} }
$asset_mac = htmlentities($row['asset_mac']); $asset_mac = nullable_htmlentities($row['asset_mac']);
$asset_status = htmlentities($row['asset_status']); $asset_status = nullable_htmlentities($row['asset_status']);
$asset_purchase_date = htmlentities($row['asset_purchase_date']); $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']); $asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
$asset_install_date = htmlentities($row['asset_install_date']); $asset_install_date = nullable_htmlentities($row['asset_install_date']);
if (empty($asset_install_date)) { if (empty($asset_install_date)) {
$asset_install_date_display = "-"; $asset_install_date_display = "-";
} else { } else {
$asset_install_date_display = $asset_install_date; $asset_install_date_display = $asset_install_date;
} }
$asset_notes = htmlentities($row['asset_notes']); $asset_notes = nullable_htmlentities($row['asset_notes']);
$asset_created_at = htmlentities($row['asset_created_at']); $asset_created_at = nullable_htmlentities($row['asset_created_at']);
$asset_vendor_id = intval($row['asset_vendor_id']); $asset_vendor_id = intval($row['asset_vendor_id']);
$asset_location_id = intval($row['asset_location_id']); $asset_location_id = intval($row['asset_location_id']);
$asset_contact_id = intval($row['asset_contact_id']); $asset_contact_id = intval($row['asset_contact_id']);
@@ -202,19 +202,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$device_icon = getAssetIcon($asset_type); $device_icon = getAssetIcon($asset_type);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
if (empty($contact_name)) { if (empty($contact_name)) {
$contact_name = "-"; $contact_name = "-";
} }
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name = "-"; $location_name = "-";
} }
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
// Related tickets // Related tickets
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_asset_id = $asset_id ORDER BY ticket_number DESC"); $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_asset_id = $asset_id ORDER BY ticket_number DESC");

2
client_certificate_add_modal.php
View File

@@ -76,7 +76,7 @@
$domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'"); $domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($domain_row = mysqli_fetch_array($domains_sql)) { while ($domain_row = mysqli_fetch_array($domains_sql)) {
$domain_id = intval($domain_row['domain_id']); $domain_id = intval($domain_row['domain_id']);
$domain_name = htmlentities($domain_row['domain_name']); $domain_name = nullable_htmlentities($domain_row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>"; echo "<option value=\"$domain_id\">$domain_name</option>";
} }
?> ?>

10
client_certificates.php
View File

@@ -31,7 +31,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Certificates">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -86,10 +86,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$certificate_id = intval($row['certificate_id']); $certificate_id = intval($row['certificate_id']);
$certificate_name = htmlentities($row['certificate_name']); $certificate_name = nullable_htmlentities($row['certificate_name']);
$certificate_domain = htmlentities($row['certificate_domain']); $certificate_domain = nullable_htmlentities($row['certificate_domain']);
$certificate_issued_by = htmlentities($row['certificate_issued_by']); $certificate_issued_by = nullable_htmlentities($row['certificate_issued_by']);
$certificate_expire = htmlentities($row['certificate_expire']); $certificate_expire = nullable_htmlentities($row['certificate_expire']);
?> ?>
<tr> <tr>

2
client_contact_add_modal.php
View File

@@ -123,7 +123,7 @@
$sql = mysqli_query($mysqli, "SELECT location_id, location_name FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); $sql = mysqli_query($mysqli, "SELECT location_id, location_name FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
?> ?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option> <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
<?php } ?> <?php } ?>

102
client_contact_details.php
View File

@@ -11,33 +11,33 @@ if (isset($_GET['contact_id'])) {
"); ");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_department =htmlentities($row['contact_department']); $contact_department =nullable_htmlentities($row['contact_department']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_photo = htmlentities($row['contact_photo']); $contact_photo = nullable_htmlentities($row['contact_photo']);
$contact_initials = initials($contact_name); $contact_initials = initials($contact_name);
$contact_notes = htmlentities($row['contact_notes']); $contact_notes = nullable_htmlentities($row['contact_notes']);
$contact_important = intval($row['contact_important']); $contact_important = intval($row['contact_important']);
$contact_billing = intval($row['contact_billing']); $contact_billing = intval($row['contact_billing']);
$contact_technical = intval($row['contact_technical']); $contact_technical = intval($row['contact_technical']);
$contact_created_at = htmlentities($row['contact_created_at']); $contact_created_at = nullable_htmlentities($row['contact_created_at']);
if ($contact_id == $primary_contact) { if ($contact_id == $primary_contact) {
$primary_contact_display = "<small class='text-success'>Primary Contact</small>"; $primary_contact_display = "<small class='text-success'>Primary Contact</small>";
} else { } else {
$primary_contact_display = false; $primary_contact_display = false;
} }
$contact_location_id = intval($row['contact_location_id']); $contact_location_id = intval($row['contact_location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name_display = "-"; $location_name_display = "-";
} else { } else {
$location_name_display = $location_name; $location_name_display = $location_name;
} }
$auth_method = htmlentities($row['contact_auth_method']); $auth_method = nullable_htmlentities($row['contact_auth_method']);
// Related Assets Query // Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC"); $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN logins ON logins.login_asset_id = assets.asset_id WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC");
@@ -165,48 +165,48 @@ if (isset($_GET['contact_id'])) {
while ($row = mysqli_fetch_array($sql_related_assets)) { while ($row = mysqli_fetch_array($sql_related_assets)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_type = htmlentities($row['asset_type']); $asset_type = nullable_htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']); $asset_make = nullable_htmlentities($row['asset_make']);
$asset_model = htmlentities($row['asset_model']); $asset_model = nullable_htmlentities($row['asset_model']);
$asset_serial = htmlentities($row['asset_serial']); $asset_serial = nullable_htmlentities($row['asset_serial']);
if (empty($asset_serial)) { if (empty($asset_serial)) {
$asset_serial_display = "-"; $asset_serial_display = "-";
} else { } else {
$asset_serial_display = $asset_serial; $asset_serial_display = $asset_serial;
} }
$asset_os = htmlentities($row['asset_os']); $asset_os = nullable_htmlentities($row['asset_os']);
if (empty($asset_os)) { if (empty($asset_os)) {
$asset_os_display = "-"; $asset_os_display = "-";
} else { } else {
$asset_os_display = $asset_os; $asset_os_display = $asset_os;
} }
$asset_ip = htmlentities($row['asset_ip']); $asset_ip = nullable_htmlentities($row['asset_ip']);
if (empty($asset_ip)) { if (empty($asset_ip)) {
$asset_ip_display = "-"; $asset_ip_display = "-";
} else { } else {
$asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text='$asset_ip'><i class='far fa-copy text-secondary'></i></button>"; $asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text='$asset_ip'><i class='far fa-copy text-secondary'></i></button>";
} }
$asset_mac = htmlentities($row['asset_mac']); $asset_mac = nullable_htmlentities($row['asset_mac']);
$asset_status = htmlentities($row['asset_status']); $asset_status = nullable_htmlentities($row['asset_status']);
$asset_purchase_date = htmlentities($row['asset_purchase_date']); $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']); $asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
$asset_install_date = htmlentities($row['asset_install_date']); $asset_install_date = nullable_htmlentities($row['asset_install_date']);
if (empty($asset_install_date)) { if (empty($asset_install_date)) {
$asset_install_date_display = "-"; $asset_install_date_display = "-";
} else { } else {
$asset_install_date_display = $asset_install_date; $asset_install_date_display = $asset_install_date;
} }
$asset_notes = htmlentities($row['asset_notes']); $asset_notes = nullable_htmlentities($row['asset_notes']);
$asset_created_at = htmlentities($row['asset_created_at']); $asset_created_at = nullable_htmlentities($row['asset_created_at']);
$asset_vendor_id = intval($row['asset_vendor_id']); $asset_vendor_id = intval($row['asset_vendor_id']);
$asset_location_id = intval($row['asset_location_id']); $asset_location_id = intval($row['asset_location_id']);
$asset_network_id = intval($row['asset_network_id']); $asset_network_id = intval($row['asset_network_id']);
$asset_contact_id = intval($row['asset_contact_id']); $asset_contact_id = intval($row['asset_contact_id']);
$login_id = $row['login_id']; $login_id = $row['login_id'];
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$device_icon = getAssetIcon($asset_type); $device_icon = getAssetIcon($asset_type);
@@ -286,28 +286,28 @@ if (isset($_GET['contact_id'])) {
while ($row = mysqli_fetch_array($sql_related_logins)) { while ($row = mysqli_fetch_array($sql_related_logins)) {
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']); $login_name = nullable_htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']); $login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) { if (empty($login_uri)) {
$login_uri_display = "-"; $login_uri_display = "-";
} else { } else {
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>"; $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
} }
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) { if (empty($login_username)) {
$login_username_display = "-"; $login_username_display = "-";
} else { } else {
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>"; $login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
} }
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = htmlentities($row['login_otp_secret']); $login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"'; $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) { if (empty($login_otp_secret)) {
$otp_display = "-"; $otp_display = "-";
} else { } else {
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>"; $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
} }
$login_note = htmlentities($row['login_note']); $login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']); $login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']); $login_contact_id = intval($row['login_contact_id']);
$login_vendor_id = intval($row['login_vendor_id']); $login_vendor_id = intval($row['login_vendor_id']);
@@ -386,22 +386,22 @@ if (isset($_GET['contact_id'])) {
while ($row = mysqli_fetch_array($sql_related_software)) { while ($row = mysqli_fetch_array($sql_related_software)) {
$software_id = intval($row['software_id']); $software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']); $software_name = nullable_htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']); $software_version = nullable_htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']); $software_type = nullable_htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']); $software_license_type = nullable_htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']); $software_key = nullable_htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']); $software_seats = nullable_htmlentities($row['software_seats']);
$software_purchase = htmlentities($row['software_purchase']); $software_purchase = nullable_htmlentities($row['software_purchase']);
$software_expire = htmlentities($row['software_expire']); $software_expire = nullable_htmlentities($row['software_expire']);
$software_notes = htmlentities($row['software_notes']); $software_notes = nullable_htmlentities($row['software_notes']);
$seat_count = 0; $seat_count = 0;
// Get Login // Get Login
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
// Asset Licenses // Asset Licenses
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id"); $asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
@@ -483,13 +483,13 @@ if (isset($_GET['contact_id'])) {
while ($row = mysqli_fetch_array($sql_related_tickets)) { while ($row = mysqli_fetch_array($sql_related_tickets)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_priority = htmlentities($row['ticket_priority']); $ticket_priority = nullable_htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']); $ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
$ticket_updated_at = htmlentities($row['ticket_updated_at']); $ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
if (empty($ticket_updated_at)) { if (empty($ticket_updated_at)) {
if ($ticket_status == "Closed") { if ($ticket_status == "Closed") {
$ticket_updated_at_display = "<p>Never</p>"; $ticket_updated_at_display = "<p>Never</p>";
@@ -499,7 +499,7 @@ if (isset($_GET['contact_id'])) {
} else { } else {
$ticket_updated_at_display = $ticket_updated_at; $ticket_updated_at_display = $ticket_updated_at;
} }
$ticket_closed_at = htmlentities($row['ticket_closed_at']); $ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']);
if ($ticket_status == "Open") { if ($ticket_status == "Open") {
$ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>"; $ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>";
@@ -526,7 +526,7 @@ if (isset($_GET['contact_id'])) {
$ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>"; $ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
} }
} else { } else {
$ticket_assigned_to_display = htmlentities($row['user_name']); $ticket_assigned_to_display = nullable_htmlentities($row['user_name']);
} }
?> ?>

2
client_contact_edit_modal.php
View File

@@ -125,7 +125,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = intval($row['location_id']); $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = nullable_htmlentities($row['location_name']);
?> ?>
<option <?php if ($contact_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($contact_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
<?php } ?> <?php } ?>

22
client_contacts.php
View File

@@ -43,7 +43,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Contacts">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -78,14 +78,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
if (empty($contact_title)) { if (empty($contact_title)) {
$contact_title_display = "-"; $contact_title_display = "-";
} else { } else {
$contact_title_display = "<small class='text-secondary'>$contact_title</small>"; $contact_title_display = "<small class='text-secondary'>$contact_title</small>";
} }
$contact_department = htmlentities($row['contact_department']); $contact_department = nullable_htmlentities($row['contact_department']);
if (empty($contact_department)) { if (empty($contact_department)) {
$contact_department_display = "-"; $contact_department_display = "-";
} else { } else {
@@ -97,39 +97,39 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else { } else {
$contact_phone_display = "$contact_phone"; $contact_phone_display = "$contact_phone";
} }
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
if (empty($contact_mobile)) { if (empty($contact_mobile)) {
$contact_mobile_display = "-"; $contact_mobile_display = "-";
} else { } else {
$contact_mobile_display = "$contact_mobile"; $contact_mobile_display = "$contact_mobile";
} }
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
if (empty($contact_email)) { if (empty($contact_email)) {
$contact_email_display = "-"; $contact_email_display = "-";
} else { } else {
$contact_email_display = "<a href='mailto:$contact_email'>$contact_email</a><button class='btn btn-sm clipboardjs' data-clipboard-text='$contact_email'><i class='far fa-copy text-secondary'></i></button>"; $contact_email_display = "<a href='mailto:$contact_email'>$contact_email</a><button class='btn btn-sm clipboardjs' data-clipboard-text='$contact_email'><i class='far fa-copy text-secondary'></i></button>";
} }
$contact_photo = htmlentities($row['contact_photo']); $contact_photo = nullable_htmlentities($row['contact_photo']);
$contact_initials = initials($contact_name); $contact_initials = initials($contact_name);
$contact_notes = htmlentities($row['contact_notes']); $contact_notes = nullable_htmlentities($row['contact_notes']);
$contact_important = intval($row['contact_important']); $contact_important = intval($row['contact_important']);
$contact_billing = intval($row['contact_billing']); $contact_billing = intval($row['contact_billing']);
$contact_technical = intval($row['contact_technical']); $contact_technical = intval($row['contact_technical']);
$contact_created_at = htmlentities($row['contact_created_at']); $contact_created_at = nullable_htmlentities($row['contact_created_at']);
if ($contact_id == $primary_contact) { if ($contact_id == $primary_contact) {
$primary_contact_display = "<small class='text-success'>Primary Contact</small>"; $primary_contact_display = "<small class='text-success'>Primary Contact</small>";
} else { } else {
$primary_contact_display = false; $primary_contact_display = false;
} }
$contact_location_id = intval($row['contact_location_id']); $contact_location_id = intval($row['contact_location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name_display = "-"; $location_name_display = "-";
} else { } else {
$location_name_display = $location_name; $location_name_display = $location_name;
} }
$auth_method = htmlentities($row['contact_auth_method']); $auth_method = nullable_htmlentities($row['contact_auth_method']);
// Related Assets Query // Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC"); $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");

4
client_document_add_from_template_modal.php
View File

@@ -23,7 +23,7 @@
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_archived_at IS NULL ORDER BY document_name ASC"); $sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_archived_at IS NULL ORDER BY document_name ASC");
while ($row = mysqli_fetch_array($sql_document_templates)) { while ($row = mysqli_fetch_array($sql_document_templates)) {
$document_template_id = intval($row['document_id']); $document_template_id = intval($row['document_id']);
$document_template_name = htmlentities($row['document_name']); $document_template_name = nullable_htmlentities($row['document_name']);
?> ?>
<option value="<?php echo $document_template_id ?>"><?php echo $document_template_name; ?></option> <option value="<?php echo $document_template_id ?>"><?php echo $document_template_name; ?></option>
@@ -57,7 +57,7 @@
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC"); $sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) { while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = intval($row['folder_id']); $folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']); $folder_name = nullable_htmlentities($row['folder_name']);
?> ?>
<option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option> <option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>

2
client_document_add_modal.php
View File

@@ -30,7 +30,7 @@
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC"); $sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) { while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = intval($row['folder_id']); $folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']); $folder_name = nullable_htmlentities($row['folder_name']);
?> ?>
<option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option> <option <?php if (isset($_GET['folder_id']) && $_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>

8
client_document_details.php
View File

@@ -17,11 +17,11 @@ $sql_document = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN folders
$row = mysqli_fetch_array($sql_document); $row = mysqli_fetch_array($sql_document);
$folder_name = htmlentities($row['folder_name']); $folder_name = nullable_htmlentities($row['folder_name']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']); $document_content = $purifier->purify($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']); $document_created_at = nullable_htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']); $document_updated_at = nullable_htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']); $document_folder_id = intval($row['document_folder_id']);
?> ?>

2
client_document_edit_modal.php
View File

@@ -31,7 +31,7 @@
$sql_folders_select = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC"); $sql_folders_select = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders_select)) { while ($row = mysqli_fetch_array($sql_folders_select)) {
$folder_id_select = intval($row['folder_id']); $folder_id_select = intval($row['folder_id']);
$folder_name_select = htmlentities($row['folder_name']); $folder_name_select = nullable_htmlentities($row['folder_name']);
?> ?>
<option <?php if ($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option> <option <?php if ($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option>
<?php <?php

6
client_document_template_details.php
View File

@@ -16,11 +16,11 @@ $sql_document = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_te
$row = mysqli_fetch_array($sql_document); $row = mysqli_fetch_array($sql_document);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']); $document_content = $purifier->purify($row['document_content']);
//$document_content = $row['document_content']; //$document_content = $row['document_content'];
$document_created_at = htmlentities($row['document_created_at']); $document_created_at = nullable_htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']); $document_updated_at = nullable_htmlentities($row['document_updated_at']);
?> ?>

10
client_document_templates.php
View File

@@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search templates"> <input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search templates">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button> <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -80,10 +80,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_content = htmlentities($row['document_content']); $document_content = nullable_htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']); $document_created_at = nullable_htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']); $document_updated_at = nullable_htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']); $document_folder_id = intval($row['document_folder_id']);
?> ?>

12
client_documents.php
View File

@@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC"); $sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) { while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = intval($row['folder_id']); $folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']); $folder_name = nullable_htmlentities($row['folder_name']);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id"));
$num_documents = intval($row['num']); $num_documents = intval($row['num']);
@@ -141,7 +141,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>"> <input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents"> <input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Documents">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button> <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -172,10 +172,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_content = htmlentities($row['document_content']); $document_content = nullable_htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']); $document_created_at = nullable_htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']); $document_updated_at = nullable_htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']); $document_folder_id = intval($row['document_folder_id']);
?> ?>

4
client_domain_add_modal.php
View File

@@ -34,7 +34,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
<?php } ?> <?php } ?>
@@ -55,7 +55,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
<?php } ?> <?php } ?>

10
client_domains.php
View File

@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Domains">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -64,18 +64,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$domain_id = intval($row['domain_id']); $domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']); $domain_name = nullable_htmlentities($row['domain_name']);
$domain_registrar = intval($row['domain_registrar']); $domain_registrar = intval($row['domain_registrar']);
$domain_webhost = intval($row['domain_webhost']); $domain_webhost = intval($row['domain_webhost']);
$domain_expire = htmlentities($row['domain_expire']); $domain_expire = nullable_htmlentities($row['domain_expire']);
$domain_registrar_name = htmlentities($row['vendor_name']); $domain_registrar_name = nullable_htmlentities($row['vendor_name']);
if (empty($domain_registrar_name)) { if (empty($domain_registrar_name)) {
$domain_registrar_name = "-"; $domain_registrar_name = "-";
} }
$sql_domain_webhost = mysqli_query($mysqli, "SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost"); $sql_domain_webhost = mysqli_query($mysqli, "SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
$row = mysqli_fetch_array($sql_domain_webhost); $row = mysqli_fetch_array($sql_domain_webhost);
$domain_webhost_name = htmlentities($row['vendor_name']); $domain_webhost_name = nullable_htmlentities($row['vendor_name']);
if (empty($domain_webhost_name)) { if (empty($domain_webhost_name)) {
$domain_webhost_name = "-"; $domain_webhost_name = "-";
} }

8
client_edit_modal.php
View File

@@ -61,7 +61,7 @@
$referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($referral_sql)) { while ($row = mysqli_fetch_array($referral_sql)) {
$referral = htmlentities($row['category_name']); $referral = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($client_referral == $referral) { echo "selected"; } ?> > <?php echo $referral; ?></option> <option <?php if ($client_referral == $referral) { echo "selected"; } ?> > <?php echo $referral; ?></option>
@@ -162,9 +162,9 @@
while ($row = mysqli_fetch_array($sql_tags_select)) { while ($row = mysqli_fetch_array($sql_tags_select)) {
$tag_id_select = intval($row['tag_id']); $tag_id_select = intval($row['tag_id']);
$tag_name_select = htmlentities($row['tag_name']); $tag_name_select = nullable_htmlentities($row['tag_name']);
$tag_color_select = htmlentities($row['tag_color']); $tag_color_select = nullable_htmlentities($row['tag_color']);
$tag_icon_select = htmlentities($row['tag_icon']); $tag_icon_select = nullable_htmlentities($row['tag_icon']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">

14
client_events.php
View File

@@ -22,14 +22,14 @@ include("calendar_add_modal.php");
$sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id"); $sql = mysqli_query($mysqli, "SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$event_id = intval($row['event_id']); $event_id = intval($row['event_id']);
$event_title = htmlentities($row['event_title']); $event_title = nullable_htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']); $event_description = nullable_htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']); $event_start = nullable_htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']); $event_end = nullable_htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']); $event_repeat = nullable_htmlentities($row['event_repeat']);
$calendar_id = intval($row['calendar_id']); $calendar_id = intval($row['calendar_id']);
$calendar_name = htmlentities($row['calendar_name']); $calendar_name = nullable_htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']); $calendar_color = nullable_htmlentities($row['calendar_color']);
require("calendar_event_edit_modal.php"); require("calendar_event_edit_modal.php");

12
client_files.php
View File

@@ -30,9 +30,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while ($row = mysqli_fetch_array($sql_files_images)) { while ($row = mysqli_fetch_array($sql_files_images)) {
$file_id = intval($row['file_id']); $file_id = intval($row['file_id']);
$file_name = htmlentities($row['file_name']); $file_name = nullable_htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']); $file_reference_name = nullable_htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']); $file_ext = nullable_htmlentities($row['file_ext']);
?> ?>
@@ -65,9 +65,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<?php <?php
while ($row = mysqli_fetch_array($sql_files_other)) { while ($row = mysqli_fetch_array($sql_files_other)) {
$file_id = intval($row['file_id']); $file_id = intval($row['file_id']);
$file_name = htmlentities($row['file_name']); $file_name = nullable_htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']); $file_reference_name = nullable_htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']); $file_ext = nullable_htmlentities($row['file_ext']);
if ($file_ext == 'pdf') { if ($file_ext == 'pdf') {
$file_icon = "file-pdf"; $file_icon = "file-pdf";
} elseif ($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar') { } elseif ($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar') {

20
client_invoices.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Invoices">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -71,22 +71,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']); $invoice_number = nullable_htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']); $invoice_scope = nullable_htmlentities($row['invoice_scope']);
if (empty($invoice_scope)) { if (empty($invoice_scope)) {
$invoice_scope_display = "-"; $invoice_scope_display = "-";
} else { } else {
$invoice_scope_display = $invoice_scope; $invoice_scope_display = $invoice_scope;
} }
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_created_at = htmlentities($row['invoice_created_at']); $invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time()) { if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time()) {
$overdue_color = "text-danger font-weight-bold"; $overdue_color = "text-danger font-weight-bold";

2
client_location_add_modal.php
View File

@@ -116,7 +116,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = $row['contact_id']; $contact_id = $row['contact_id'];
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
<?php } ?> <?php } ?>

2
client_location_edit_modal.php
View File

@@ -118,7 +118,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = intval($row['contact_id']); $contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = nullable_htmlentities($row['contact_name']);
?> ?>
<option <?php if ($location_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option> <option <?php if ($location_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>

22
client_locations.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Locations">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -69,27 +69,27 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
$location_country = htmlentities($row['location_country']); $location_country = nullable_htmlentities($row['location_country']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$location_phone = formatPhoneNumber($row['location_phone']); $location_phone = formatPhoneNumber($row['location_phone']);
if (empty($location_phone)) { if (empty($location_phone)) {
$location_phone_display = "-"; $location_phone_display = "-";
} else { } else {
$location_phone_display = $location_phone; $location_phone_display = $location_phone;
} }
$location_hours = htmlentities($row['location_hours']); $location_hours = nullable_htmlentities($row['location_hours']);
if (empty($location_hours)) { if (empty($location_hours)) {
$location_hours_display = "-"; $location_hours_display = "-";
} else { } else {
$location_hours_display = $location_hours; $location_hours_display = $location_hours;
} }
$location_photo = htmlentities($row['location_photo']); $location_photo = nullable_htmlentities($row['location_photo']);
$location_notes = htmlentities($row['location_notes']); $location_notes = nullable_htmlentities($row['location_notes']);
$location_created_at = htmlentities($row['location_created_at']); $location_created_at = nullable_htmlentities($row['location_created_at']);
$location_contact_id = intval($row['location_contact_id']); $location_contact_id = intval($row['location_contact_id']);
if ($location_id == $primary_location) { if ($location_id == $primary_location) {
$primary_location_display = "<p class='text-success'>Primary Location</p>"; $primary_location_display = "<p class='text-success'>Primary Location</p>";

8
client_login_add_modal.php
View File

@@ -110,7 +110,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -134,7 +134,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -158,7 +158,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
?> ?>
<option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option> <option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option>
@@ -182,7 +182,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$software_id = intval($row['software_id']); $software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']); $software_name = nullable_htmlentities($row['software_name']);
?> ?>
<option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option> <option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option>

8
client_login_edit_modal.php
View File

@@ -118,7 +118,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = intval($row['contact_id']); $contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = nullable_htmlentities($row['contact_name']);
?> ?>
<option <?php if ($login_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option> <option <?php if ($login_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
<?php } ?> <?php } ?>
@@ -139,7 +139,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = nullable_htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($login_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($login_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php } ?> <?php } ?>
@@ -161,7 +161,7 @@
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC"); $sql_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
$asset_id_select = intval($row['asset_id']); $asset_id_select = intval($row['asset_id']);
$asset_name_select = htmlentities($row['asset_name']); $asset_name_select = nullable_htmlentities($row['asset_name']);
?> ?>
<option <?php if ($login_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option> <option <?php if ($login_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
@@ -183,7 +183,7 @@
$sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC"); $sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while ($row = mysqli_fetch_array($sql_software)) { while ($row = mysqli_fetch_array($sql_software)) {
$software_id_select = intval($row['software_id']); $software_id_select = intval($row['software_id']);
$software_name_select = htmlentities($row['software_name']); $software_name_select = nullable_htmlentities($row['software_name']);
?> ?>
<option <?php if ($login_software_id == $software_id_select) { echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option> <option <?php if ($login_software_id == $software_id_select) { echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option>

14
client_logins.php
View File

@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Passwords">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -69,28 +69,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']); $login_name = nullable_htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']); $login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) { if (empty($login_uri)) {
$login_uri_display = "-"; $login_uri_display = "-";
} else { } else {
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>"; $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
} }
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) { if (empty($login_username)) {
$login_username_display = "-"; $login_username_display = "-";
} else { } else {
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>"; $login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
} }
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = htmlentities($row['login_otp_secret']); $login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"'; $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) { if (empty($login_otp_secret)) {
$otp_display = "-"; $otp_display = "-";
} else { } else {
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>"; $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
} }
$login_note = htmlentities($row['login_note']); $login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']); $login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']); $login_contact_id = intval($row['login_contact_id']);
$login_vendor_id = intval($row['login_vendor_id']); $login_vendor_id = intval($row['login_vendor_id']);

16
client_logs.php
View File

@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Logs">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -66,16 +66,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$log_id = intval($row['log_id']); $log_id = intval($row['log_id']);
$log_type = htmlentities($row['log_type']); $log_type = nullable_htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']); $log_action = nullable_htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']); $log_description = nullable_htmlentities($row['log_description']);
$log_ip = htmlentities($row['log_ip']); $log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = htmlentities($row['log_user_agent']); $log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent); $log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent); $log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = htmlentities($row['log_created_at']); $log_created_at = nullable_htmlentities($row['log_created_at']);
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);
$user_name = htmlentities($row['user_name']); $user_name = nullable_htmlentities($row['user_name']);
if (empty($user_name)) { if (empty($user_name)) {
$user_name_display = "-"; $user_name_display = "-";
} else { } else {

2
client_network_add_modal.php
View File

@@ -74,7 +74,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
?> ?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option> <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>

12
client_networks.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Networks">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -70,23 +70,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$network_id = intval($row['network_id']); $network_id = intval($row['network_id']);
$network_name = htmlentities($row['network_name']); $network_name = nullable_htmlentities($row['network_name']);
$network_vlan = intval($row['network_vlan']); $network_vlan = intval($row['network_vlan']);
if (empty($network_vlan)) { if (empty($network_vlan)) {
$network_vlan_display = "-"; $network_vlan_display = "-";
} else { } else {
$network_vlan_display = $network_vlan; $network_vlan_display = $network_vlan;
} }
$network = htmlentities($row['network']); $network = nullable_htmlentities($row['network']);
$network_gateway = htmlentities($row['network_gateway']); $network_gateway = nullable_htmlentities($row['network_gateway']);
$network_dhcp_range = htmlentities($row['network_dhcp_range']); $network_dhcp_range = nullable_htmlentities($row['network_dhcp_range']);
if (empty($network_dhcp_range)) { if (empty($network_dhcp_range)) {
$network_dhcp_range_display = "-"; $network_dhcp_range_display = "-";
} else { } else {
$network_dhcp_range_display = $network_dhcp_range; $network_dhcp_range_display = $network_dhcp_range;
} }
$network_location_id = intval($row['network_location_id']); $network_location_id = intval($row['network_location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name_display = "-"; $location_name_display = "-";
} else { } else {

34
client_overview.php
View File

@@ -61,11 +61,11 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_important_contacts)) { while ($row = mysqli_fetch_array($sql_important_contacts)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
?> ?>
@@ -109,8 +109,8 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_updated_at = htmlentities($row['contact_updated_at']); $contact_updated_at = nullable_htmlentities($row['contact_updated_at']);
?> ?>
<p class="mb-1"> <p class="mb-1">
@@ -125,8 +125,8 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
$vendor_updated_at = htmlentities($row['vendor_updated_at']); $vendor_updated_at = nullable_htmlentities($row['vendor_updated_at']);
?> ?>
<p class="mb-1"> <p class="mb-1">
@@ -160,8 +160,8 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_domains_expiring)) { while ($row = mysqli_fetch_array($sql_domains_expiring)) {
$domain_id = intval($row['domain_id']); $domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']); $domain_name = nullable_htmlentities($row['domain_name']);
$domain_expire = htmlentities($row['domain_expire']); $domain_expire = nullable_htmlentities($row['domain_expire']);
?> ?>
<p class="mb-1"> <p class="mb-1">
@@ -177,8 +177,8 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_asset_warranties_expiring)) { while ($row = mysqli_fetch_array($sql_asset_warranties_expiring)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']); $asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']);
?> ?>
<p class="mb-1"> <p class="mb-1">
@@ -196,8 +196,8 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_asset_retire)) { while ($row = mysqli_fetch_array($sql_asset_retire)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
$asset_install_date = htmlentities($row['asset_install_date']); $asset_install_date = nullable_htmlentities($row['asset_install_date']);
?> ?>
<p class="mb-1"> <p class="mb-1">
@@ -234,10 +234,10 @@ $sql_domains_expiring = mysqli_query(
while ($row = mysqli_fetch_array($sql_tickets_stale)) { while ($row = mysqli_fetch_array($sql_tickets_stale)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_created_at = htmlentities($row['ticket_created_at']); $ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
?> ?>
<tr> <tr>

20
client_payments.php
View File

@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Payments">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -69,23 +69,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$payment_date = htmlentities($row['payment_date']); $payment_date = nullable_htmlentities($row['payment_date']);
$payment_method = htmlentities($row['payment_method']); $payment_method = nullable_htmlentities($row['payment_method']);
$payment_reference = htmlentities($row['payment_reference']); $payment_reference = nullable_htmlentities($row['payment_reference']);
if (empty($payment_reference)) { if (empty($payment_reference)) {
$payment_reference_display = "-"; $payment_reference_display = "-";
} else { } else {
$payment_reference_display = $payment_reference; $payment_reference_display = $payment_reference;
} }
$payment_amount = floatval($row['payment_amount']); $payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']); $payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
?> ?>

18
client_quotes.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Quotes">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -70,21 +70,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$quote_id = intval($row['quote_id']); $quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']); $quote_number = nullable_htmlentities($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']); $quote_scope = nullable_htmlentities($row['quote_scope']);
if (empty($quote_scope)) { if (empty($quote_scope)) {
$quote_scope_display = "-"; $quote_scope_display = "-";
} else { } else {
$quote_scope_display = $quote_scope; $quote_scope_display = $quote_scope;
} }
$quote_status = htmlentities($row['quote_status']); $quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']); $quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']); $quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
$quote_created_at = htmlentities($row['quote_created_at']); $quote_created_at = nullable_htmlentities($row['quote_created_at']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
//Set Badge color based off of quote status //Set Badge color based off of quote status
if ($quote_status == "Sent") { if ($quote_status == "Sent") {

20
client_recurring_invoices.php
View File

@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -71,21 +71,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$recurring_id = intval($row['recurring_id']); $recurring_id = intval($row['recurring_id']);
$recurring_prefix = htmlentities($row['recurring_prefix']); $recurring_prefix = nullable_htmlentities($row['recurring_prefix']);
$recurring_number = intval($row['recurring_number']); $recurring_number = intval($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']); $recurring_scope = nullable_htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']); $recurring_frequency = nullable_htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']); $recurring_status = nullable_htmlentities($row['recurring_status']);
$recurring_last_sent = htmlentities($row['recurring_last_sent']); $recurring_last_sent = nullable_htmlentities($row['recurring_last_sent']);
if ($recurring_last_sent == 0) { if ($recurring_last_sent == 0) {
$recurring_last_sent = "-"; $recurring_last_sent = "-";
} }
$recurring_next_date = htmlentities($row['recurring_next_date']); $recurring_next_date = nullable_htmlentities($row['recurring_next_date']);
$recurring_amount = floatval($row['recurring_amount']); $recurring_amount = floatval($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']); $recurring_currency_code = nullable_htmlentities($row['recurring_currency_code']);
$recurring_created_at = htmlentities($row['recurring_created_at']); $recurring_created_at = nullable_htmlentities($row['recurring_created_at']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
if ($recurring_status == 1) { if ($recurring_status == 1) {
$status = "Active"; $status = "Active";
$status_badge_color = "success"; $status_badge_color = "success";

10
client_scheduled_tickets.php
View File

@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -75,10 +75,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$scheduled_ticket_id = intval($row['scheduled_ticket_id']); $scheduled_ticket_id = intval($row['scheduled_ticket_id']);
$scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']); $scheduled_ticket_subject = nullable_htmlentities($row['scheduled_ticket_subject']);
$scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']); $scheduled_ticket_priority = nullable_htmlentities($row['scheduled_ticket_priority']);
$scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']); $scheduled_ticket_frequency = nullable_htmlentities($row['scheduled_ticket_frequency']);
$scheduled_ticket_next_run = htmlentities($row['scheduled_ticket_next_run']); $scheduled_ticket_next_run = nullable_htmlentities($row['scheduled_ticket_next_run']);
?> ?>
<tr> <tr>

16
client_service_add_modal.php
View File

@@ -102,7 +102,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
echo "<option value=\"$contact_id\">$contact_name</option>"; echo "<option value=\"$contact_id\">$contact_name</option>";
} }
?> ?>
@@ -116,7 +116,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
echo "<option value=\"$vendor_id\">$vendor_name</option>"; echo "<option value=\"$vendor_id\">$vendor_name</option>";
} }
?> ?>
@@ -130,7 +130,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
echo "<option value=\"$document_id\">$document_name</option>"; echo "<option value=\"$document_id\">$document_name</option>";
} }
?> ?>
@@ -154,7 +154,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
echo "<option value=\"$asset_id\">$asset_name</option>"; echo "<option value=\"$asset_id\">$asset_name</option>";
} }
?> ?>
@@ -170,7 +170,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']); $login_name = nullable_htmlentities($row['login_name']);
echo "<option value=\"$login_id\">$login_name</option>"; echo "<option value=\"$login_id\">$login_name</option>";
} }
?> ?>
@@ -191,7 +191,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$domain_id = intval($row['domain_id']); $domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']); $domain_name = nullable_htmlentities($row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>"; echo "<option value=\"$domain_id\">$domain_name</option>";
} }
?> ?>
@@ -207,8 +207,8 @@
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$cert_id = intval($row['certificate_id']); $cert_id = intval($row['certificate_id']);
$cert_name = htmlentities($row['certificate_name']); $cert_name = nullable_htmlentities($row['certificate_name']);
$cert_domain = htmlentities($row['certificate_domain']); $cert_domain = nullable_htmlentities($row['certificate_domain']);
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>"; echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
} }
?> ?>

14
client_service_edit_modal.php
View File

@@ -109,7 +109,7 @@
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$contact_id = intval($row_all['contact_id']); $contact_id = intval($row_all['contact_id']);
$contact_name = htmlentities($row_all['contact_name']); $contact_name = nullable_htmlentities($row_all['contact_name']);
if (in_array($contact_id, $selected_ids)) { if (in_array($contact_id, $selected_ids)) {
echo "<option value=\"$contact_id\" selected>$contact_name</option>"; echo "<option value=\"$contact_id\" selected>$contact_name</option>";
@@ -131,7 +131,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$vendor_id = intval($row_all['vendor_id']); $vendor_id = intval($row_all['vendor_id']);
$vendor_name = htmlentities($row_all['vendor_name']); $vendor_name = nullable_htmlentities($row_all['vendor_name']);
if (in_array($vendor_id, $selected_ids)) { if (in_array($vendor_id, $selected_ids)) {
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>"; echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
@@ -153,7 +153,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$document_id = intval($row_all['document_id']); $document_id = intval($row_all['document_id']);
$document_name = htmlentities($row_all['document_name']); $document_name = nullable_htmlentities($row_all['document_name']);
if (in_array($document_id, $selected_ids)) { if (in_array($document_id, $selected_ids)) {
echo "<option value=\"$document_id\" selected>$document_name</option>"; echo "<option value=\"$document_id\" selected>$document_name</option>";
@@ -186,7 +186,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$asset_id = intval($row_all['asset_id']); $asset_id = intval($row_all['asset_id']);
$asset_name = htmlentities($row_all['asset_name']); $asset_name = nullable_htmlentities($row_all['asset_name']);
if (in_array($asset_id, $selected_ids)) { if (in_array($asset_id, $selected_ids)) {
echo "<option value=\"$asset_id\" selected>$asset_name</option>"; echo "<option value=\"$asset_id\" selected>$asset_name</option>";
@@ -210,7 +210,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$login_id = intval($row_all['login_id']); $login_id = intval($row_all['login_id']);
$login_name = htmlentities($row_all['login_name']); $login_name = nullable_htmlentities($row_all['login_name']);
if (in_array($login_id, $selected_ids)) { if (in_array($login_id, $selected_ids)) {
echo "<option value=\"$login_id\" selected>$login_name</option>"; echo "<option value=\"$login_id\" selected>$login_name</option>";
@@ -239,7 +239,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$domain_id = intval($row_all['domain_id']); $domain_id = intval($row_all['domain_id']);
$domain_name = htmlentities($row_all['domain_name']); $domain_name = nullable_htmlentities($row_all['domain_name']);
if (in_array($domain_id, $selected_ids)) { if (in_array($domain_id, $selected_ids)) {
echo "<option value=\"$domain_id\" selected>$domain_name</option>"; echo "<option value=\"$domain_id\" selected>$domain_name</option>";
@@ -263,7 +263,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'"); $sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) { while ($row_all = mysqli_fetch_array($sql_all)) {
$cert_id = intval($row_all['certificate_id']); $cert_id = intval($row_all['certificate_id']);
$cert_name = htmlentities($row_all['certificate_name']); $cert_name = nullable_htmlentities($row_all['certificate_name']);
if (in_array($cert_id, $selected_ids)) { if (in_array($cert_id, $selected_ids)) {
echo "<option value=\"$cert_id\" selected>$cert_name</option>"; echo "<option value=\"$cert_id\" selected>$cert_name</option>";

4
client_service_view_modal.php
View File

@@ -32,7 +32,7 @@
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['asset_ip'])) { if (!empty($row['asset_ip'])) {
$ip = '('.htmlentities($row["asset_ip"]).')'; $ip = '('.nullable_htmlentities($row["asset_ip"]).')';
} else { } else {
$ip = ''; $ip = '';
} }
@@ -56,7 +56,7 @@
// Get networks linked to assets - push name to array // Get networks linked to assets - push name to array
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['network_name'])) { if (!empty($row['network_name'])) {
$network_data = htmlentities("$row[network_name]:$row[network_vlan]"); $network_data = nullable_htmlentities("$row[network_name]:$row[network_vlan]");
array_push($networks, $network_data); array_push($networks, $network_data);
} }
} }

18
client_services.php
View File

@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services"> <input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Services">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button> <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -58,14 +58,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$service_id = intval($row['service_id']); $service_id = intval($row['service_id']);
$service_name = htmlentities($row['service_name']); $service_name = nullable_htmlentities($row['service_name']);
$service_description = htmlentities($row['service_description']); $service_description = nullable_htmlentities($row['service_description']);
$service_category = htmlentities($row['service_category']); $service_category = nullable_htmlentities($row['service_category']);
$service_importance = htmlentities($row['service_importance']); $service_importance = nullable_htmlentities($row['service_importance']);
$service_backup = htmlentities($row['service_backup']); $service_backup = nullable_htmlentities($row['service_backup']);
$service_notes = htmlentities($row['service_notes']); $service_notes = nullable_htmlentities($row['service_notes']);
$service_updated_at = htmlentities($row['service_updated_at']); $service_updated_at = nullable_htmlentities($row['service_updated_at']);
$service_review_due = htmlentities($row['service_review_due']); $service_review_due = nullable_htmlentities($row['service_review_due']);
// Service Importance // Service Importance
if ($service_importance == "High") { if ($service_importance == "High") {

24
client_shared_items.php
View File

@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Shared Items"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Shared Items">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -61,28 +61,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_active = htmlentities($row['item_active']); $item_active = nullable_htmlentities($row['item_active']);
$item_key = htmlentities($row['item_key']); $item_key = nullable_htmlentities($row['item_key']);
$item_type = htmlentities($row['item_type']); $item_type = nullable_htmlentities($row['item_type']);
$item_related_id = intval($row['item_related_id']); $item_related_id = intval($row['item_related_id']);
$item_note = htmlentities($row['item_note']); $item_note = nullable_htmlentities($row['item_note']);
$item_views = htmlentities($row['item_views']); $item_views = nullable_htmlentities($row['item_views']);
$item_view_limit = htmlentities($row['item_view_limit']); $item_view_limit = nullable_htmlentities($row['item_view_limit']);
$item_created_at = htmlentities($row['item_created_at']); $item_created_at = nullable_htmlentities($row['item_created_at']);
$item_expire_at = htmlentities($row['item_expire_at']); $item_expire_at = nullable_htmlentities($row['item_expire_at']);
if ($item_type == 'Login') { if ($item_type == 'Login') {
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'"); $share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql); $share_item = mysqli_fetch_array($share_item_sql);
$item_name = htmlentities($share_item['login_name']); $item_name = nullable_htmlentities($share_item['login_name']);
} elseif ($item_type == 'Document') { } elseif ($item_type == 'Document') {
$share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'"); $share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql); $share_item = mysqli_fetch_array($share_item_sql);
$item_name = htmlentities($share_item['document_name']); $item_name = nullable_htmlentities($share_item['document_name']);
} elseif ($item_type == 'File') { } elseif ($item_type == 'File') {
$share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'"); $share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql); $share_item = mysqli_fetch_array($share_item_sql);
$item_name = htmlentities($share_item['file_name']); $item_name = nullable_htmlentities($share_item['file_name']);
} }

2
client_side_nav.php
View File

@@ -1,5 +1,5 @@
<!-- Main Sidebar Container --> <!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none"> <aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
<!-- Sidebar --> <!-- Sidebar -->
<div class="sidebar"> <div class="sidebar">

24
client_software.php
View File

@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Licenses">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -77,20 +77,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$software_id = intval($row['software_id']); $software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']); $software_name = nullable_htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']); $software_version = nullable_htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']); $software_type = nullable_htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']); $software_license_type = nullable_htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']); $software_key = nullable_htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']); $software_seats = nullable_htmlentities($row['software_seats']);
$software_purchase = htmlentities($row['software_purchase']); $software_purchase = nullable_htmlentities($row['software_purchase']);
$software_expire = htmlentities($row['software_expire']); $software_expire = nullable_htmlentities($row['software_expire']);
$software_notes = htmlentities($row['software_notes']); $software_notes = nullable_htmlentities($row['software_notes']);
// Get Login // Get Login
$login_id = intval($row['login_id']); $login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$seat_count = 0; $seat_count = 0;

2
client_software_add_from_template_modal.php
View File

@@ -23,7 +23,7 @@
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND software_archived_at IS NULL ORDER BY software_name ASC"); $sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND software_archived_at IS NULL ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software_templates)){ while($row = mysqli_fetch_array($sql_software_templates)){
$software_template_id = intval($row['software_id']); $software_template_id = intval($row['software_id']);
$software_template_name = htmlentities($row['software_name']); $software_template_name = nullable_htmlentities($row['software_name']);
?> ?>
<option value="<?php echo $software_template_id ?>"><?php echo $software_template_name; ?></option> <option value="<?php echo $software_template_id ?>"><?php echo $software_template_name; ?></option>

10
client_software_add_modal.php
View File

@@ -140,9 +140,9 @@
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']); $asset_name = nullable_htmlentities($row['asset_name']);
$asset_type = htmlentities($row['asset_type']); $asset_type = nullable_htmlentities($row['asset_type']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">
@@ -171,8 +171,8 @@
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">

10
client_software_edit_modal.php
View File

@@ -141,9 +141,9 @@
while ($row = mysqli_fetch_array($sql_assets_select)) { while ($row = mysqli_fetch_array($sql_assets_select)) {
$asset_id_select = intval($row['asset_id']); $asset_id_select = intval($row['asset_id']);
$asset_name_select = htmlentities($row['asset_name']); $asset_name_select = nullable_htmlentities($row['asset_name']);
$asset_type_select = htmlentities($row['asset_type']); $asset_type_select = nullable_htmlentities($row['asset_type']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = nullable_htmlentities($row['contact_name']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">
@@ -172,8 +172,8 @@
while ($row = mysqli_fetch_array($sql_contacts_select)) { while ($row = mysqli_fetch_array($sql_contacts_select)) {
$contact_id_select = intval($row['contact_id']); $contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = nullable_htmlentities($row['contact_name']);
$contact_email_select = htmlentities($row['contact_email']); $contact_email_select = nullable_htmlentities($row['contact_email']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">

30
client_tickets.php
View File

@@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tickets"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Tickets">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -79,14 +79,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']); $ticket_number = nullable_htmlentities($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_details = htmlentities($row['ticket_details']); $ticket_details = nullable_htmlentities($row['ticket_details']);
$ticket_priority = htmlentities($row['ticket_priority']); $ticket_priority = nullable_htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
$ticket_created_at = htmlentities($row['ticket_created_at']); $ticket_created_at = nullable_htmlentities($row['ticket_created_at']);
$ticket_updated_at = htmlentities($row['ticket_updated_at']); $ticket_updated_at = nullable_htmlentities($row['ticket_updated_at']);
if (empty($ticket_updated_at)) { if (empty($ticket_updated_at)) {
if ($ticket_status == "Closed") { if ($ticket_status == "Closed") {
$ticket_updated_at_display = "<p>Never</p>"; $ticket_updated_at_display = "<p>Never</p>";
@@ -96,7 +96,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else { } else {
$ticket_updated_at_display = $ticket_updated_at; $ticket_updated_at_display = $ticket_updated_at;
} }
$ticket_closed_at = htmlentities($row['ticket_closed_at']); $ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']);
if ($ticket_status == "Open") { if ($ticket_status == "Open") {
$ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>"; $ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>";
@@ -123,19 +123,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>"; $ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
} }
} else { } else {
$ticket_assigned_to_display = htmlentities($row['user_name']); $ticket_assigned_to_display = nullable_htmlentities($row['user_name']);
} }
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
if (empty($contact_name)) { if (empty($contact_name)) {
$contact_display = "-"; $contact_display = "-";
} else { } else {
$contact_display = "$contact_name<br><small class='text-secondary'>$contact_email</small>"; $contact_display = "$contact_name<br><small class='text-secondary'>$contact_email</small>";
} }
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$asset_id = intval($row['asset_id']); $asset_id = intval($row['asset_id']);

16
client_trips.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Trips">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -70,13 +70,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$trip_id = intval($row['trip_id']); $trip_id = intval($row['trip_id']);
$trip_date = htmlentities($row['trip_date']); $trip_date = nullable_htmlentities($row['trip_date']);
$trip_purpose = htmlentities($row['trip_purpose']); $trip_purpose = nullable_htmlentities($row['trip_purpose']);
$trip_source = htmlentities($row['trip_source']); $trip_source = nullable_htmlentities($row['trip_source']);
$trip_destination = htmlentities($row['trip_destination']); $trip_destination = nullable_htmlentities($row['trip_destination']);
$trip_miles = htmlentities($row['trip_miles']); $trip_miles = nullable_htmlentities($row['trip_miles']);
$trip_user_id = intval($row['trip_user_id']); $trip_user_id = intval($row['trip_user_id']);
$round_trip = htmlentities($row['round_trip']); $round_trip = nullable_htmlentities($row['round_trip']);
$client_id = intval($row['trip_client_id']); $client_id = intval($row['trip_client_id']);
if ($round_trip == 1) { if ($round_trip == 1) {
@@ -84,7 +84,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else { } else {
$round_trip_display = ""; $round_trip_display = "";
} }
$user_name = htmlentities($row['user_name']); $user_name = nullable_htmlentities($row['user_name']);
if (empty($user_name)) { if (empty($user_name)) {
$user_name_display = "-"; $user_name_display = "-";
} else { } else {

24
client_vendors.php
View File

@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Vendors">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -75,28 +75,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']); $vendor_description = nullable_htmlentities($row['vendor_description']);
if (empty($vendor_description)) { if (empty($vendor_description)) {
$vendor_description_display = "-"; $vendor_description_display = "-";
} else { } else {
$vendor_description_display = $vendor_description; $vendor_description_display = $vendor_description;
} }
$vendor_account_number = htmlentities($row['vendor_account_number']); $vendor_account_number = nullable_htmlentities($row['vendor_account_number']);
$vendor_contact_name = htmlentities($row['vendor_contact_name']); $vendor_contact_name = nullable_htmlentities($row['vendor_contact_name']);
if (empty($vendor_contact_name)) { if (empty($vendor_contact_name)) {
$vendor_contact_name_display = "-"; $vendor_contact_name_display = "-";
} else { } else {
$vendor_contact_name_display = $vendor_contact_name; $vendor_contact_name_display = $vendor_contact_name;
} }
$vendor_phone = formatPhoneNumber($row['vendor_phone']); $vendor_phone = formatPhoneNumber($row['vendor_phone']);
$vendor_extension = htmlentities($row['vendor_extension']); $vendor_extension = nullable_htmlentities($row['vendor_extension']);
$vendor_email = htmlentities($row['vendor_email']); $vendor_email = nullable_htmlentities($row['vendor_email']);
$vendor_website = htmlentities($row['vendor_website']); $vendor_website = nullable_htmlentities($row['vendor_website']);
$vendor_hours = htmlentities($row['vendor_hours']); $vendor_hours = nullable_htmlentities($row['vendor_hours']);
$vendor_sla = htmlentities($row['vendor_sla']); $vendor_sla = nullable_htmlentities($row['vendor_sla']);
$vendor_code = htmlentities($row['vendor_code']); $vendor_code = nullable_htmlentities($row['vendor_code']);
$vendor_notes = htmlentities($row['vendor_notes']); $vendor_notes = nullable_htmlentities($row['vendor_notes']);
$vendor_template_id = intval($row['vendor_template_id']); $vendor_template_id = intval($row['vendor_template_id']);
?> ?>

10
cron_ticket_email_parser.php
View File

@@ -169,7 +169,7 @@ function addReply($from_email, $date, $subject, $ticket_number, $message, $attac
// Capture just the latest/most recent email reply content // Capture just the latest/most recent email reply content
// based off the "#--itflow#" line that we prepend the outgoing emails with (similar to the old school --reply above this line--) // based off the "#--itflow#" line that we prepend the outgoing emails with (similar to the old school --reply above this line--)
$message = explode("##- Please type your reply above this line -##", $message); $message = explode("##- Please type your reply above this line -##", $message);
$message = nl2br(htmlentities(strip_tags($message[0]))); $message = nl2br(nullable_htmlentities(strip_tags($message[0])));
$message = "<i>Email from: $from_email at $date:-</i> <br><br>$message"; $message = "<i>Email from: $from_email at $date:-</i> <br><br>$message";
// Lookup the ticket ID // Lookup the ticket ID
@@ -312,13 +312,13 @@ if ($emails) {
// Process message attributes // Process message attributes
$from_array = $parser->getAddresses('from')[0]; $from_array = $parser->getAddresses('from')[0];
$from_name = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($from_array['display'])))); $from_name = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($from_array['display']))));
$from_email = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($from_array['address'])))); $from_email = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($from_array['address']))));
$from_domain = explode("@", $from_array['address']); $from_domain = explode("@", $from_array['address']);
$from_domain = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags(end($from_domain))))); // Use the final element in the array (as technically legal to have multiple @'s) $from_domain = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags(end($from_domain))))); // Use the final element in the array (as technically legal to have multiple @'s)
$subject = sanitizeInput($parser->getHeader('subject')); $subject = sanitizeInput($parser->getHeader('subject'));
$date = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($parser->getHeader('date'))))); $date = trim(mysqli_real_escape_string($mysqli, nullable_htmlentities(strip_tags($parser->getHeader('date')))));
$attachments = $parser->getAttachments(); $attachments = $parser->getAttachments();
$message = $parser->getMessageBody('text'); $message = $parser->getMessageBody('text');

4
custom_field_create_modal.php
View File

@@ -2,13 +2,13 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>Create <?php echo htmlentities($table); ?> field</h5> <h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>Create <?php echo nullable_htmlentities($table); ?> field</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="table" value="<?php echo htmlentities($table); ?>"> <input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">

14
dashboard_financial.php
View File

@@ -320,7 +320,7 @@ $vendors_added = intval($row['vendors_added']);
<?php <?php
while ($row = mysqli_fetch_array($sql_accounts)) { while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
?> ?>
@@ -379,11 +379,11 @@ $vendors_added = intval($row['vendors_added']);
<tbody> <tbody>
<?php <?php
while ($row = mysqli_fetch_array($sql_latest_invoice_payments)) { while ($row = mysqli_fetch_array($sql_latest_invoice_payments)) {
$payment_date = htmlentities($row['payment_date']); $payment_date = nullable_htmlentities($row['payment_date']);
$payment_amount = floatval($row['payment_amount']); $payment_amount = floatval($row['payment_amount']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<tr> <tr>
<td><?php echo $payment_date; ?></td> <td><?php echo $payment_date; ?></td>
@@ -422,10 +422,10 @@ $vendors_added = intval($row['vendors_added']);
<tbody> <tbody>
<?php <?php
while ($row = mysqli_fetch_array($sql_latest_expenses)) { while ($row = mysqli_fetch_array($sql_latest_expenses)) {
$expense_date = htmlentities($row['expense_date']); $expense_date = nullable_htmlentities($row['expense_date']);
$expense_amount = floatval($row['expense_amount']); $expense_amount = floatval($row['expense_amount']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<tr> <tr>

8
expense_add_modal.php
View File

@@ -46,7 +46,7 @@
$sql = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC"); $sql = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
@@ -86,7 +86,7 @@
$sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = intval($row['vendor_id']); $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -131,7 +131,7 @@
$sql = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option> <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@@ -164,7 +164,7 @@
$sql = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option> <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>

8
expense_copy_modal.php
View File

@@ -47,7 +47,7 @@
$sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts ORDER BY account_name ASC"); $sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) { while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']); $account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']); $account_name_select = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
@@ -85,7 +85,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = nullable_htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php <?php
@@ -127,7 +127,7 @@
$sql_categories = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC"); $sql_categories = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_categories)) { while ($row = mysqli_fetch_array($sql_categories)) {
$category_id_select = intval($row['category_id']); $category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option> <option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php <?php
@@ -155,7 +155,7 @@
$sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC"); $sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql_clients)) { while ($row = mysqli_fetch_array($sql_clients)) {
$client_id_select = intval($row['client_id']); $client_id_select = intval($row['client_id']);
$client_name_select = htmlentities($row['client_name']); $client_name_select = nullable_htmlentities($row['client_name']);
?> ?>
<option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option> <option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>

8
expense_edit_modal.php
View File

@@ -49,7 +49,7 @@
$sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_name ASC"); $sql_accounts = mysqli_query($mysqli, "SELECT account_id, account_name, opening_balance FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) { while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = intval($row['account_id']); $account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']); $account_name_select = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
@@ -88,7 +88,7 @@
$sql_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC"); $sql_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_select)) { while ($row = mysqli_fetch_array($sql_select)) {
$vendor_id_select = intval($row['vendor_id']); $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = nullable_htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php <?php
@@ -133,7 +133,7 @@
$sql_select = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); $sql_select = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_select)) { while ($row = mysqli_fetch_array($sql_select)) {
$category_id_select = intval($row['category_id']); $category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option> <option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php <?php
@@ -164,7 +164,7 @@
$sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC"); $sql_clients = mysqli_query($mysqli, "SELECT client_id, client_name FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql_clients)) { while ($row = mysqli_fetch_array($sql_clients)) {
$client_id_select = intval($row['client_id']); $client_id_select = intval($row['client_id']);
$client_name_select = htmlentities($row['client_name']); $client_name_select = nullable_htmlentities($row['client_name']);
?> ?>
<option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option> <option <?php if ($expense_client_id == $client_id_select) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>

4
expense_export_modal.php
View File

@@ -18,7 +18,7 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div> </div>
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
@@ -28,7 +28,7 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div> </div>
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>

26
expenses.php
View File

@@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Expenses"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Expenses">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -73,13 +73,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date From</label> <label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date To</label> <label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -105,20 +105,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$expense_id = intval($row['expense_id']); $expense_id = intval($row['expense_id']);
$expense_date = htmlentities($row['expense_date']); $expense_date = nullable_htmlentities($row['expense_date']);
$expense_amount = floatval($row['expense_amount']); $expense_amount = floatval($row['expense_amount']);
$expense_currency_code = htmlentities($row['expense_currency_code']); $expense_currency_code = nullable_htmlentities($row['expense_currency_code']);
$expense_description = htmlentities($row['expense_description']); $expense_description = nullable_htmlentities($row['expense_description']);
$expense_receipt = htmlentities($row['expense_receipt']); $expense_receipt = nullable_htmlentities($row['expense_receipt']);
$expense_reference = htmlentities($row['expense_reference']); $expense_reference = nullable_htmlentities($row['expense_reference']);
$expense_created_at = htmlentities($row['expense_created_at']); $expense_created_at = nullable_htmlentities($row['expense_created_at']);
$expense_vendor_id = intval($row['expense_vendor_id']); $expense_vendor_id = intval($row['expense_vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
$expense_category_id = intval($row['expense_category_id']); $expense_category_id = intval($row['expense_category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
$expense_account_id = intval($row['expense_account_id']); $expense_account_id = intval($row['expense_account_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
if(empty($client_name)) { if(empty($client_name)) {
$client_name_display = "-"; $client_name_display = "-";
} else { } else {

2
functions.php
View File

@@ -46,7 +46,7 @@ function key32gen()
} }
function nullable_htmlentities($unsanitizedInput) { function nullable_htmlentities($unsanitizedInput) {
return htmlentities($unsanitizedInput ?? ''); return nullable_htmlentities($unsanitizedInput ?? '');
} }
function initials($str) { function initials($str) {

2
get_credential.php
View File

@@ -132,7 +132,7 @@ if (isset($_GET['host'])) {
if (mysqli_num_rows($sql_logins) > 0) { if (mysqli_num_rows($sql_logins) > 0) {
$row = mysqli_fetch_array($sql_logins); $row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE"; $data['found'] = "TRUE";
$data['username'] = htmlentities(decryptLoginEntry($row['login_username'])); $data['username'] = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie $data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
echo json_encode($data); echo json_encode($data);

44
global_search.php
View File

@@ -21,7 +21,7 @@ if (isset($_GET['query'])) {
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') ORDER BY ticket_id DESC LIMIT 5"); $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') ORDER BY ticket_id DESC LIMIT 5");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' ORDER BY login_id DESC LIMIT 5"); $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_name LIKE '%$query%' ORDER BY login_id DESC LIMIT 5");
$q = htmlentities($_GET['query']); $q = nullable_htmlentities($_GET['query']);
?> ?>
<h4 class="text-center"><i class="fas fa-fw fa-search mr-2"></i>Search all things</h4> <h4 class="text-center"><i class="fas fa-fw fa-search mr-2"></i>Search all things</h4>
@@ -50,9 +50,9 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_clients)) { while ($row = mysqli_fetch_array($sql_clients)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$location_phone = formatPhoneNumber($row['location_phone']); $location_phone = formatPhoneNumber($row['location_phone']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
?> ?>
<tr> <tr>
@@ -95,15 +95,15 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$contact_department = htmlentities($row['contact_department']); $contact_department = nullable_htmlentities($row['contact_department']);
?> ?>
<tr> <tr>
@@ -148,8 +148,8 @@ if (isset($_GET['query'])) {
<?php <?php
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = nullable_htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']); $vendor_description = nullable_htmlentities($row['vendor_description']);
$vendor_phone = formatPhoneNumber($row['vendor_phone']); $vendor_phone = formatPhoneNumber($row['vendor_phone']);
?> ?>
<tr> <tr>
@@ -189,8 +189,8 @@ if (isset($_GET['query'])) {
<?php <?php
while ($row = mysqli_fetch_array($sql_products)) { while ($row = mysqli_fetch_array($sql_products)) {
$product_name = htmlentities($row['product_name']); $product_name = nullable_htmlentities($row['product_name']);
$product_description = htmlentities($row['product_description']); $product_description = nullable_htmlentities($row['product_description']);
?> ?>
<tr> <tr>
<td><a href="products.php?q=<?php echo $q ?>"><?php echo $product_name; ?></a></td> <td><a href="products.php?q=<?php echo $q ?>"><?php echo $product_name; ?></a></td>
@@ -229,9 +229,9 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_documents)) { while ($row = mysqli_fetch_array($sql_documents)) {
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$client_id = intval($row['document_client_id']); $client_id = intval($row['document_client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<tr> <tr>
@@ -275,11 +275,11 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_tickets)) { while ($row = mysqli_fetch_array($sql_tickets)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_client = htmlentities($row['client_name']); $ticket_client = nullable_htmlentities($row['client_name']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
?> ?>
<tr> <tr>
@@ -322,10 +322,10 @@ if (isset($_GET['query'])) {
<?php <?php
while ($row = mysqli_fetch_array($sql_logins)) { while ($row = mysqli_fetch_array($sql_logins)) {
$login_name = htmlentities($row['login_name']); $login_name = nullable_htmlentities($row['login_name']);
$login_client_id = intval($row['login_client_id']); $login_client_id = intval($row['login_client_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
?> ?>
<tr> <tr>

6
guest_ajax.php
View File

@@ -42,12 +42,12 @@ if (isset($_GET['stripe_create_pi'])) {
// Invoice exists - get details for payment // Invoice exists - get details for payment
$row = mysqli_fetch_array($invoice_sql); $row = mysqli_fetch_array($invoice_sql);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
// Add up all the payments for the invoice and get the total amount paid to the invoice // Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");

4
guest_header.php
View File

@@ -20,7 +20,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<title><?php echo htmlentities($config_app_name); ?></title> <title><?php echo nullable_htmlentities($config_app_name); ?></title>
<!-- Font Awesome Icons --> <!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
@@ -52,7 +52,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
} }
?> ?>
<div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert"> <div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<?php echo htmlentities($_SESSION['alert_message']); ?> <?php echo nullable_htmlentities($_SESSION['alert_message']); ?>
<button class='close' data-dismiss='alert'>&times;</button> <button class='close' data-dismiss='alert'>&times;</button>
</div> </div>
<?php <?php

34
guest_pay_invoice_stripe.php
View File

@@ -9,8 +9,8 @@ DEFINE("WORDING_PAYMENT_FAILED", "<br><h2>There was an error verifying your paym
// Defaulting to company id of 1 (as multi-company is being removed) // Defaulting to company id of 1 (as multi-company is being removed)
$stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account FROM settings WHERE company_id = 1")); $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account FROM settings WHERE company_id = 1"));
$config_stripe_enable = intval($stripe_vars['config_stripe_enable']); $config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
$config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishable']); $config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']);
$config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']); $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
$config_stripe_account = intval($stripe_vars['config_stripe_account']); $config_stripe_account = intval($stripe_vars['config_stripe_account']);
// Check Stripe is configured // Check Stripe is configured
@@ -50,19 +50,19 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Process invoice, client and company details/settings // Process invoice, client and company details/settings
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_locale = htmlentities($row['company_locale']); $company_locale = nullable_htmlentities($row['company_locale']);
// Add up all the payments for the invoice and get the total amount paid to the invoice // Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
@@ -105,7 +105,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$item_total = 0; $item_total = 0;
while ($row = mysqli_fetch_array($sql_invoice_items)) { while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_total = floatval($row['item_total']); $item_total = floatval($row['item_total']);
?> ?>
@@ -208,22 +208,22 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Invoice exists - get details // Invoice exists - get details
$row = mysqli_fetch_array($invoice_sql); $row = mysqli_fetch_array($invoice_sql);
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$contact_name = $row['contact_name']; $contact_name = $row['contact_name'];
$contact_email = $row['contact_email']; $contact_email = $row['contact_email'];
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); $sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company); $row = mysqli_fetch_array($sql_company);
$company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name'])); $company_name = mysqli_real_escape_string($mysqli, nullable_htmlentities($row['company_name']));
$company_phone = htmlentities($row['company_phone']); $company_phone = nullable_htmlentities($row['company_phone']);
$company_locale = htmlentities($row['company_locale']); $company_locale = nullable_htmlentities($row['company_locale']);
// Set Currency Formatting // Set Currency Formatting
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);

92
guest_view_invoice.php
View File

@@ -31,28 +31,28 @@ if (mysqli_num_rows($sql) !== 1) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']); $invoice_note = nullable_htmlentities($row['invoice_note']);
$invoice_category_id = intval($row['invoice_category_id']); $invoice_category_id = intval($row['invoice_category_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_name_escaped = sanitizeInput($row['client_name']); $client_name_escaped = sanitizeInput($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']); $client_net_terms = intval($row['config_default_net_terms']);
@@ -61,20 +61,20 @@ if ($client_net_terms == 0) {
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']); $company_name = nullable_htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = nullable_htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = nullable_htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = nullable_htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = nullable_htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = nullable_htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = nullable_htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = nullable_htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = nullable_htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']); $config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']);
$config_stripe_enable = intval($row['config_stripe_enable']); $config_stripe_enable = intval($row['config_stripe_enable']);
//Set Currency Format //Set Currency Format
@@ -212,8 +212,8 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
while ($row = mysqli_fetch_array($sql_invoice_items)) { while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']); $item_description = nullable_htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_price = floatval($row['item_price']); $item_price = floatval($row['item_price']);
$item_tax = floatval($row['item_tax']); $item_tax = floatval($row['item_tax']);
@@ -734,13 +734,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total; $invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = time() - strtotime($invoice_due); $difference = time() - strtotime($invoice_due);
$days = floor($difference / (60*60*24)); $days = floor($difference / (60*60*24));
@@ -792,13 +792,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total; $invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = strtotime($invoice_due) - time(); $difference = strtotime($invoice_due) - time();
$days = floor($difference / (60*60*24)); $days = floor($difference / (60*60*24));
@@ -850,13 +850,13 @@ if (mysqli_num_rows($sql) > 1) { ?>
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total; $invoice_tally_total = $invoice_amount + $invoice_tally_total;
?> ?>
@@ -878,11 +878,11 @@ if (mysqli_num_rows($sql) > 1) { ?>
while ($row = mysqli_fetch_array($sql_payments)) { while ($row = mysqli_fetch_array($sql_payments)) {
$payment_id = intval($row['payment_id']); $payment_id = intval($row['payment_id']);
$payment_date = htmlentities($row['payment_date']); $payment_date = nullable_htmlentities($row['payment_date']);
$payment_amount = floatval($row['payment_amount']); $payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']); $payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
$payment_method = htmlentities($row['payment_method']); $payment_method = nullable_htmlentities($row['payment_method']);
$payment_reference = htmlentities($row['payment_reference']); $payment_reference = nullable_htmlentities($row['payment_reference']);
if (strtotime($payment_date) > strtotime($invoice_due)) { if (strtotime($payment_date) > strtotime($invoice_due)) {
$payment_note = "Late"; $payment_note = "Late";
$difference = strtotime($payment_date) - strtotime($invoice_due); $difference = strtotime($payment_date) - strtotime($invoice_due);

28
guest_view_item.php
View File

@@ -15,7 +15,7 @@ $purifier = new HTMLPurifier($purifier_config);
?> ?>
<br> <br>
<h1> <?php echo htmlentities($config_app_name); ?> Guest sharing </h1> <h1> <?php echo nullable_htmlentities($config_app_name); ?> Guest sharing </h1>
<hr> <hr>
<?php <?php
@@ -49,13 +49,13 @@ if ($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']
echo "<div class='alert alert-warning'>You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>"; echo "<div class='alert alert-warning'>You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
$item_type = htmlentities($row['item_type']); $item_type = nullable_htmlentities($row['item_type']);
$item_related_id = intval($row['item_related_id']); $item_related_id = intval($row['item_related_id']);
$item_encrypted_credential = htmlentities($row['item_encrypted_credential']); $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']);
$item_note = htmlentities($row['item_note']); $item_note = nullable_htmlentities($row['item_note']);
$item_views = intval($row['item_views']); $item_views = intval($row['item_views']);
$item_created = htmlentities($row['item_created_at']); $item_created = nullable_htmlentities($row['item_created_at']);
$item_expire = htmlentities($row['item_expire_at']); $item_expire = nullable_htmlentities($row['item_expire_at']);
$client_id = intval($row['item_client_id']); $client_id = intval($row['item_client_id']);
if ($item_type == "Document") { if ($item_type == "Document") {
@@ -68,7 +68,7 @@ if ($item_type == "Document") {
exit(); exit();
} }
$doc_title = htmlentities($doc_row['document_name']); $doc_title = nullable_htmlentities($doc_row['document_name']);
$doc_title_escaped = sanitizeInput($doc_row['document_name']); $doc_title_escaped = sanitizeInput($doc_row['document_name']);
$doc_content = $purifier->purify($row['document_content']); $doc_content = $purifier->purify($row['document_content']);
@@ -98,7 +98,7 @@ if ($item_type == "Document") {
exit(); exit();
} }
$file_name = htmlentities($file_row['file_name']); $file_name = nullable_htmlentities($file_row['file_name']);
echo "<h3>A file has been shared with you</h3>"; echo "<h3>A file has been shared with you</h3>";
if (!empty($item_note)) { if (!empty($item_note)) {
@@ -118,19 +118,19 @@ if ($item_type == "Document") {
exit(); exit();
} }
$login_name = htmlentities($login_row['login_name']); $login_name = nullable_htmlentities($login_row['login_name']);
$login_uri = htmlentities($login_row['login_uri']); $login_uri = nullable_htmlentities($login_row['login_uri']);
$username_iv = substr($row['item_encrypted_username'], 0, 16); $username_iv = substr($row['item_encrypted_username'], 0, 16);
$username_ciphertext = substr($row['item_encrypted_username'], 16); $username_ciphertext = substr($row['item_encrypted_username'], 16);
$login_username = htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv)); $login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
$password_iv = substr($row['item_encrypted_credential'], 0, 16); $password_iv = substr($row['item_encrypted_credential'], 0, 16);
$password_ciphertext = substr($row['item_encrypted_credential'], 16); $password_ciphertext = substr($row['item_encrypted_credential'], 16);
$login_password = htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv)); $login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
$login_otp = htmlentities($login_row['login_otp_secret']); $login_otp = nullable_htmlentities($login_row['login_otp_secret']);
$login_notes = htmlentities($login_row['login_note']); $login_notes = nullable_htmlentities($login_row['login_note']);
echo "<h3>A login entry has been shared with you</h3>"; echo "<h3>A login entry has been shared with you</h3>";
if (!empty($item_note)) { if (!empty($item_note)) {

52
guest_view_quote.php
View File

@@ -32,27 +32,27 @@ if (mysqli_num_rows($sql) !== 1) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$quote_id = intval($row['quote_id']); $quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']); $quote_number = intval($row['quote_number']);
$quote_status = htmlentities($row['quote_status']); $quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']); $quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']); $quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']); $quote_note = nullable_htmlentities($row['quote_note']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_name_escaped = sanitizeInput($row['client_name']); $client_name_escaped = sanitizeInput($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']); $client_net_terms = intval($row['config_default_net_terms']);
@@ -60,20 +60,20 @@ if ($client_net_terms == 0) {
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_name = htmlentities($row['company_name']); $company_name = nullable_htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = nullable_htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = nullable_htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = nullable_htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = nullable_htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = nullable_htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = nullable_htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = nullable_htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = nullable_htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']); $config_quote_footer = nullable_htmlentities($row['config_quote_footer']);
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@@ -189,8 +189,8 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
while ($row = mysqli_fetch_array($sql_items)) { while ($row = mysqli_fetch_array($sql_items)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']); $item_description = nullable_htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_price = floatval($row['item_price']); $item_price = floatval($row['item_price']);
$item_tax = floatval($row['item_tax']); $item_tax = floatval($row['item_tax']);

4
header.php
View File

@@ -16,7 +16,7 @@ header("X-Frame-Options: DENY");
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<title><?php echo htmlentities($session_company_name); ?> | <?php echo htmlentities($config_app_name); ?></title> <title><?php echo nullable_htmlentities($session_company_name); ?> | <?php echo nullable_htmlentities($config_app_name); ?></title>
<!-- Font Awesome Icons --> <!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
@@ -36,5 +36,5 @@ header("X-Frame-Options: DENY");
<script src="plugins/toastr/toastr.min.js"></script> <script src="plugins/toastr/toastr.min.js"></script>
</head> </head>
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo htmlentities($config_theme); ?>"> <body class="hold-transition sidebar-mini layout-fixed accent-<?php echo nullable_htmlentities($config_theme); ?>">
<div class="wrapper text-sm"> <div class="wrapper text-sm">

42
inc_all_client.php
View File

@@ -25,35 +25,35 @@ if (isset($_GET['client_id'])) {
} else { } else {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_type = htmlentities($row['client_type']); $client_type = nullable_htmlentities($row['client_type']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_referral = htmlentities($row['client_referral']); $client_referral = nullable_htmlentities($row['client_referral']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
} }
$client_tax_id_number = htmlentities($row['client_tax_id_number']); $client_tax_id_number = nullable_htmlentities($row['client_tax_id_number']);
$client_rate = floatval($row['client_rate']); $client_rate = floatval($row['client_rate']);
$client_notes = htmlentities($row['client_notes']); $client_notes = nullable_htmlentities($row['client_notes']);
$client_created_at = htmlentities($row['client_created_at']); $client_created_at = nullable_htmlentities($row['client_created_at']);
$primary_contact = intval($row['primary_contact']); $primary_contact = intval($row['primary_contact']);
$primary_location = intval($row['primary_location']); $primary_location = intval($row['primary_location']);
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = nullable_htmlentities($row['location_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$location_country = htmlentities($row['location_country']); $location_country = nullable_htmlentities($row['location_country']);
$location_phone = formatPhoneNumber($row['location_phone']); $location_phone = formatPhoneNumber($row['location_phone']);
//Client Tags //Client Tags
@@ -64,9 +64,9 @@ if (isset($_GET['client_id'])) {
while ($row = mysqli_fetch_array($sql_client_tags)) { while ($row = mysqli_fetch_array($sql_client_tags)) {
$client_tag_id = intval($row['tag_id']); $client_tag_id = intval($row['tag_id']);
$client_tag_name = htmlentities($row['tag_name']); $client_tag_name = nullable_htmlentities($row['tag_name']);
$client_tag_color = htmlentities($row['tag_color']); $client_tag_color = nullable_htmlentities($row['tag_color']);
$client_tag_icon = htmlentities($row['tag_icon']); $client_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($client_tag_icon)) { if (empty($client_tag_icon)) {
$client_tag_icon = "tag"; $client_tag_icon = "tag";
} }

76
invoice.php
View File

@@ -23,30 +23,30 @@ if (isset($_GET['invoice_id'])) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']); $invoice_scope = nullable_htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']); $invoice_note = nullable_htmlentities($row['invoice_note']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
$invoice_created_at = htmlentities($row['invoice_created_at']); $invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
$category_id = intval($row['invoice_category_id']); $category_id = intval($row['invoice_category_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
@@ -55,16 +55,16 @@ if (isset($_GET['invoice_id'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); $sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_id = intval($row['company_id']); $company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']); $company_name = nullable_htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']); $company_country = nullable_htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']); $company_address = nullable_htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = nullable_htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = nullable_htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = nullable_htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = nullable_htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = nullable_htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = nullable_htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
@@ -273,13 +273,13 @@ if (isset($_GET['invoice_id'])) {
while ($row = mysqli_fetch_array($sql_invoice_items)) { while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']); $item_description = nullable_htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_price = floatval($row['item_price']); $item_price = floatval($row['item_price']);
$item_tax = floatval($row['item_tax']); $item_tax = floatval($row['item_tax']);
$item_total = floatval($row['item_total']); $item_total = floatval($row['item_total']);
$item_created_at = htmlentities($row['item_created_at']); $item_created_at = nullable_htmlentities($row['item_created_at']);
$tax_id = intval($row['item_tax_id']); $tax_id = intval($row['item_tax_id']);
$total_tax = $item_tax + $total_tax; $total_tax = $item_tax + $total_tax;
$sub_total = $item_price * $item_quantity + $sub_total; $sub_total = $item_price * $item_quantity + $sub_total;
@@ -336,7 +336,7 @@ if (isset($_GET['invoice_id'])) {
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']); $tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -406,7 +406,7 @@ if (isset($_GET['invoice_id'])) {
<hr class="d-none d-print-block mt-5"> <hr class="d-none d-print-block mt-5">
<div class="d-none d-print-block text-center"><?php echo nl2br(htmlentities($config_invoice_footer)); ?></div> <div class="d-none d-print-block text-center"><?php echo nl2br(nullable_htmlentities($config_invoice_footer)); ?></div>
</div> </div>
</div> </div>
@@ -438,8 +438,8 @@ if (isset($_GET['invoice_id'])) {
while ($row = mysqli_fetch_array($sql_history)) { while ($row = mysqli_fetch_array($sql_history)) {
$history_created_at = $row['history_created_at']; $history_created_at = $row['history_created_at'];
$history_status = htmlentities($row['history_status']); $history_status = nullable_htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']); $history_description = nullable_htmlentities($row['history_description']);
?> ?>
<tr> <tr>
@@ -486,11 +486,11 @@ if (isset($_GET['invoice_id'])) {
while ($row = mysqli_fetch_array($sql_payments)) { while ($row = mysqli_fetch_array($sql_payments)) {
$payment_id = intval($row['payment_id']); $payment_id = intval($row['payment_id']);
$payment_date = htmlentities($row['payment_date']); $payment_date = nullable_htmlentities($row['payment_date']);
$payment_amount = floatval($row['payment_amount']); $payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']); $payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
$payment_reference = htmlentities($row['payment_reference']); $payment_reference = nullable_htmlentities($row['payment_reference']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
?> ?>
<tr> <tr>

4
invoice_add_modal.php
View File

@@ -38,7 +38,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option> <option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@@ -64,7 +64,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option> <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

2
invoice_edit_modal.php
View File

@@ -45,7 +45,7 @@
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); $sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_income_category)) { while ($row = mysqli_fetch_array($sql_income_category)) {
$category_id_select= intval($row['category_id']); $category_id_select= intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option> <option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>

4
invoice_payment_add_modal.php
View File

@@ -57,7 +57,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
@@ -96,7 +96,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($config_default_payment_method == $category_name) { echo "selected"; } ?>><?php echo $category_name; ?></option> <option <?php if ($config_default_payment_method == $category_name) { echo "selected"; } ?>><?php echo $category_name; ?></option>

26
invoices.php
View File

@@ -155,11 +155,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-body"> <div class="card-body">
<form class="mb-4" autocomplete="off"> <form class="mb-4" autocomplete="off">
<input type="hidden" name="status" value="<?php if (isset($_GET['status'])) { echo htmlentities($_GET['status']); } ?>"> <input type="hidden" name="status" value="<?php if (isset($_GET['status'])) { echo nullable_htmlentities($_GET['status']); } ?>">
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Invoices">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -221,25 +221,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']); $invoice_number = nullable_htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']); $invoice_scope = nullable_htmlentities($row['invoice_scope']);
if (empty($invoice_scope)) { if (empty($invoice_scope)) {
$invoice_scope_display = "-"; $invoice_scope_display = "-";
} else { } else {
$invoice_scope_display = $invoice_scope; $invoice_scope_display = $invoice_scope;
} }
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
$invoice_created_at = htmlentities($row['invoice_created_at']); $invoice_created_at = nullable_htmlentities($row['invoice_created_at']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;

2
item_edit_modal.php
View File

@@ -80,7 +80,7 @@
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id_select = intval($row['tax_id']); $tax_id_select = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option <?php if ($tax_id_select == $tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option <?php if ($tax_id_select == $tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

4
login.php
View File

@@ -228,7 +228,7 @@ if (isset($_POST['login'])) {
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo htmlentities($company_name); ?> | Login</title> <title><?php echo nullable_htmlentities($company_name); ?> | Login</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
@@ -244,7 +244,7 @@ if (isset($_POST['login'])) {
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<?php if (!empty($company_logo)) { ?> <?php if (!empty($company_logo)) { ?>
<img alt="<?=htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>"> <img alt="<?=nullable_htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<?php } else { ?> <?php } else { ?>
<b>IT</b>Flow <b>IT</b>Flow
<?php } ?> <?php } ?>

22
logs.php
View File

@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search audit logs">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -61,13 +61,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date From</label> <label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date To</label> <label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -94,22 +94,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$log_id = intval($row['log_id']); $log_id = intval($row['log_id']);
$log_type = htmlentities($row['log_type']); $log_type = nullable_htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']); $log_action = nullable_htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']); $log_description = nullable_htmlentities($row['log_description']);
$log_ip = htmlentities($row['log_ip']); $log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = htmlentities($row['log_user_agent']); $log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent); $log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent); $log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = htmlentities($row['log_created_at']); $log_created_at = nullable_htmlentities($row['log_created_at']);
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);
$user_name = htmlentities($row['user_name']); $user_name = nullable_htmlentities($row['user_name']);
if (empty($user_name)) { if (empty($user_name)) {
$user_name_display = "-"; $user_name_display = "-";
} else { } else {
$user_name_display = $user_name; $user_name_display = $user_name;
} }
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
if (empty($client_name)) { if (empty($client_name)) {
$client_name_display = "-"; $client_name_display = "-";

8
notifications.php
View File

@@ -34,10 +34,10 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$notification_id = intval($row['notification_id']); $notification_id = intval($row['notification_id']);
$notification_type = htmlentities($row['notification_type']); $notification_type = nullable_htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']); $notification = nullable_htmlentities($row['notification']);
$notification_timestamp = htmlentities($row['notification_timestamp']); $notification_timestamp = nullable_htmlentities($row['notification_timestamp']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
if (empty($client_name)) { if (empty($client_name)) {
$client_name_display = "-"; $client_name_display = "-";

18
notifications_dismissed.php
View File

@@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -51,13 +51,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date From</label> <label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date To</label> <label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -123,12 +123,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$notification_id = intval($row['notification_id']); $notification_id = intval($row['notification_id']);
$notification_timestamp = htmlentities($row['notification_timestamp']); $notification_timestamp = nullable_htmlentities($row['notification_timestamp']);
$notification_type = htmlentities($row['notification_type']); $notification_type = nullable_htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']); $notification = nullable_htmlentities($row['notification']);
$notification_dismissed_at = htmlentities($row['notification_dismissed_at']); $notification_dismissed_at = nullable_htmlentities($row['notification_dismissed_at']);
$user_name = htmlentities($row['user_name']); $user_name = nullable_htmlentities($row['user_name']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
if (empty($client_name)) { if (empty($client_name)) {
$client_name_display = "-"; $client_name_display = "-";

24
payments.php
View File

@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Payments">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -63,13 +63,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date From</label> <label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date To</label> <label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -95,23 +95,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$payment_date = htmlentities($row['payment_date']); $payment_date = nullable_htmlentities($row['payment_date']);
$payment_method = htmlentities($row['payment_method']); $payment_method = nullable_htmlentities($row['payment_method']);
$payment_amount = floatval($row['payment_amount']); $payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']); $payment_currency_code = nullable_htmlentities($row['payment_currency_code']);
$payment_reference = htmlentities($row['payment_reference']); $payment_reference = nullable_htmlentities($row['payment_reference']);
if (empty($payment_reference)) { if (empty($payment_reference)) {
$payment_reference_display = "-"; $payment_reference_display = "-";
} else { } else {
$payment_reference_display = $payment_reference; $payment_reference_display = $payment_reference;
} }
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
?> ?>

4
product_add_modal.php
View File

@@ -33,7 +33,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option> <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@@ -74,7 +74,7 @@
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_archived_at IS NULL ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_archived_at IS NULL ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']); $tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

4
product_edit_modal.php
View File

@@ -33,7 +33,7 @@
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$product_created_at' OR category_archived_at IS NULL)"); $sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$product_created_at' OR category_archived_at IS NULL)");
while ($row = mysqli_fetch_array($sql_select)) { while ($row = mysqli_fetch_array($sql_select)) {
$category_id_select = intval($row['category_id']); $category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option> <option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php <?php
@@ -73,7 +73,7 @@
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$product_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$product_created_at' OR tax_archived_at IS NULL) ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id_select = intval($row['tax_id']); $tax_id_select = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option <?php if ($tax_id_select == $product_tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option <?php if ($tax_id_select == $product_tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

12
products.php
View File

@@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Products"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Products">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -58,18 +58,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$product_id = intval($row['product_id']); $product_id = intval($row['product_id']);
$product_name = htmlentities($row['product_name']); $product_name = nullable_htmlentities($row['product_name']);
$product_description = htmlentities($row['product_description']); $product_description = nullable_htmlentities($row['product_description']);
if (empty($product_description)) { if (empty($product_description)) {
$product_description_display = "-"; $product_description_display = "-";
} else { } else {
$product_description_display = "<div style='white-space:pre-line'>$product_description</div>"; $product_description_display = "<div style='white-space:pre-line'>$product_description</div>";
} }
$product_price = floatval($row['product_price']); $product_price = floatval($row['product_price']);
$product_currency_code = htmlentities($row['product_currency_code']); $product_currency_code = nullable_htmlentities($row['product_currency_code']);
$product_created_at = htmlentities($row['product_created_at']); $product_created_at = nullable_htmlentities($row['product_created_at']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
$product_tax_id = intval($row['product_tax_id']); $product_tax_id = intval($row['product_tax_id']);
?> ?>

68
quote.php
View File

@@ -22,29 +22,29 @@ if (isset($_GET['quote_id'])) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$quote_id = intval($row['quote_id']); $quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']); $quote_number = intval($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']); $quote_scope = nullable_htmlentities($row['quote_scope']);
$quote_status = htmlentities($row['quote_status']); $quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']); $quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']); $quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']); $quote_note = nullable_htmlentities($row['quote_note']);
$quote_url_key = htmlentities($row['quote_url_key']); $quote_url_key = nullable_htmlentities($row['quote_url_key']);
$quote_created_at = htmlentities($row['quote_created_at']); $quote_created_at = nullable_htmlentities($row['quote_created_at']);
$category_id = intval($row['quote_category_id']); $category_id = intval($row['quote_category_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
@@ -54,16 +54,16 @@ if (isset($_GET['quote_id'])) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_id = intval($row['company_id']); $company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']); $company_name = nullable_htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']); $company_country = nullable_htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']); $company_address = nullable_htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = nullable_htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = nullable_htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = nullable_htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = nullable_htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = nullable_htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = nullable_htmlentities($row['company_logo']);
if (!empty($company_logo)) { if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_logo"));
} }
@@ -260,13 +260,13 @@ if (isset($_GET['quote_id'])) {
while ($row = mysqli_fetch_array($sql_items)) { while ($row = mysqli_fetch_array($sql_items)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']); $item_description = nullable_htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_price = floatval($row['item_price']); $item_price = floatval($row['item_price']);
$item_tax = floatval($row['item_tax']); $item_tax = floatval($row['item_tax']);
$item_total = floatval($row['item_total']); $item_total = floatval($row['item_total']);
$item_created_at = htmlentities($row['item_created_at']); $item_created_at = nullable_htmlentities($row['item_created_at']);
$tax_id = intval($row['item_tax_id']); $tax_id = intval($row['item_tax_id']);
$total_tax = $item_tax + $total_tax; $total_tax = $item_tax + $total_tax;
$sub_total = $item_price * $item_quantity + $sub_total; $sub_total = $item_price * $item_quantity + $sub_total;
@@ -326,7 +326,7 @@ if (isset($_GET['quote_id'])) {
$taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']); $tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -391,7 +391,7 @@ if (isset($_GET['quote_id'])) {
<hr class="d-none d-print-block mt-5"> <hr class="d-none d-print-block mt-5">
<div class="d-none d-print-block text-center"><?php echo nl2br(htmlentities($config_quote_footer)); ?></div> <div class="d-none d-print-block text-center"><?php echo nl2br(nullable_htmlentities($config_quote_footer)); ?></div>
</div> </div>
</div> </div>
@@ -422,9 +422,9 @@ if (isset($_GET['quote_id'])) {
<?php <?php
while ($row = mysqli_fetch_array($sql_history)) { while ($row = mysqli_fetch_array($sql_history)) {
$history_created_at = htmlentities($row['history_created_at']); $history_created_at = nullable_htmlentities($row['history_created_at']);
$history_status = htmlentities($row['history_status']); $history_status = nullable_htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']); $history_description = nullable_htmlentities($row['history_description']);
?> ?>
<tr> <tr>

4
quote_add_modal.php
View File

@@ -38,7 +38,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option> <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
<?php } ?> <?php } ?>
@@ -62,7 +62,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option> <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

24
quotes.php
View File

@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Quotes">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -64,13 +64,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date From</label> <label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date To</label> <label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -96,24 +96,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$quote_id = intval($row['quote_id']); $quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']); $quote_number = intval($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']); $quote_scope = nullable_htmlentities($row['quote_scope']);
if (empty($quote_scope)) { if (empty($quote_scope)) {
$quote_scope_display = "-"; $quote_scope_display = "-";
} else { } else {
$quote_scope_display = $quote_scope; $quote_scope_display = $quote_scope;
} }
$quote_status = htmlentities($row['quote_status']); $quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']); $quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']); $quote_currency_code = nullable_htmlentities($row['quote_currency_code']);
$quote_created_at = htmlentities($row['quote_created_at']); $quote_created_at = nullable_htmlentities($row['quote_created_at']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;

66
recurring_invoice.php
View File

@@ -15,33 +15,33 @@ if (isset($_GET['recurring_id'])) {
); );
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$recurring_prefix = htmlentities($row['recurring_prefix']); $recurring_prefix = nullable_htmlentities($row['recurring_prefix']);
$recurring_number = intval($row['recurring_number']); $recurring_number = intval($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']); $recurring_scope = nullable_htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']); $recurring_frequency = nullable_htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']); $recurring_status = nullable_htmlentities($row['recurring_status']);
$recurring_created_at = date('Y-m-d', strtotime($row['recurring_created_at'])); $recurring_created_at = date('Y-m-d', strtotime($row['recurring_created_at']));
$recurring_last_sent = htmlentities($row['recurring_last_sent']); $recurring_last_sent = nullable_htmlentities($row['recurring_last_sent']);
if ($recurring_last_sent == 0) { if ($recurring_last_sent == 0) {
$recurring_last_sent = '-'; $recurring_last_sent = '-';
} }
$recurring_next_date = htmlentities($row['recurring_next_date']); $recurring_next_date = nullable_htmlentities($row['recurring_next_date']);
$recurring_amount = floatval($row['recurring_amount']); $recurring_amount = floatval($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']); $recurring_currency_code = nullable_htmlentities($row['recurring_currency_code']);
$recurring_note = htmlentities($row['recurring_note']); $recurring_note = nullable_htmlentities($row['recurring_note']);
$category_id = intval($row['recurring_category_id']); $category_id = intval($row['recurring_category_id']);
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
if ($recurring_status == 1) { if ($recurring_status == 1) {
@@ -56,16 +56,16 @@ if (isset($_GET['recurring_id'])) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_id = intval($row['company_id']); $company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']); $company_name = nullable_htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']); $company_country = nullable_htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']); $company_address = nullable_htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = nullable_htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = nullable_htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = nullable_htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = nullable_htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']); $company_website = nullable_htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']); $company_logo = nullable_htmlentities($row['company_logo']);
$sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_recurring_id = $recurring_id ORDER BY history_id DESC"); $sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_recurring_id = $recurring_id ORDER BY history_id DESC");
@@ -205,13 +205,13 @@ if (isset($_GET['recurring_id'])) {
while ($row = mysqli_fetch_array($sql_items)) { while ($row = mysqli_fetch_array($sql_items)) {
$item_id = intval($row['item_id']); $item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']); $item_name = nullable_htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']); $item_description = nullable_htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']); $item_quantity = floatval($row['item_quantity']);
$item_price = floatval($row['item_price']); $item_price = floatval($row['item_price']);
$item_tax = floatval($row['item_tax']); $item_tax = floatval($row['item_tax']);
$item_total = floatval($row['item_total']); $item_total = floatval($row['item_total']);
$item_created_at = htmlentities($row['item_created_at']); $item_created_at = nullable_htmlentities($row['item_created_at']);
$tax_id = intval($row['item_tax_id']); $tax_id = intval($row['item_tax_id']);
$total_tax = $item_tax + $total_tax; $total_tax = $item_tax + $total_tax;
$sub_total = $item_price * $item_quantity + $sub_total; $sub_total = $item_price * $item_quantity + $sub_total;
@@ -263,7 +263,7 @@ if (isset($_GET['recurring_id'])) {
$taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC"); $taxes_sql = mysqli_query($mysqli, "SELECT tax_id, tax_name, tax_percent FROM taxes ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) { while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = intval($row['tax_id']); $tax_id = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']); $tax_name = nullable_htmlentities($row['tax_name']);
$tax_percent = floatval($row['tax_percent']); $tax_percent = floatval($row['tax_percent']);
?> ?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option> <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -353,9 +353,9 @@ if (isset($_GET['recurring_id'])) {
<?php <?php
while ($row = mysqli_fetch_array($sql_history)) { while ($row = mysqli_fetch_array($sql_history)) {
$history_created_at = htmlentities($row['history_created_at']); $history_created_at = nullable_htmlentities($row['history_created_at']);
$history_status = htmlentities($row['history_status']); $history_status = nullable_htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']); $history_description = nullable_htmlentities($row['history_description']);
?> ?>
<tr> <tr>

4
recurring_invoice_add_modal.php
View File

@@ -38,7 +38,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
?> ?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option> <option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@@ -89,7 +89,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = intval($row['category_id']); $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = nullable_htmlentities($row['category_name']);
?> ?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option> <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

2
recurring_invoice_edit_modal.php
View File

@@ -60,7 +60,7 @@
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$recurring_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC"); $sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$recurring_created_at' OR category_archived_at IS NULL) ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_income_category)) { while ($row = mysqli_fetch_array($sql_income_category)) {
$category_id_select= intval($row['category_id']); $category_id_select= intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']); $category_name_select = nullable_htmlentities($row['category_name']);
?> ?>
<option <?php if ($category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option> <option <?php if ($category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>

Some files were not shown because too many files have changed in this diff Show More