Removed dynamic depth path_prefix due to potential security issues with it

includes/footer.php

@@ -1,5 +1,5 @@
 <?php
-require_once $path_prefix . "includes/inc_confirm_modal.php";
+require_once "../includes/inc_confirm_modal.php";
 ?>
 
 <?php
@@ -19,27 +19,27 @@ if (basename(dirname($_SERVER['REQUEST_URI'])) === 'admin') { ?>
 <!-- REQUIRED SCRIPTS -->
 
 <!-- Bootstrap 4 -->
-<script src="<?= $path_prefix ?>plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
+<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
 
 <!-- Custom js-->
-<script src="<?= $path_prefix ?>plugins/moment/moment.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/chart.js/Chart.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/daterangepicker/daterangepicker.js"></script>
-<script src="<?= $path_prefix ?>plugins/select2/js/select2.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/inputmask/jquery.inputmask.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
-<script src="<?= $path_prefix ?>plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/clipboardjs/clipboard.min.js"></script>
-<script src="<?= $path_prefix ?>js/keepalive.js"></script>
-<script src="<?= $path_prefix ?>plugins/DataTables/datatables.min.js"></script>
-<script src="<?= $path_prefix ?>plugins/intl-tel-input/js/intlTelInput.min.js"></script>
+<script src="../plugins/moment/moment.min.js"></script>
+<script src="../plugins/chart.js/Chart.min.js"></script>
+<script src="../plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
+<script src="../plugins/daterangepicker/daterangepicker.js"></script>
+<script src="../plugins/select2/js/select2.min.js"></script>
+<script src="../plugins/inputmask/jquery.inputmask.min.js"></script>
+<script src="../plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
+<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
+<script src="../plugins/clipboardjs/clipboard.min.js"></script>
+<script src="../js/keepalive.js"></script>
+<script src="../plugins/DataTables/datatables.min.js"></script>
+<script src="../plugins/intl-tel-input/js/intlTelInput.min.js"></script>
 
 <!-- AdminLTE App -->
-<script src="<?= $path_prefix ?>plugins/adminlte/js/adminlte.min.js"></script>
-<script src="<?= $path_prefix ?>js/app.js"></script>
-<script src="<?= $path_prefix ?>js/ajax_modal.js"></script>
-<script src="<?= $path_prefix ?>js/confirm_modal.js"></script>
+<script src="../plugins/adminlte/js/adminlte.min.js"></script>
+<script src="../js/app.js"></script>
+<script src="../js/ajax_modal.js"></script>
+<script src="../js/confirm_modal.js"></script>
 
 </body>
 </html>

includes/header.php

@@ -19,27 +19,27 @@ header("X-Frame-Options: DENY");
     <title><?= $session_company_name; ?></title>
 
     <!-- Favicon -->
-    <?php if(file_exists($path_prefix . 'uploads/favicon.ico')): ?>
-        <link rel="icon" type="image/x-icon" href="<?= $path_prefix ?>uploads/favicon.ico">
+    <?php if(file_exists('../uploads/favicon.ico')): ?>
+        <link rel="icon" type="image/x-icon" href="../uploads/favicon.ico">
     <?php endif; ?>
 
     <!-- Font Awesome -->
-    <link rel="stylesheet" href="<?= $path_prefix ?>plugins/fontawesome-free/css/all.min.css">
+    <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
 
     <!-- Custom Styles -->
-    <link href="<?= $path_prefix ?>plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
-    <link href="<?= $path_prefix ?>plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
-    <link href="<?= $path_prefix ?>plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
-    <link href="<?= $path_prefix ?>plugins/daterangepicker/daterangepicker.css" rel="stylesheet">
-    <link href="<?= $path_prefix ?>plugins/toastr/toastr.min.css" rel="stylesheet">
-    <link href="<?= $path_prefix ?>plugins/DataTables/datatables.min.css" rel="stylesheet">
-    <link href="<?= $path_prefix ?>plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
-    <link href="<?= $path_prefix ?>css/itflow_custom.css" rel="stylesheet">
-    <link rel="stylesheet" href="<?= $path_prefix ?>plugins/adminlte/css/adminlte.min.css">
+    <link href="../plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
+    <link href="../plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
+    <link href="../plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
+    <link href="../plugins/daterangepicker/daterangepicker.css" rel="stylesheet">
+    <link href="../plugins/toastr/toastr.min.css" rel="stylesheet">
+    <link href="../plugins/DataTables/datatables.min.css" rel="stylesheet">
+    <link href="../plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
+    <link href="../css/itflow_custom.css" rel="stylesheet">
+    <link rel="stylesheet" href="../plugins/adminlte/css/adminlte.min.css">
 
     <!-- Scripts -->
-    <script src="<?= $path_prefix ?>plugins/jquery/jquery.min.js"></script>
-    <script src="<?= $path_prefix ?>plugins/toastr/toastr.min.js"></script>
+    <script src="../plugins/jquery/jquery.min.js"></script>
+    <script src="../plugins/toastr/toastr.min.js"></script>
 </head>
 <body class="
     hold-transition sidebar-mini layout-fixed layout-navbar-fixed