AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use htmlpurify to show client shared document, Clean up some formatting in guest item view, fixed Invoice and Quote not logging the client who view them this was a regression from the company removal

Browse Source
This commit is contained in:
johnnyq
2023-03-13 15:45:12 -04:00
parent 9d053dcc91
commit 76f02c46a8
4 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
guest_view_invoice.php
View File

@@ -42,6 +42,7 @@ $invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = intval($row['invoice_category_id']);
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$client_name_escaped = sanitizeInput($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
@@ -93,7 +94,7 @@ if ($invoice_status == 'Sent') {
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id");
if ($invoice_status !== 'Paid') {
$client_name_escaped = sanitizeInput($row['client_name']);
//$client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id");
}
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");