From 8ea674d35efe70cb8d78a50670ba4a7484120cfc Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 12:45:13 +0000 Subject: [PATCH 01/37] Remove unused assets.php file --- assets.php | 160 ----------------------------------------------------- 1 file changed, 160 deletions(-) delete mode 100644 assets.php diff --git a/assets.php b/assets.php deleted file mode 100644 index 772673ee..00000000 --- a/assets.php +++ /dev/null @@ -1,160 +0,0 @@ - $sb, 'o' => $o))); - -$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM assets LEFT JOIN clients ON asset_client_id = client_id - WHERE (asset_name LIKE '%$q%' OR asset_type LIKE '%$q%' OR asset_make LIKE '%$q%' OR asset_model LIKE '%$q%' OR asset_serial LIKE '%$q%' OR asset_os LIKE '%$q%' - OR asset_ip LIKE '%$q%' OR asset_mac LIKE '%$q%' OR client_name LIKE '%$q%') - AND DATE(asset_created_at) BETWEEN '$dtf' AND '$dtt' - AND assets.company_id = $session_company_id - ORDER BY $sb $o LIMIT $record_from, $record_to" -); - -$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); - -?> - -
-
-

Client Assets

-
-
-
- -
-
-
-
-
- -
- - -
-
-
-
-
" id="advancedFilter"> -
-
-
- - -
-
-
-
- - -
-
-
-
-
-
-
- - "> - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeMakeModelSerialClient
-
- -
-
- - - - Date: Mon, 2 Jan 2023 12:50:42 +0000 Subject: [PATCH 02/37] Remove test/old client print and client header pages --- client_print.php | 769 ----------------------------------------- test_client_header.php | 293 ---------------- 2 files changed, 1062 deletions(-) delete mode 100644 client_print.php delete mode 100644 test_client_header.php diff --git a/client_print.php b/client_print.php deleted file mode 100644 index e55bf2db..00000000 --- a/client_print.php +++ /dev/null @@ -1,769 +0,0 @@ - - - - - -
    -
  1. - Clients -
    2. -
  2. - -
    3. -
  3. Print
    4. -
- - - -
-
- - - - - - - - - - - - - -
DocumentIT DocumentationDate
Prepared ByConfidential
-
-
-
-
-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Address - -
- -
Primary Contact
Phone
Mobile
Email
Website
Net Terms Day
-
-
-
-
- Table of Contents -
-
- -
-
-
-
- - - 0){ ?> - -
-

Contacts ()

- - - - - - - - - - - - 2){ - $contact_phone = substr($row['contact_phone'],0,3)."-".substr($row['contact_phone'],3,3)."-".substr($row['contact_phone'],6,4); - } - $contact_extension = $row['contact_extension']; - if(!empty($contact_extension)){ - $contact_extension = "x$contact_extension"; - } - $contact_mobile = $row['contact_mobile']; - if(strlen($contact_mobile)>2){ - $contact_mobile = substr($row['contact_mobile'],0,3)."-".substr($row['contact_mobile'],3,3)."-".substr($row['contact_mobile'],6,4); - } - $contact_email = $row['contact_email']; - - ?> - - - - - - - - - - - -
NameTitleEmailPhoneMobile
-
- - - 0){ ?> -

Locations ()

- - - - - - - - - - 2){ - $location_phone = substr($row['location_phone'],0,3)."-".substr($row['location_phone'],3,3)."-".substr($row['location_phone'],6,4); - } - - ?> - - - - - - - - - -
LocationAddressPhone
$location_city $location_state $location_zip"; ?>
- - - - 0){ ?> -

Assets ()

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeNameMakeModelSerialOSIPMACPurchase DateWarranty Expire
- - - - 0){ ?> -

Vendors ()

- - - - - - - - - - - - - - 2){ - $vendor_phone = substr($row['vendor_phone'],0,3)."-".substr($row['vendor_phone'],3,3)."-".substr($row['vendor_phone'],6,4); - } - $vendor_email = $row['vendor_email']; - $vendor_website = $row['vendor_website']; - - ?> - - - - - - - - - - - - - -
VendorDescriptionContact NamePhoneEmailWebsiteAccount Number
- - - - 0){ ?> -

Logins ()

- - - - - - - - - - - - - - - - - - - - - - -
NameURL/HostUsernamePassword
- - - - 0){ ?> -

Networks ()

- - - - - - - - - - - - - - - - - - - - - - - -
NamevLANNetworkGatewayDHCP Range
- - - - 0){ ?> -

Domains ()

- - - - - - - - - - - - - - - - - - - - - - - -
DomainRegistrarWebhostExpire
- - - - 0){ ?> -

Software ()

- - - - - - - - - - - - - - - - - - - -
SoftwareTypeLicense
- - - - 0){ ?> -

Invoices ()

- - - - - - - - - - - - - - - - - - - - - - - - -
NumberAmountDateDueStatus
$
- - - - 0){ ?> -

Payments ()

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Date ReceivedDate DueInvoiceInvoice AmountAmount PayedInvoice BalancePayment MethodCheck #
$$$
- - - - 0){ ?> -

Quotes ()

- - - - - - - - - - - - - - - - - - - - - - -
NumberAmountDateStatus
$
- - - - 0){ ?> -

Recurring Invoices ()

- - - - - - - - - - - - - - - - - - - - - - - - -
FrequencyCreatedLast SentNext DateStatus
ly
- - - - 0){ ?> -

Documents ()

-
- - -
-
-

- - - - - - - - - - - - - - - -

Nothing to see here

"; - }else{ - - $row = mysqli_fetch_array($sql); - $client_name = $row['client_name']; - $client_type = $row['client_type']; - $client_website = $row['client_website']; - $client_referral = $row['client_referral']; - $client_currency_code = $row['client_currency_code']; - $client_net_terms = $row['client_net_terms']; - if($client_net_terms == 0){ - $client_net_terms = $config_default_net_terms; - } - $client_notes = $row['client_notes']; - $client_created_at = $row['client_created_at']; - $primary_contact = $row['primary_contact']; - $primary_location = $row['primary_location']; - $contact_id = $row['contact_id']; - $contact_name = $row['contact_name']; - $contact_title = $row['contact_title']; - $contact_email = $row['contact_email']; - $contact_phone = $row['contact_phone']; - $contact_extension = $row['contact_extension']; - $contact_mobile = $row['contact_mobile']; - $location_id = $row['location_id']; - $location_name = $row['location_name']; - $location_address = $row['location_address']; - $location_city = $row['location_city']; - $location_state = $row['location_state']; - $location_zip = $row['location_zip']; - $location_country = $row['location_country']; - $location_phone = $row['location_phone']; - - //Client Tags - - $client_tag_name_display_array = array(); - $client_tag_id_array = array(); - $sql_client_tags = mysqli_query($mysqli,"SELECT * FROM client_tags LEFT JOIN tags ON client_tags.tag_id = tags.tag_id WHERE client_tags.client_id = $client_id"); - while($row = mysqli_fetch_array($sql_client_tags)){ - - $client_tag_id = $row['tag_id']; - $client_tag_name = $row['tag_name']; - $client_tag_color = $row['tag_color']; - $client_tag_icon = $row['tag_icon']; - if(empty($client_tag_icon)){ - $client_tag_icon = "tag"; - } - - $client_tag_id_array[] = $client_tag_id; - $client_tag_name_display_array[] = "$client_tag_name "; - } - $client_tags_display = " " . implode('', $client_tag_name_display_array); - - //Add up all the payments for the invoice and get the total amount paid to the invoice - $sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'"); - $row = mysqli_fetch_array($sql_invoice_amounts); - - $invoice_amounts = $row['invoice_amounts']; - - $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id"); - $row = mysqli_fetch_array($sql_amount_paid); - - $amount_paid = $row['amount_paid']; - - $balance = $invoice_amounts - $amount_paid; - - //Badge Counts - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id")); - $num_contacts = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('location_id') AS num FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id")); - $num_locations = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('asset_id') AS num FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id")); - $num_assets = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('ticket_id') AS num FROM tickets WHERE ticket_archived_at IS NULL AND ticket_status != 'Closed' AND ticket_client_id = $client_id")); - $num_active_tickets = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('service_id') AS num FROM services WHERE service_client_id = $client_id")); - $num_services = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id")); - $num_vendors = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins WHERE login_archived_at IS NULL AND login_client_id = $client_id")); - $num_logins = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id")); - $num_networks = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('domain_id') AS num FROM domains WHERE domain_archived_at IS NULL AND domain_client_id = $client_id")); - $num_domains = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('certificate_id') AS num FROM certificates WHERE certificate_archived_at IS NULL AND certificate_client_id = $client_id")); - $num_certificates = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('software_id') AS num FROM software WHERE software_archived_at IS NULL AND software_client_id = $client_id")); - $num_software = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_archived_at IS NULL AND invoice_client_id = $client_id")); - $num_invoices = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('quote_id') AS num FROM quotes WHERE quote_archived_at IS NULL AND quote_client_id = $client_id")); - $num_quotes = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('recurring_id') AS num FROM recurring WHERE recurring_archived_at IS NULL AND recurring_client_id = $client_id")); - $num_recurring = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('payment_id') AS num FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id")); - $num_payments = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('file_id') AS num FROM files WHERE file_archived_at IS NULL AND file_client_id = $client_id")); - $num_files = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_archived_at IS NULL AND document_client_id = $client_id")); - $num_documents = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('event_id') AS num FROM events WHERE event_client_id = $client_id")); - $num_events = $row['num']; - - $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('trip_id') AS num FROM trips WHERE trip_archived_at IS NULL AND trip_client_id = $client_id")); - $num_trips = $row['num']; - -?> - - - - - -
-
-
-
-

- - " target="_blank"> -
-
- - - - -
- - - -
- - - - -
-
-

Contact

- - -
- - - -
- - - - - x - -
- - - - -
- -
-

Billing

-
Paid
-
Balance
float-right">
-
Net Terms
Days
-
- - -
-

Support

-
Open Tickets
-
- -
- -
- -
- Print - Export PDF
(without passwords) - Export PDF
(with passwords) -
- Edit -
- Archive -
- Delete -
-
- -
-
-
-
- - \ No newline at end of file From f5a2b1df68f07a3d2715ae801f3e0ba4ba269a4b Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 12:56:51 +0000 Subject: [PATCH 03/37] Rename & disable unused stripe test page --- client.js => test_stripe_client.js | 0 guest_checkout.php => test_stripe_guest_checkout.php | 7 +++++-- 2 files changed, 5 insertions(+), 2 deletions(-) rename client.js => test_stripe_client.js (100%) rename guest_checkout.php => test_stripe_guest_checkout.php (93%) diff --git a/client.js b/test_stripe_client.js similarity index 100% rename from client.js rename to test_stripe_client.js diff --git a/guest_checkout.php b/test_stripe_guest_checkout.php similarity index 93% rename from guest_checkout.php rename to test_stripe_guest_checkout.php index 1e7deaab..0c7709ba 100644 --- a/guest_checkout.php +++ b/test_stripe_guest_checkout.php @@ -1,4 +1,7 @@ - - + From 3bf4d7a1f1a94c232b481911341d9477f79e3b53 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 13:03:41 +0000 Subject: [PATCH 04/37] Remove test file --- client_test.php | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 client_test.php diff --git a/client_test.php b/client_test.php deleted file mode 100644 index 17719195..00000000 --- a/client_test.php +++ /dev/null @@ -1,9 +0,0 @@ - - - - - \ No newline at end of file From 79dc34da9202ff6ffea24439debb10459d140949 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 13:48:16 +0000 Subject: [PATCH 05/37] Escape potential HTML characters in usernames (ticket collision detection) --- ajax.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ajax.php b/ajax.php index 52c5d5c6..8f54e5eb 100644 --- a/ajax.php +++ b/ajax.php @@ -190,10 +190,10 @@ if (isset($_GET['ticket_query_views'])) { $users = array_unique($users); if (count($users) > 1) { // Multiple viewers - $response['message'] = implode(", ", $users) . " are viewing this ticket."; + $response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket."); } else { // Single viewer - $response['message'] = implode("", $users) . " is viewing this ticket."; + $response['message'] = htmlentities(implode("", $users) . " is viewing this ticket."); } } else { // No viewers From b37778b7a17d93d1c9e9708a9d8a6253951c77f2 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:00:37 +0000 Subject: [PATCH 06/37] Escape potential HTML and limit output from SQL query to required fields when calling merge ticket details ajax query --- ajax.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ajax.php b/ajax.php index 8f54e5eb..9ccc27d0 100644 --- a/ajax.php +++ b/ajax.php @@ -110,7 +110,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) { $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']); - $sql = mysqli_query($mysqli, "SELECT * FROM tickets + $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'"); @@ -120,7 +120,8 @@ if (isset($_GET['merge_ticket_get_json_details'])) { } else { //Return ticket, client and contact details for the given ticket number $response = mysqli_fetch_array($sql); - echo json_encode($response); + $response = array_map('htmlentities', $response); + echo json_encode( $response); } } From 2454961389100d47d314e23a23b7105e9288edff Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:14:30 +0000 Subject: [PATCH 07/37] Escape special characters in a shared doc/file/login name to prevent potentially breaking the ajax sharing log query --- ajax.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ajax.php b/ajax.php index 9ccc27d0..39a88a6b 100644 --- a/ajax.php +++ b/ajax.php @@ -222,19 +222,19 @@ if (isset($_GET['share_generate_link'])) { if ($item_type == "Document") { $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1")); - $item_name = $row['document_name']; + $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['document_name'])); } if ($item_type == "File") { $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1")); - $item_name = $row['file_name']; + $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['file_name'])); } if ($item_type == "Login") { $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1"); $row = mysqli_fetch_array($login); - $item_name = $row['login_name']; + $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name'])); // Decrypt & re-encrypt password for sharing $login_password_cleartext = decryptLoginEntry($row['login_password']); From 8687f56eb00909883e4fc7d31d62e72971a36898 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:31:29 +0000 Subject: [PATCH 08/37] Remove unrequired trim & strip tags - only needs sql escape --- api/v1/clients/read.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1/clients/read.php b/api/v1/clients/read.php index c77b82ea..af5577e5 100644 --- a/api/v1/clients/read.php +++ b/api/v1/clients/read.php @@ -11,7 +11,7 @@ if (isset($_GET['client_id'])) { // Specific client via name (single) elseif (isset($_GET['client_name'])) { - $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name']))); + $name = mysqli_real_escape_string($mysqli, $_GET['client_name']); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'"); } From 5a35f508c6037880bbb5cc34a3ac9df85853f2f3 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:32:17 +0000 Subject: [PATCH 09/37] Remove unrequired trim & strip tags - only needs sql escape --- api/v1/contacts/read.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1/contacts/read.php b/api/v1/contacts/read.php index c15b1493..19acda88 100644 --- a/api/v1/contacts/read.php +++ b/api/v1/contacts/read.php @@ -11,7 +11,7 @@ if (isset($_GET['contact_id'])) { // Specific contact via email (single) elseif (isset($_GET['contact_email'])) { - $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email']))); + $email = mysqli_real_escape_string($mysqli, $_GET['contact_email']); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'"); } From cf8713fc733d575e9617a5e0a39246c44f1d5a1a Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:34:59 +0000 Subject: [PATCH 10/37] Fix software read API query via key --- api/v1/software/read.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api/v1/software/read.php b/api/v1/software/read.php index ca26185d..0b09d9a0 100644 --- a/api/v1/software/read.php +++ b/api/v1/software/read.php @@ -9,10 +9,10 @@ if (isset($_GET['software_id'])) { $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'"); } -// Specific software via License ID -if (isset($_GET['software_license'])) { - $license = mysqli_real_escape_string($mysqli, $_GET['software_license']); - $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); +// Specific software via key +if (isset($_GET['software_key'])) { + $key = mysqli_real_escape_string($mysqli, $_GET['software_license']); + $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); } // Software by name From 1aa87ccaeb0d6bec0996e0519f861399b82e95df Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:37:56 +0000 Subject: [PATCH 11/37] API Key error wording --- api/v1/validate_api_key.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php index 5b85055e..fa3646a8 100644 --- a/api/v1/validate_api_key.php +++ b/api/v1/validate_api_key.php @@ -73,10 +73,10 @@ if (isset($api_key)) { if (mysqli_num_rows($sql) !== 1) { // Invalid Key header(WORDING_UNAUTHORIZED); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); $return_arr['success'] = "False"; - $return_arr['message'] = "API Key authentication failure or expired."; + $return_arr['message'] = "Authentication failed. API key is invalid or has expired."; header(WORDING_UNAUTHORIZED); echo json_encode($return_arr); From 447f20c91ce48201caabe68bece5db4d9161b979 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:38:52 +0000 Subject: [PATCH 12/37] Escape potential HTML characters in the API Key name, as this is used in logs --- api/v1/validate_api_key.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php index fa3646a8..fceeaa7c 100644 --- a/api/v1/validate_api_key.php +++ b/api/v1/validate_api_key.php @@ -88,7 +88,7 @@ if (isset($api_key)) { // Set client ID, company ID & key name $row = mysqli_fetch_array($sql); - $api_key_name = $row['api_key_name']; + $api_key_name = htmlentities($row['api_key_name']); $client_id = $row['api_key_client_id']; $company_id = $row['company_id']; From dcf0bb67d1f85703687f9661f9819a5fa30430ed Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:41:14 +0000 Subject: [PATCH 13/37] Escape potential HTML characters in client name --- api_key_add_modal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api_key_add_modal.php b/api_key_add_modal.php index 9253d568..4f6aa795 100644 --- a/api_key_add_modal.php +++ b/api_key_add_modal.php @@ -65,7 +65,7 @@ $key = bin2hex(random_bytes(78)); $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); while($row = mysqli_fetch_array($sql)){ $client_id = $row['client_id']; - $client_name = $row['client_name']; + $client_name = htmlentities($row['client_name']); ?> From 5460825ecea170e775cec6075988601d1058d6fc Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:44:46 +0000 Subject: [PATCH 14/37] Replace stripslashes with strip_tags --- accounts.php | 2 +- categories.php | 2 +- client_assets.php | 2 +- client_certificates.php | 2 +- client_contacts.php | 2 +- client_documents.php | 2 +- client_domains.php | 2 +- client_invoices.php | 2 +- client_locations.php | 2 +- client_logins.php | 2 +- client_logs.php | 2 +- client_networks.php | 2 +- client_payments.php | 2 +- client_quotes.php | 2 +- client_recurring_invoices.php | 2 +- client_scheduled_tickets.php | 2 +- client_services.php | 2 +- client_shared_items.php | 2 +- client_software.php | 2 +- client_tickets.php | 2 +- client_trips.php | 2 +- client_vendors.php | 2 +- companies.php | 2 +- expenses.php | 2 +- invoices.php | 2 +- logs.php | 2 +- notifications_dismissed.php | 2 +- payments.php | 2 +- products.php | 2 +- quotes.php | 2 +- recurring_invoices.php | 2 +- revenues.php | 2 +- scheduled_tickets.php | 2 +- settings_api.php | 2 +- settings_tags.php | 2 +- tickets.php | 2 +- transfers.php | 2 +- trips.php | 2 +- users.php | 2 +- vendors.php | 2 +- 40 files changed, 40 insertions(+), 40 deletions(-) diff --git a/accounts.php b/accounts.php index 61216bee..c0018c16 100644 --- a/accounts.php +++ b/accounts.php @@ -27,7 +27,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/categories.php b/categories.php index 95b56d04..26cfc448 100644 --- a/categories.php +++ b/categories.php @@ -53,7 +53,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
- +
diff --git a/client_assets.php b/client_assets.php index 9f919f4b..3891e1d8 100644 --- a/client_assets.php +++ b/client_assets.php @@ -86,7 +86,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- s"> + s">
diff --git a/client_certificates.php b/client_certificates.php index 4de3f655..79eb96be 100644 --- a/client_certificates.php +++ b/client_certificates.php @@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_contacts.php b/client_contacts.php index eeb82d08..73ce0327 100644 --- a/client_contacts.php +++ b/client_contacts.php @@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_documents.php b/client_documents.php index 244e58ad..dbb952bb 100644 --- a/client_documents.php +++ b/client_documents.php @@ -130,7 +130,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_domains.php b/client_domains.php index 10bb382f..14ace448 100644 --- a/client_domains.php +++ b/client_domains.php @@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_invoices.php b/client_invoices.php index 65e23cbd..69915877 100644 --- a/client_invoices.php +++ b/client_invoices.php @@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_locations.php b/client_locations.php index f063aa64..b849c196 100644 --- a/client_locations.php +++ b/client_locations.php @@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_logins.php b/client_logins.php index 43416cf0..f0ef1cca 100644 --- a/client_logins.php +++ b/client_logins.php @@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_logs.php b/client_logs.php index 8816067d..1b591255 100644 --- a/client_logs.php +++ b/client_logs.php @@ -40,7 +40,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_networks.php b/client_networks.php index eea103c9..fbf785f3 100644 --- a/client_networks.php +++ b/client_networks.php @@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_payments.php b/client_payments.php index 32ce2214..a95d6a97 100644 --- a/client_payments.php +++ b/client_payments.php @@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_quotes.php b/client_quotes.php index 53f367b5..0b76369d 100644 --- a/client_quotes.php +++ b/client_quotes.php @@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_recurring_invoices.php b/client_recurring_invoices.php index 523d8c11..41932b22 100644 --- a/client_recurring_invoices.php +++ b/client_recurring_invoices.php @@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php index bb2392b4..b0c192be 100644 --- a/client_scheduled_tickets.php +++ b/client_scheduled_tickets.php @@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_services.php b/client_services.php index 774ee229..679d6dde 100644 --- a/client_services.php +++ b/client_services.php @@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_shared_items.php b/client_shared_items.php index b99df38e..c5fc9d6e 100644 --- a/client_shared_items.php +++ b/client_shared_items.php @@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_software.php b/client_software.php index 71c21061..9fa941b3 100644 --- a/client_software.php +++ b/client_software.php @@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_tickets.php b/client_tickets.php index d83a96c1..77996b3e 100644 --- a/client_tickets.php +++ b/client_tickets.php @@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_trips.php b/client_trips.php index 48d52e06..deaf15f3 100644 --- a/client_trips.php +++ b/client_trips.php @@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_vendors.php b/client_vendors.php index c01cf6a7..dd2c78d4 100644 --- a/client_vendors.php +++ b/client_vendors.php @@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/companies.php b/companies.php index f6bb7d5e..ca3964ca 100644 --- a/companies.php +++ b/companies.php @@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/expenses.php b/expenses.php index 196ec06a..b2358396 100644 --- a/expenses.php +++ b/expenses.php @@ -83,7 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/invoices.php b/invoices.php index 99dfc925..c909687d 100644 --- a/invoices.php +++ b/invoices.php @@ -205,7 +205,7 @@
- +
diff --git a/logs.php b/logs.php index c0195480..d122509b 100644 --- a/logs.php +++ b/logs.php @@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/notifications_dismissed.php b/notifications_dismissed.php index e7ac7974..2537bd68 100644 --- a/notifications_dismissed.php +++ b/notifications_dismissed.php @@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/payments.php b/payments.php index 0d529e1c..0595198d 100644 --- a/payments.php +++ b/payments.php @@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/products.php b/products.php index b933c8b1..463919fa 100644 --- a/products.php +++ b/products.php @@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/quotes.php b/quotes.php index e3b4bd99..317beedd 100644 --- a/quotes.php +++ b/quotes.php @@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/recurring_invoices.php b/recurring_invoices.php index 83249d98..46ac3695 100644 --- a/recurring_invoices.php +++ b/recurring_invoices.php @@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/revenues.php b/revenues.php index 4bb36508..496cdad3 100644 --- a/revenues.php +++ b/revenues.php @@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/scheduled_tickets.php b/scheduled_tickets.php index aad30880..7340a650 100644 --- a/scheduled_tickets.php +++ b/scheduled_tickets.php @@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/settings_api.php b/settings_api.php index a5a6557d..4ea26769 100644 --- a/settings_api.php +++ b/settings_api.php @@ -29,7 +29,7 @@
- +
diff --git a/settings_tags.php b/settings_tags.php index 5634f28b..e86685b3 100644 --- a/settings_tags.php +++ b/settings_tags.php @@ -51,7 +51,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
- +
diff --git a/tickets.php b/tickets.php index d7cdb78d..d04b1ef5 100644 --- a/tickets.php +++ b/tickets.php @@ -176,7 +176,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
diff --git a/trips.php b/trips.php index 36175ec4..7354583d 100644 --- a/trips.php +++ b/trips.php @@ -84,7 +84,7 @@
- +
diff --git a/users.php b/users.php index bc4b92d0..5269ca8b 100644 --- a/users.php +++ b/users.php @@ -37,7 +37,7 @@
- +
diff --git a/vendors.php b/vendors.php index a39d6ed8..502320a5 100644 --- a/vendors.php +++ b/vendors.php @@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
From 72fd102e57a1c9478ee43d650d417fc4f4c4f087 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:54:49 +0000 Subject: [PATCH 15/37] SQL Escape tech username. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user --- check_login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_login.php b/check_login.php index 1597527b..e24efb6a 100644 --- a/check_login.php +++ b/check_login.php @@ -32,7 +32,7 @@ $session_user_id = $_SESSION['user_id']; $sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $row = mysqli_fetch_array($sql); -$session_name = $row['user_name']; +$session_name = mysqli_real_escape_string($mysqli, $row['user_name']); $session_email = $row['user_email']; $session_avatar = $row['user_avatar']; $session_token = $row['user_token']; From b1bb854328680aebb2bdc1d4734f72b40901dccb Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:56:04 +0000 Subject: [PATCH 16/37] Escape potential HTML in ticket prefix --- client_contact_details_modal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client_contact_details_modal.php b/client_contact_details_modal.php index 58cf6ca6..749ac31b 100644 --- a/client_contact_details_modal.php +++ b/client_contact_details_modal.php @@ -105,7 +105,7 @@ while($row = mysqli_fetch_array($sql_related_tickets)){ $ticket_id = $row['ticket_id']; - $ticket_prefix = $row['ticket_prefix']; + $ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_number = $row['ticket_number']; $ticket_subject = htmlentities($row['ticket_subject']); From f150b3cb27a0ab364be7b1cfabff48e9a5801482 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 14:57:46 +0000 Subject: [PATCH 17/37] Tidy comment --- client_service_view_modal.php | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/client_service_view_modal.php b/client_service_view_modal.php index c6676728..aadc7b1a 100644 --- a/client_service_view_modal.php +++ b/client_service_view_modal.php @@ -41,7 +41,7 @@ } ?> - @@ -69,18 +69,16 @@ if(!empty($networks)){ ?>
Networks
    - $network[0] (VLAN $network[1])"; + $network = explode(":", $network); + echo "
  • $network[0] (VLAN $network[1])
    • "; } - // Not showing/haven't added explicitly linked networks - can't see a need for a network that doesn't have an asset on it? - // Can add at a later date if there is a use case for this ?>
- @@ -110,7 +108,7 @@ $location"; + echo "
  • $location
    • "; } ?> @@ -284,14 +282,14 @@ } ?> - - - - + + + +
    +
    -
    -
    \ No newline at end of file +
    \ No newline at end of file From d86285aafd42a4221e598facb2bc153962eb8ed1 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:03:56 +0000 Subject: [PATCH 18/37] SQL Escape domain/cert/client/ticket fields to prevent them potentially breaking SQL queries --- cron.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cron.php b/cron.php index 62065466..a5aba64f 100644 --- a/cron.php +++ b/cron.php @@ -58,10 +58,10 @@ while($row = mysqli_fetch_array($sql_companies)){ while($row = mysqli_fetch_array($sql)){ $domain_id = $row['domain_id']; - $domain_name = $row['domain_name']; + $domain_name = mysqli_real_escape_string($mysqli,$row['domain_name']); $domain_expire = $row['domain_expire']; $client_id = $row['client_id']; - $client_name = $row['client_name']; + $client_name = mysqli_real_escape_string($mysqli,$row['client_name']); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Domain', notification = 'Domain $domain_name for $client_name will expire in $day Days on $domain_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); @@ -75,7 +75,7 @@ while($row = mysqli_fetch_array($sql_companies)){ foreach($certificateAlertArray as $day){ - //Get Domains Expiring + //Get Certs Expiring $sql = mysqli_query($mysqli,"SELECT * FROM certificates LEFT JOIN clients ON certificate_client_id = client_id WHERE certificate_expire = CURDATE() + INTERVAL $day DAY @@ -84,11 +84,11 @@ while($row = mysqli_fetch_array($sql_companies)){ while($row = mysqli_fetch_array($sql)){ $certificate_id = $row['certificate_id']; - $certificate_name = $row['certificate_name']; - $certificate_domain = $row['certificate_domain']; + $certificate_name = mysqli_real_escape_string($mysqli,$row['certificate_name']); + $certificate_domain = $row['certificate_domain']); $certificate_expire = $row['certificate_expire']; $client_id = $row['client_id']; - $client_name = $row['client_name']; + $client_name = mysqli_real_escape_string($mysqli,$row['client_name']); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Certificate', notification = 'Certificate $certificate_name for $client_name will expire in $day Days on $certificate_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); @@ -111,10 +111,10 @@ while($row = mysqli_fetch_array($sql_companies)){ while($row = mysqli_fetch_array($sql)){ $asset_id = $row['asset_id']; - $asset_name = $row['asset_name']; + $asset_name = mysqli_real_escape_string($mysqli,$row['asset_name']); $asset_warranty_expire = $row['asset_warranty_expire']; $client_id = $row['client_id']; - $client_name = $row['client_name']; + $client_name = mysqli_real_escape_string($mysqli,$row['client_name']); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Asset', notification = 'Asset $asset_name warranty for $client_name will expire in $day Days on $asset_warranty_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); @@ -134,8 +134,8 @@ while($row = mysqli_fetch_array($sql_companies)){ if(mysqli_num_rows($sql_scheduled_tickets) > 0){ while($row = mysqli_fetch_array($sql_scheduled_tickets)){ $schedule_id = $row['scheduled_ticket_id']; - $subject = $row['scheduled_ticket_subject']; - $details = $row['scheduled_ticket_details']; + $subject = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_subject']); + $details = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_details']); $priority = $row['scheduled_ticket_priority']; $frequency = strtolower($row['scheduled_ticket_frequency']); $created_id = $row['scheduled_ticket_created_by']; From fcdeee63214182c53d173a143489c0fc5bcb89bc Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:06:51 +0000 Subject: [PATCH 19/37] SQL Escape client name field to prevent potentially breaking SQL queries --- cron.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron.php b/cron.php index a5aba64f..a83ec512 100644 --- a/cron.php +++ b/cron.php @@ -225,7 +225,7 @@ while($row = mysqli_fetch_array($sql_companies)){ $invoice_amount = $row['invoice_amount']; $invoice_currency_code = $row['invoice_currency_code']; $client_id = $row['client_id']; - $client_name = $row['client_name']; + $client_name = mysqli_real_escape_string($mysqli,$row['client_name']); $contact_name = $row['contact_name']; $contact_email = $row['contact_email']; From 67b306795bcdbc56cde4b9bcb4a081f782f8e3ca Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:17:58 +0000 Subject: [PATCH 20/37] Sanitize portal session vars against sql/html code --- portal/check_login.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/portal/check_login.php b/portal/check_login.php index e0a6cfe1..bcb5a523 100644 --- a/portal/check_login.php +++ b/portal/check_login.php @@ -36,10 +36,10 @@ $session_company_id = $_SESSION['company_id']; $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'"); $contact = mysqli_fetch_array($contact_sql); -$session_contact_name = $contact['contact_name']; +$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_name'])); $session_contact_initials = initials($session_contact_name); -$session_contact_title = $contact['contact_title']; -$session_contact_email = $contact['contact_email']; +$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_title'])); +$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_email'])); $session_contact_photo = $contact['contact_photo']; // Get client info From e32439cc4c35d88f4ff4c910fae4ec4ff23202fb Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:24:30 +0000 Subject: [PATCH 21/37] Escape potential HTML from ticket fields --- portal/index.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/portal/index.php b/portal/index.php index 50f5858c..9f20d98e 100644 --- a/portal/index.php +++ b/portal/index.php @@ -86,11 +86,17 @@ $total_tickets = $row['total_tickets']; "; - echo " $ticket[ticket_prefix]$ticket[ticket_number]"; - echo " $ticket[ticket_subject]"; - echo "$ticket[ticket_status]"; + echo " $ticket_prefix$ticket_number"; + echo " $ticket_subject"; + echo "$ticket_status"; echo ""; } ?> From 3ea7406c2e5878bde17feb923ab4dce299814210 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:27:29 +0000 Subject: [PATCH 22/37] Better name azure client id variable as to not be confusing with itflow client ids --- portal/login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/portal/login.php b/portal/login.php index bf25864b..b3ef5f66 100644 --- a/portal/login.php +++ b/portal/login.php @@ -24,7 +24,7 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_ $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'"); $settings = mysqli_fetch_array($sql_settings); -$client_id = $settings['config_azure_client_id']; +$azure_client_id = $settings['config_azure_client_id']; $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'"); $company_results = mysqli_fetch_array($company_sql); @@ -131,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) { + if (!empty($azure_client_id)) { ?>
    From 4b10a2ac68140fa2f524078809e6779a85a48f8c Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:38:40 +0000 Subject: [PATCH 23/37] Improve security of password reset token for client portal --- portal/login_reset.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/portal/login_reset.php b/portal/login_reset.php index d78cdec3..e9cf0888 100644 --- a/portal/login_reset.php +++ b/portal/login_reset.php @@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $company = $row['company_id']; if ($row['contact_email'] == $email) { - $token = key32gen(); + $token = bin2hex(random_bytes(78)); $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client"; mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); @@ -59,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { // Send reset email $subject = "Password reset for $company_name ITFlow Portal"; - $body = "Hello, $name

    Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal.

    Please click here to reset your password.

    Alternatively, copy and paste this URL into your browser: $url

    If you didn't request this change, you can safely ignore this email.

    ~
    $company_name
    Support Department
    $config_mail_from_email"; + $body = "Hello, $name

    Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal.

    Please click here to reset your password.

    Alternatively, copy and paste this URL into your browser:
    $url

    If you didn't request this change, you can safely ignore this email.

    ~
    $company_name
    Support Department
    $config_mail_from_email"; $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, $config_mail_from_email, $config_mail_from_name, From f2efa79c57cf4a2c856e181f99bdf173d5a07452 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Mon, 2 Jan 2023 15:48:47 +0000 Subject: [PATCH 24/37] Escape potential HTML data from ticket fields --- portal/ticket.php | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/portal/ticket.php b/portal/ticket.php index 1e50b74c..17c841cf 100644 --- a/portal/ticket.php +++ b/portal/ticket.php @@ -15,18 +15,28 @@ if (isset($_GET['id']) && intval($_GET['id'])) { $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'"); } - $ticket = mysqli_fetch_array($ticket_sql); + $ticket_row = mysqli_fetch_array($ticket_sql); + + if ($ticket_row) { + + $ticket_prefix = htmlentities($ticket_row['ticket_prefix']); + $ticket_number = $ticket_row['ticket_number']; + $ticket_status = htmlentities($ticket_row['ticket_status']); + $ticket_priority = htmlentities($ticket_row['ticket_priority']); + $ticket_subject = htmlentities($ticket_row['ticket_subject']); + $ticket_details = $ticket_row['ticket_details']; + $ticket_feedback = htmlentities($ticket_row['ticket_feedback']); + - if ($ticket) { ?>