AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

More Security fixes escaping search and sortby GET vars

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-08-31 15:38:16 -04:00
parent 71decb9332
commit 9050f4b03a
32 changed files with 108 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
post.php
View File

@@ -1168,6 +1168,9 @@ if(isset($_POST['add_quote_to_invoice'])){
$client_id = $row['client_id'];
$category_id = $row['category_id'];
//Generate a unique URL key for clients to access
$url_key = keygen();
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_number = '$invoice_number', invoice_date = '$date', invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$quote_amount', invoice_note = '$quote_note', invoice_created_at = NOW(), client_id = $client_id, company_id = $session_company_id");
$new_invoice_id = mysqli_insert_id($mysqli);