From 924159dfcbe2b509391457df7c78eb1246a2eef5 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 13 Mar 2023 16:23:39 -0400
Subject: [PATCH] Wrong var sent for logging email address during invoice sends

---
 post.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/post.php b/post.php
index 53c97d56..1f68349d 100644
--- a/post.php
+++ b/post.php
@@ -3872,6 +3872,7 @@ if(isset($_GET['email_invoice'])){
     $client_name = $row['client_name'];
     $contact_name = $row['contact_name'];
     $contact_email = $row['contact_email'];
+    $contact_email_escaped = sanitizeInput($row['contact_email']);
     $contact_phone = formatPhoneNumber($row['contact_phone']);
     $contact_extension = $row['contact_extension'];
     $contact_mobile = formatPhoneNumber($row['contact_mobile']);
@@ -3925,15 +3926,15 @@ if(isset($_GET['email_invoice'])){
         }
 
         //Logging
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix$invoice_number emailed to $client_email', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix$invoice_number emailed to $contact_email_escaped', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
 
     } else {
         $_SESSION['alert_type'] = "error";
         $_SESSION['alert_message'] = "Invoice Failed to send ";
         mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Email Invoice Failed', history_invoice_id = $invoice_id");
 
-        mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'");
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+        mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email_escaped'");
+        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email_escaped regarding $subject. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
     }
 
     header("Location: " . $_SERVER["HTTP_REFERER"]);