AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

More UI work and santitizeInput migrations

Browse Source
This commit is contained in:
johnnyq
2023-02-20 22:02:39 -05:00
parent cf08042a41
commit 95f190c89d
21 changed files with 223 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ajax.php
View File

@@ -155,7 +155,7 @@ if (isset($_GET['network_get_json_details'])) {
if (isset($_POST['client_set_notes'])) {
$client_id = intval($_POST['client_id']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
$notes = sanitizeInput($_POST['notes']);
// Update notes
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'");
@@ -167,7 +167,7 @@ if (isset($_POST['client_set_notes'])) {
if (isset($_POST['contact_set_notes'])) {
$contact_id = intval($_POST['contact_id']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
$notes = sanitizeInput($_POST['notes']);
// Update notes
mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
@@ -228,28 +228,28 @@ if (isset($_GET['share_generate_link'])) {
$item_encrypted_credential = ''; // Default empty
$client_id = intval($_GET['client_id']);
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['type'])));
$item_type = sanitizeInput($_GET['type']);
$item_id = intval($_GET['id']);
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['note'])));
$item_note = sanitizeInput($_GET['note']);
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['expires'])));
$item_expires = sanitizeInput($_GET['expires']);
$item_key = randomString(156);
if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['document_name']));
$item_name = sanitizeInput($row['document_name']);
}
if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['file_name']));
$item_name = sanitizeInput($row['file_name']);
}
if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name']));
$item_name = sanitizeInput($row['login_name']);
// Decrypt & re-encrypt username/password for sharing
$login_encryption_key = randomString();