AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated All Exports to include your company name if exporting all and if exporting just from a client prepend the client name to file, introduced a sanitize_filename function and used it for the exports to always get a clean file name that works on every OS

This commit is contained in:
johnnyq 2025-09-10 12:50:10 -04:00
parent 23b2dcba70
commit 981fb9585d
18 changed files with 96 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
functions.php
View File

@ -1694,4 +1694,34 @@ function redirect($url = null, $permanent = false) {
function flash_alert(string $message, string $type = 'success'): void {
$_SESSION['alert_type'] = $type;
$_SESSION['alert_message'] = $message;
}
// Sanitize File Names
function sanitize_filename($filename, $strict = false) {
// Remove path information and dots around the filename
$filename = basename($filename);
// Replace spaces and underscores with dashes
$filename = str_replace([' ', '_'], '-', $filename);
// Remove anything which isn't a word, number, dot, or dash
$filename = preg_replace('/[^A-Za-z0-9\.\-]/', '', $filename);
// Optionally make filename strict alphanumeric (keep dot and dash)
if ($strict) {
$filename = preg_replace('/[^A-Za-z0-9\.\-]/', '', $filename);
}
// Avoid multiple consecutive dashes
$filename = preg_replace('/-+/', '-', $filename);
// Remove leading/trailing dots and dashes
$filename = trim($filename, '.-');
// Ensure its not empty
if (empty($filename)) {
$filename = 'file';
}
return $filename;
}

2
user/modals/software/software_export.php
View File

@ -15,7 +15,7 @@
</div>
<div class="modal-footer">
<button type="submit" name="export_client_software_csv" class="btn btn-primary text-bold"><i class="fas fa-fw fa-download mr-2"></i>Download CSV</button>
<button type="submit" name="export_software_csv" class="btn btn-primary text-bold"><i class="fas fa-fw fa-download mr-2"></i>Download CSV</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>

6
user/post/asset.php
View File

@ -953,8 +953,6 @@ if (isset($_POST['export_assets_csv'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support');
$client_name = 'All'; // default
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
@ -962,9 +960,11 @@ if (isset($_POST['export_assets_csv'])) {
$client_row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id"));
$client_name = $client_row['client_name'];
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0; // for Logging
$file_name_prepend = "$session_company_name-";
}
// Get records from database
@ -975,7 +975,7 @@ if (isset($_POST['export_assets_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = strtoAZaz09($client_name) . "-Assets-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Assets-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

5
user/post/certificate.php
View File

@ -217,9 +217,12 @@ if (isset($_POST['export_certificates_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND certificate_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM certificates WHERE certificate_archived_at IS NULL $client_query ORDER BY certificate_name ASC");
@ -230,7 +233,7 @@ if (isset($_POST['export_certificates_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Certificates-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Certificates-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

2
user/post/client.php
View File

@ -324,7 +324,7 @@ if (isset($_POST['export_clients_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = $session_company_name . "-Clients-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($session_company_name . "-Clients-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

7
user/post/contact.php
View File

@ -1153,9 +1153,12 @@ if (isset($_POST['export_contacts_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND contact_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0; //Logging
$client_id = 0; //Logging;
$file_name_prepend = "$session_company_name-";
}
//Contacts
@ -1166,7 +1169,7 @@ if (isset($_POST['export_contacts_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Contacts-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Contacts-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

5
user/post/credential.php
View File

@ -307,9 +307,12 @@ if (isset($_POST['export_credentials_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND credential_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
//get records from database
@ -322,7 +325,7 @@ if (isset($_POST['export_credentials_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Credentials-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Credentials-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

5
user/post/domain.php
View File

@ -330,9 +330,12 @@ if (isset($_POST['export_domains_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE domain_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM domains $client_query ORDER BY domain_name ASC");
@ -343,7 +346,7 @@ if (isset($_POST['export_domains_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Domains-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Domains-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

2
user/post/expense.php
View File

@ -305,7 +305,7 @@ if (isset($_POST['export_expenses_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "$session_company_name-Expenses-$file_name_date.csv";
$filename = sanitize_filename("$session_company_name-Expenses-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

17
user/post/invoice.php
View File

@ -1935,8 +1935,12 @@ if (isset($_POST['export_invoices_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$date_from = sanitizeInput($_POST['date_from']);
@ -1946,21 +1950,18 @@ if (isset($_POST['export_invoices_csv'])) {
$file_name_date = "$date_from-to-$date_to";
}else{
$date_query = "";
$file_name_date = date('Y-m-d');
$file_name_date = date('Y-m-d_H-i-s');
}
$sql = mysqli_query($mysqli,"SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE $date_query $client_query ORDER BY invoice_number ASC");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "$session_company_name-Invoices-$file_name_date.csv";
$filename = sanitize_filename($file_name_prepend . "Invoices-$file_name_date.csv");
//create a file pointer
$f = fopen('php://memory', 'w');
@ -2045,8 +2046,12 @@ if (isset($_POST['export_payments_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM payments, invoices WHERE payment_invoice_id = invoice_id $client_query ORDER BY payment_date ASC");
@ -2057,7 +2062,7 @@ if (isset($_POST['export_payments_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Payments-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Payments-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

5
user/post/location.php
View File

@ -359,9 +359,12 @@ if(isset($_POST['export_locations_csv'])){
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND location_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
//Locations
@ -373,7 +376,7 @@ if(isset($_POST['export_locations_csv'])){
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Locations-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Locations-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

5
user/post/network.php
View File

@ -152,9 +152,12 @@ if (isset($_POST['export_networks_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND network_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_archived_at IS NULL $client_query ORDER BY network_name ASC");
@ -165,7 +168,7 @@ if (isset($_POST['export_networks_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Networks-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Networks-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

2
user/post/product.php
View File

@ -248,7 +248,7 @@ if (isset($_POST['export_products_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "$session_company_name-Products.csv";
$filename = sanitize_filename("$session_company_name-Products-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

6
user/post/quote.php
View File

@ -540,12 +540,12 @@ if(isset($_POST['export_quotes_csv'])){
$client_id = intval($_POST['client_id']);
$client_query = "WHERE quote_client_id = $client_id";
// Get Client Name for logging
$client_name = getFieldByID('clients', $client_id, 'client_name');
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_name = '';
$file_name_prepend = '';
$file_name_prepend = "$session_company_name";
}
$sql = mysqli_query($mysqli,"SELECT * FROM quotes $client_query ORDER BY quote_number ASC");
@ -556,7 +556,7 @@ if(isset($_POST['export_quotes_csv'])){
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = $file_name_prepend . "Quotes-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Quotes-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

7
user/post/software.php
View File

@ -204,16 +204,19 @@ if (isset($_GET['delete_software'])) {
}
if (isset($_POST['export_client_software_csv'])) {
if (isset($_POST['export_software_csv'])) {
enforceUserPermission('module_support');
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE software_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_id = 0; //Logging
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM software $client_query ORDER BY software_name ASC");
@ -224,7 +227,7 @@ if (isset($_POST['export_client_software_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Software-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Software-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

6
user/post/ticket.php
View File

@ -2170,8 +2170,12 @@ if (isset($_POST['export_tickets_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE ticket_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query(
@ -2185,7 +2189,7 @@ if (isset($_POST['export_tickets_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Tickets-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Tickets-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

6
user/post/trip.php
View File

@ -63,8 +63,12 @@ if (isset($_POST['export_trips_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND trip_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$date_from = sanitizeInput($_POST['date_from']);
@ -91,7 +95,7 @@ if (isset($_POST['export_trips_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Trips-$file_name_date.csv";
$filename = sanitize_filename($file_name_prepend . "Trips-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');

6
user/post/vendor.php
View File

@ -274,8 +274,12 @@ if (isset($_POST['export_vendors_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND vendor_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = "AND vendor_client_id = 0";
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_template = 0 $client_query ORDER BY vendor_name ASC");
@ -286,7 +290,7 @@ if (isset($_POST['export_vendors_csv'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\'; // backslash
$filename = "Vendors-" . date('Y-m-d') . ".csv";
$filename = sanitize_filename($file_name_prepend . "Vendors-" . date('Y-m-d_H-i-s') . ".csv");
//create a file pointer
$f = fopen('php://memory', 'w');