AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-05 21:34:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add sme more htmlemtities for consistency

Browse Source
This commit is contained in:
johnnyq
2023-03-05 20:06:42 -05:00
parent 9a3266190c
commit a711bed38c
10 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
check_login.php
View File

@@ -30,7 +30,7 @@ $session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$session_name = mysqli_real_escape_string($mysqli, $row['user_name']); $session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar']; $session_avatar = $row['user_avatar'];
$session_token = $row['user_token']; $session_token = $row['user_token'];

2
clients.php
View File

@@ -148,7 +148,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$client_tag_id_array[] = $client_tag_id; $client_tag_id_array[] = $client_tag_id;
if (empty($client_tag_color)) { if (empty($client_tag_color)) {
$client_tag_name_display_array[] = "<small class='text-secondary'>$client_tag_name</small> "; $client_tag_name_display_array[] = "<small class='text-secondary'><i class='fa fa-fw fa-$client_tag_icon'></i>$client_tag_name</small> ";
} else { } else {
$client_tag_name_display_array[] = "<span class='badge bg-$client_tag_color'><i class='fa fa-fw fa-$client_tag_icon'></i> $client_tag_name</span> "; $client_tag_name_display_array[] = "<span class='badge bg-$client_tag_color'><i class='fa fa-fw fa-$client_tag_icon'></i> $client_tag_name</span> ";
} }

2
get_settings.php
View File

@@ -58,7 +58,7 @@ $config_ticket_next_number = intval($row['config_ticket_next_number']);
$config_ticket_from_name = $row['config_ticket_from_name']; $config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email']; $config_ticket_from_email = $row['config_ticket_from_email'];
$config_ticket_email_parse = intval($row['config_ticket_email_parse']); $config_ticket_email_parse = intval($row['config_ticket_email_parse']);
$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications']; $config_ticket_client_general_notifications = intval($row['config_ticket_client_general_notifications']);
// Alerts // Alerts
$config_enable_cron = intval($row['config_enable_cron']); $config_enable_cron = intval($row['config_enable_cron']);

2
guest_header.php
View File

@@ -20,7 +20,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<title><?php echo $config_app_name; ?></title> <title><?php echo htmlentities($config_app_name); ?></title>
<!-- Font Awesome Icons --> <!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">

2
guest_view_invoice.php
View File

@@ -73,8 +73,6 @@ if (!empty($company_logo)) {
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']); $config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = intval($row['config_stripe_enable']); $config_stripe_enable = intval($row['config_stripe_enable']);
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);

2
guest_view_item.php
View File

@@ -7,7 +7,7 @@ header('Pragma: no-cache');
require_once("guest_header.php"); ?> require_once("guest_header.php"); ?>
<br> <br>
<h1> <?php echo $config_app_name ?> Guest sharing </h1> <h1> <?php echo htmlentities($config_app_name); ?> Guest sharing </h1>
<hr> <hr>
<?php <?php

2
header.php
View File

@@ -15,7 +15,7 @@ header("X-Frame-Options: DENY");
<meta http-equiv="x-ua-compatible" content="ie=edge"> <meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<title><?php echo "$session_company_name | $config_app_name"; ?></title> <title><?php echo htmlentities($session_company_name); ?> | <?php echo htmlentities($config_app_name); ?></title>
<!-- Font Awesome Icons --> <!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">

6
portal/portal_header.php
View File

@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY");
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title> <title><?php echo htmlentities($config_app_name); ?> | Client Portal - Tickets</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY");
<nav class="navbar navbar-expand-lg navbar-dark bg-dark"> <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container"> <div class="container">
<a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a> <a class="navbar-brand" href="index.php"><?php echo htmlentities($config_app_name); ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span> <span class="navbar-toggler-icon"></span>
</button> </button>
@@ -55,7 +55,7 @@ header("X-Frame-Options: DENY");
<ul class="nav navbar-nav pull-right"> <ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown"> <li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
<?php echo $session_contact_name ?> <?php echo htmlentities($session_contact_name); ?>
</a> </a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown"> <div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a> <a class="dropdown-item" href="profile.php">Profile</a>

2
settings_api.php
View File

@@ -31,7 +31,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search keys"> <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search keys">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>

4
user_profile.php
View File

@@ -21,13 +21,13 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>"> <input type="hidden" name="existing_file_name" value="<?php echo htmlentities($session_avatar); ?>">
<center class="mb-3 px-5"> <center class="mb-3 px-5">
<?php if (empty($session_avatar)) { ?> <?php if (empty($session_avatar)) { ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i> <i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php } else { ?> <?php } else { ?>
<img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid"> <img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . htmlentities($session_avatar); ?>" class="img-fluid">
<?php } ?> <?php } ?>
<h4 class="text-secondary mt-2"><?php echo htmlentities($session_user_role_display); ?></h4> <h4 class="text-secondary mt-2"><?php echo htmlentities($session_user_role_display); ?></h4>
</center> </center>