mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 19:04:52 +00:00
Fix randomString() to generate cryptographically secure URL-safe tokens, reduced url keys to 32 Characters for performance and easy copy and paste and compatibility while still mainitaining ubreakable cryptographic keys
This commit is contained in:
johnnyq
@@ -794,7 +794,7 @@ if (isset($_POST['bulk_add_client_ticket'])) {
|
||||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ if (isset($_POST['add_invoice'])) {
|
||||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount', invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
@@ -112,7 +112,7 @@ if (isset($_POST['add_invoice_copy'])) {
|
||||
$new_invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$invoice_scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_discount_amount = $invoice_discount_amount, invoice_amount = $invoice_amount, invoice_currency_code = '$invoice_currency_code', invoice_note = '$invoice_note', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ if (isset($_POST['add_quote'])) {
|
||||
$quote_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$quote_url_key = randomString(156);
|
||||
$quote_url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$scope', quote_date = '$date', quote_expire = '$expire', quote_currency_code = '$session_company_currency', quote_category_id = $category, quote_status = 'Draft', quote_url_key = '$quote_url_key', quote_client_id = $client_id");
|
||||
|
||||
@@ -78,7 +78,7 @@ if (isset($_POST['add_quote_copy'])) {
|
||||
$category_id = intval($row['quote_category_id']);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$quote_url_key = randomString(156);
|
||||
$quote_url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$quote_scope', quote_date = '$date', quote_expire = '$expire', quote_category_id = $category_id, quote_status = 'Draft', quote_discount_amount = $quote_discount_amount, quote_amount = $quote_amount, quote_currency_code = '$quote_currency_code', quote_note = '$quote_note', quote_url_key = '$quote_url_key', quote_client_id = $client_id");
|
||||
|
||||
@@ -147,7 +147,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
|
||||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$quote_scope', invoice_date = '$date', invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_discount_amount = $quote_discount_amount, invoice_amount = $quote_amount, invoice_currency_code = '$quote_currency_code', invoice_note = '$quote_note', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
|
||||
@@ -310,7 +310,7 @@ if (isset($_GET['force_recurring'])) {
|
||||
$new_invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$recurring_invoice_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_discount_amount = $recurring_invoice_discount_amount, invoice_amount = $recurring_invoice_amount, invoice_currency_code = '$recurring_invoice_currency_code', invoice_note = '$recurring_invoice_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_recurring_invoice_id = $recurring_invoice_id, invoice_client_id = $client_id");
|
||||
|
||||
|
||||
@@ -90,7 +90,7 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
|
||||
$client_id = intval($row['recurring_ticket_client_id']);
|
||||
$asset_id = intval($row['recurring_ticket_asset_id']);
|
||||
$category = intval($row['recurring_ticket_category']);
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
$ticket_status = 1; // Default
|
||||
if ($assigned_id > 0) {
|
||||
@@ -228,7 +228,7 @@ if (isset($_GET['force_recurring_ticket'])) {
|
||||
$client_id = intval($row['recurring_ticket_client_id']);
|
||||
$asset_id = intval($row['recurring_ticket_asset_id']);
|
||||
$category = intval($row['recurring_ticket_category']);
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
$ticket_status = 1; // Default
|
||||
if ($assigned_id > 0) {
|
||||
|
||||
@@ -68,7 +68,7 @@ if (isset($_POST['add_ticket'])) {
|
||||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id");
|
||||
|
||||
@@ -1521,7 +1521,7 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
|
||||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
|
||||
|
||||
@@ -2167,7 +2167,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
|
||||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
$invoice_id = mysqli_insert_id($mysqli);
|
||||
|
||||
Reference in New Issue
Block a user