AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Used HTMLPUrify to Purify the output of Tickets, Documents, Document Templates. Removed Redundant htmlentities in edit document edit ticket etc, Removed Company ID from Document Template Details

Browse Source
This commit is contained in:
johnnyq
2023-03-11 21:24:35 -05:00
parent 00b9391de4
commit b5ae7b3d86
8 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
client_document_details.php
View File

@@ -2,6 +2,12 @@
require_once("inc_all_client.php");
//Initialize the HTML Purifier to prevent XSS
require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
if (isset($_GET['document_id'])) {
$document_id = intval($_GET['document_id']);
}
@@ -13,7 +19,8 @@ $row = mysqli_fetch_array($sql_document);
$folder_name = htmlentities($row['folder_name']);
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_content = $purifier->purify(html_entity_decode($row['document_content']));
//$document_content = $row['document_content'];
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);