AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Format output for the proper code syntax, this should fix many various issues with output formatting and page breakage

This commit is contained in:
johnnyq 2022-12-02 19:58:21 -05:00
parent 3067e6bd1e
commit b6e540825f
128 changed files with 1222 additions and 1227 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
accounts.php
View File

@ -49,10 +49,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
$opening_balance = $row['opening_balance'];
$account_currency_code = $row['account_currency_code'];
$account_notes = $row['account_notes'];
$account_currency_code = htmlentities($row['account_currency_code']);
$account_notes = htmlentities($row['account_notes']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);

8
calendar_event_add_modal.php
View File

@ -23,8 +23,8 @@
$sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC");
while($row = mysqli_fetch_array($sql)){
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_color = $row['calendar_color'];
$calendar_name = htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']);
?>
<option <?php if($config_default_calendar == $calendar_id){ echo "selected"; } ?> data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color; ?>;'></i> <?php echo $calendar_name; ?>" value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
@ -108,8 +108,8 @@
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$contact_email = htmlentities($row['contact_email']);
?>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>

8
calendar_event_edit_modal.php
View File

@ -40,8 +40,8 @@
$sql_calendars_select = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC");
while($row = mysqli_fetch_array($sql_calendars_select)){
$calendar_id_select = $row['calendar_id'];
$calendar_name_select = $row['calendar_name'];
$calendar_color_select = $row['calendar_color'];
$calendar_name_select = htmlentities($row['calendar_name']);
$calendar_color_select = htmlentities($row['calendar_color']);
?>
<option data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color_select; ?>;'></i> <?php echo $calendar_name_select; ?>"<?php if($calendar_id == $calendar_id_select){ echo "selected"; } ?> value="<?php echo $calendar_id_select; ?>"><?php echo $calendar_name_select; ?></option>
@ -107,8 +107,8 @@
$sql_clients = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql_clients)){
$client_id_select = $row['client_id'];
$client_name_select = $row['client_name'];
$contact_email_select = $row['contact_email'];
$client_name_select = htmlentities($row['client_name']);
$contact_email_select = htmlentities($row['contact_email']);
?>
<option <?php if($client_id == $client_id_select){ echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>

72
calendar_events.php
View File

@ -25,14 +25,14 @@ if(isset($_GET['calendar_id'])){
$sql = mysqli_query($mysqli,"SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['event_id'];
$event_title = $row['event_title'];
$event_description = $row['event_description'];
$event_start = $row['event_start'];
$event_end = $row['event_end'];
$event_repeat = $row['event_repeat'];
$event_title = htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']);
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_color = $row['calendar_color'];
$calendar_name = htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']);
$client_id = $row['event_client_id'];
include("calendar_event_edit_modal.php");
@ -76,15 +76,15 @@ while($row = mysqli_fetch_array($sql)){
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['event_id'];
$event_title = $row['event_title'];
$event_start = $row['event_start'];
$event_end = $row['event_end'];
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_color = $row['calendar_color'];
$event_id = json_encode($row['event_id']);
$event_title = json_encode($row['event_title']);
$event_start = json_encode($row['event_start']);
$event_end = json_encode($row['event_end']);
$calendar_id = json_encode($row['calendar_id']);
$calendar_name = json_encode($row['calendar_name']);
$calendar_color = json_encode($row['calendar_color']);
echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
}
?>
@ -92,11 +92,11 @@ while($row = mysqli_fetch_array($sql)){
//Invoices Created
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id WHERE clients.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['invoice_id'];
$event_title = $row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope'];
$event_start = $row['invoice_date'];
$event_id = json_encode($row['invoice_id']);
$event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']);
$event_start = json_encode($row['invoice_date']);
echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'blue', url: 'invoice.php?invoice_id=$event_id'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'blue', url: 'invoice.php?invoice_id=$event_id' },";
}
?>
@ -104,11 +104,11 @@ while($row = mysqli_fetch_array($sql)){
//Quotes Created
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id WHERE clients.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['quote_id'];
$event_title = $row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope'];
$event_start = $row['quote_date'];
$event_id = json_encode($row['quote_id']);
$event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
$event_start = json_encode($row['quote_date']);
echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'purple', url: 'quote.php?quote_id=$event_id'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'purple', url: 'quote.php?quote_id=$event_id' },";
}
?>
@ -116,11 +116,11 @@ while($row = mysqli_fetch_array($sql)){
//Tickets Created
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id WHERE clients.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['ticket_id'];
$event_title = $row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject'];
$event_start = $row['ticket_created_at'];
$event_id = json_encode($row['ticket_id']);
$event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']);
$event_start = json_encode($row['ticket_created_at']);
echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'orange', url: 'ticket.php?ticket_id=$event_id'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'orange', url: 'ticket.php?ticket_id=$event_id' },";
}
@ -130,11 +130,11 @@ while($row = mysqli_fetch_array($sql)){
//Vendors Added Created
$sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE clients.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['vendor_id'];
$event_title = $row['vendor_name'];
$event_start = $row['vendor_created_at'];
$event_id = json_encode($row['vendor_id']);
$event_title = json_encode($row['vendor_name']);
$event_start = json_encode($row['vendor_created_at']);
echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'brown', url: 'client_vendors.php?client_id=$event_id'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'brown', url: 'client_vendors.php?client_id=$event_id' },";
}
?>
@ -142,11 +142,11 @@ while($row = mysqli_fetch_array($sql)){
//Clients Added
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE clients.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['client_id'];
$event_title = $row['client_name'];
$event_start = $row['client_created_at'];
$event_id = json_encode($row['client_id']);
$event_title = json_encode($row['client_name']);
$event_start = json_encode($row['client_created_at']);
echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'green', url: 'client.php?client_id=$event_id'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'green', url: 'client.php?client_id=$event_id' },";
}
?>
@ -160,4 +160,4 @@ while($row = mysqli_fetch_array($sql)){
calendar.render();
});
</script>
</script>

4
categories.php
View File

@ -84,8 +84,8 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_color = $row['category_color'];
$category_name = htmlentities($row['category_name']);
$category_color = htmlentities($row['category_color']);
//$colors_used_array[] = $row['category_color'];
?>

8
client_add_modal.php
View File

@ -66,7 +66,7 @@
$referral_sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($referral_sql)){
$referral = $row['category_name'];
$referral = htmlentities($row['category_name']);
?>
<option><?php echo $referral; ?></option>
@ -279,9 +279,9 @@
while($row = mysqli_fetch_array($sql_tags_select)){
$tag_id_select = $row['tag_id'];
$tag_name_select = $row['tag_name'];
$tag_color_select = $row['tag_color'];
$tag_icon_select = $row['tag_icon'];
$tag_name_select = htmlentities($row['tag_name']);
$tag_color_select = htmlentities($row['tag_color']);
$tag_icon_select = htmlentities($row['tag_icon']);
?>
<li class="list-group-item">

10
client_asset_add_modal.php
View File

@ -125,7 +125,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_name = htmlentities($row['location_name']);
?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
@ -150,7 +150,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@ -190,8 +190,8 @@
$sql = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
while($row = mysqli_fetch_array($sql)){
$network_id = $row['network_id'];
$network_name = $row['network_name'];
$network = $row['network'];
$network_name = htmlentities($row['network_name']);
$network = htmlentities($row['network']);
?>
<option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>
@ -240,7 +240,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>

10
client_asset_copy_modal.php
View File

@ -123,7 +123,7 @@
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];
$location_name_select = htmlentities($row['location_name']);
?>
<option <?php if($asset_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@ -148,7 +148,7 @@
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@ -187,8 +187,8 @@
$sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while($row = mysqli_fetch_array($sql_networks)){
$network_id_select = $row['network_id'];
$network_name_select = $row['network_name'];
$network_select = $row['network'];
$network_name_select = htmlentities($row['network_name']);
$network_select = htmlentities($row['network']);
?>
<option <?php if($asset_network_id == $network_id_select){ echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@ -237,7 +237,7 @@
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if($asset_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>

2
client_asset_documents_modal.php
View File

@ -12,7 +12,7 @@
<?php
while($row = mysqli_fetch_array($sql_related_documents)){
$related_document_id = $row['document_id'];
$related_document_name = $row['document_name'];
$related_document_name = htmlentities($row['document_name']);
?>
<p>
<i class="fas fa-fw fa-document text-secondary"></i>

10
client_asset_edit_modal.php
View File

@ -124,7 +124,7 @@
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];
$location_name_select = htmlentities($row['location_name']);
?>
<option <?php if($asset_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@ -148,7 +148,7 @@
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id_select = $row['contact_id'];
$contact_name_select = $row['contact_name'];
$contact_name_select = htmlentities($row['contact_name']);
?>
<option <?php if($asset_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>">
<?php echo $contact_name_select; ?> <?php if(!empty($row['contact_archived_at'])){ echo " (Archived " . date('Y-m-d',strtotime($row['contact_archived_at'])) .")"; } ?>
@ -188,8 +188,8 @@
$sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while($row = mysqli_fetch_array($sql_networks)){
$network_id_select = $row['network_id'];
$network_name_select = $row['network_name'];
$network_select = $row['network'];
$network_name_select = htmlentities($row['network_name']);
$network_select = htmlentities($row['network']);
?>
<option <?php if($asset_network_id == $network_id_select){ echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@ -238,7 +238,7 @@
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if($asset_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>

8
client_asset_tickets_modal.php
View File

@ -13,10 +13,10 @@
// Query is run from client_assets.php
while($row = mysqli_fetch_array($sql_tickets)){
$ticket_id = $row['ticket_id'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$ticket_status = $row['ticket_status'];
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = $row['ticket_created_at'];
$ticket_updated_at = $row['ticket_updated_at'];
?>

24
client_assets.php
View File

@ -164,30 +164,30 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_type = $row['asset_type'];
$asset_name = $row['asset_name'];
$asset_make = $row['asset_make'];
$asset_model = $row['asset_model'];
$asset_serial = $row['asset_serial'];
$asset_type = htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']);
$asset_model = htmlentities($row['asset_model']);
$asset_serial = htmlentities($row['asset_serial']);
if(empty($asset_serial)){
$asset_serial_display = "-";
}else{
$asset_serial_display = $asset_serial;
}
$asset_os = $row['asset_os'];
$asset_os = htmlentities($row['asset_os']);
if(empty($asset_os)){
$asset_os_display = "-";
}else{
$asset_os_display = $asset_os;
}
$asset_ip = $row['asset_ip'];
$asset_ip = htmlentities($row['asset_ip']);
if(empty($asset_ip)){
$asset_ip_display = "-";
}else{
$asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text='$asset_ip'><i class='far fa-copy text-secondary'></i></button>";
}
$asset_mac = $row['asset_mac'];
$asset_status = $row['asset_status'];
$asset_mac = htmlentities($row['asset_mac']);
$asset_status = htmlentities($row['asset_status']);
$asset_purchase_date = $row['asset_purchase_date'];
$asset_warranty_expire = $row['asset_warranty_expire'];
$asset_install_date = $row['asset_install_date'];
@ -196,7 +196,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$asset_install_date_display = $asset_install_date;
}
$asset_notes = $row['asset_notes'];
$asset_notes = htmlentities($row['asset_notes']);
$asset_created_at = $row['asset_created_at'];
$asset_vendor_id = $row['asset_vendor_id'];
$asset_location_id = $row['asset_location_id'];
@ -242,8 +242,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}
$login_id = $row['login_id'];
$login_username = $row['login_username'];
$login_password = decryptLoginEntry($row['login_password']);
$login_username = htmlentities($row['login_username']);
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
// Related tickets
$sql_tickets = mysqli_query($mysqli,"SELECT * FROM tickets WHERE ticket_asset_id = $asset_id ORDER BY ticket_number DESC");

2
client_certificate_add_modal.php
View File

@ -76,7 +76,7 @@
$domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($domain_row = mysqli_fetch_array($domains_sql)){
$domain_id = $domain_row['domain_id'];
$domain_name = $domain_row['domain_name'];
$domain_name = htmlentities($domain_row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>";
}
?>

8
client_certificates.php
View File

@ -65,10 +65,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$certificate_id = $row['certificate_id'];
$certificate_name = $row['certificate_name'];
$certificate_domain = $row['certificate_domain'];
$certificate_issued_by = $row['certificate_issued_by'];
$certificate_expire = $row['certificate_expire'];
$certificate_name = htmlentities($row['certificate_name']);
$certificate_domain = htmlentities($row['certificate_domain']);
$certificate_issued_by = htmlentities($row['certificate_issued_by']);
$certificate_expire = htmlentities($row['certificate_expire']);
?>
<tr>

2
client_contact_add_modal.php
View File

@ -117,7 +117,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_name = htmlentities($row['location_name']);
?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>

26
client_contact_details_modal.php
View File

@ -35,11 +35,11 @@
while($row = mysqli_fetch_array($sql_related_assets)){
$asset_id = $row['asset_id'];
$asset_type = $row['asset_type'];
$asset_name = $row['asset_name'];
$asset_make = $row['asset_make'];
$asset_model = $row['asset_model'];
$asset_serial = $row['asset_serial'];
$asset_type = htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']);
$asset_model = htmlentities($row['asset_model']);
$asset_serial = htmlentities($row['asset_serial']);
?>
@ -58,11 +58,11 @@
while($row = mysqli_fetch_array($sql_related_logins)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
$login_uri = $row['login_uri'];
$login_username = $row['login_username'];
$login_password = $row['login_password'];
$login_note = $row['login_note'];
$login_name = htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']);
$login_username = htmlentities($row['login_username']);
$login_password = htmlentities($row['login_password']);
$login_note = htmlentities($row['login_note']);
$vendor_id = $row['vendor_id'];
$asset_id = $row['asset_id'];
$software_id = $row['software_id'];
@ -84,9 +84,9 @@
while($row = mysqli_fetch_array($sql_related_software)){
$software_id = $row['software_id'];
$software_name = $row['software_name'];
$software_type = $row['software_type'];
$software_notes = $row['software_notes'];
$software_name = htmlentities($row['software_name']);
$software_type = htmlentities($row['software_type']);
$software_notes = htmlentities($row['software_notes']);
?>

2
client_contact_edit_modal.php
View File

@ -119,7 +119,7 @@
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];
$location_name_select = htmlentities($row['location_name']);
?>
<option <?php if($contact_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>

18
client_contacts.php
View File

@ -83,14 +83,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
if(empty($contact_title)){
$contact_title_display = "-";
}else{
$contact_title_display = "<small class='text-secondary'>$contact_title</small>";
}
$contact_department = $row['contact_department'];
$contact_department =htmlentities($row['contact_department']);
if(empty($contact_department)){
$contact_department_display = "-";
}else{
@ -102,22 +102,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$contact_phone_display = "$contact_phone";
}
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
if(empty($contact_mobile)){
$contact_mobile_display = "-";
}else{
$contact_mobile_display = "$contact_mobile";
}
$contact_email = $row['contact_email'];
$contact_email = htmlentities($row['contact_email']);
if(empty($contact_email)){
$contact_email_display = "-";
}else{
$contact_email_display = "<a href='mailto:$contact_email'>$contact_email</a><button class='btn btn-sm clipboardjs' data-clipboard-text='$contact_email'><i class='far fa-copy text-secondary'></i></button>";
}
$contact_photo = $row['contact_photo'];
$contact_photo = htmlentities($row['contact_photo']);
$contact_initials = initials($contact_name);
$contact_notes = $row['contact_notes'];
$contact_notes = htmlentities($row['contact_notes']);
$contact_created_at = $row['contact_created_at'];
if($contact_id == $primary_contact){
$primary_contact_display = "<small class='text-success'>Primary Contact</small>";
@ -125,13 +125,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$primary_contact_display = FALSE;
}
$contact_location_id = $row['contact_location_id'];
$location_name = $row['location_name'];
$location_name = htmlentities($row['location_name']);
if(empty($location_name)){
$location_name_display = "-";
}else{
$location_name_display = $location_name;
}
$auth_method = $row['contact_auth_method'];
$auth_method = htmlentities($row['contact_auth_method']);
// Related Assets Query
$sql_related_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_contact_id = $contact_id AND company_id = $session_company_id ORDER BY asset_id DESC");

2
client_document_add_modal.php
View File

@ -46,7 +46,7 @@
$sql_folders = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while($row = mysqli_fetch_array($sql_folders)){
$folder_id = $row['folder_id'];
$folder_name = $row['folder_name'];
$folder_name = htmlentities($row['folder_name']);
?>
<option <?php if($_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>

2
client_document_details.php
View File

@ -16,7 +16,7 @@ $sql_document = mysqli_query($mysqli,"SELECT * FROM documents LEFT JOIN folders
$row = mysqli_fetch_array($sql_document);
$folder_name = $row['folder_name'];
$document_name = $row['document_name'];
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];

2
client_document_edit_modal.php
View File

@ -46,7 +46,7 @@
$sql_folders_select = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while($row = mysqli_fetch_array($sql_folders_select)){
$folder_id_select = $row['folder_id'];
$folder_name_select = $row['folder_name'];
$folder_name_select = htmlentities($row['folder_name']);
?>
<option <?php if($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option>
<?php

4
client_documents.php
View File

@ -76,7 +76,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$sql_folders = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while($row = mysqli_fetch_array($sql_folders)){
$folder_id = $row['folder_id'];
$folder_name = $row['folder_name'];
$folder_name = htmlentities($row['folder_name']);
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id"));
$num_documents = $row['num'];
@ -161,7 +161,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];

4
client_domain_add_modal.php
View File

@ -34,7 +34,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -58,7 +58,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>

12
client_domains.php
View File

@ -66,18 +66,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
$domain_registrar = $row['domain_registrar'];
$domain_webhost = $row['domain_webhost'];
$domain_expire = $row['domain_expire'];
$domain_registrar_name = $row['vendor_name'];
$domain_name = htmlentities($row['domain_name']);
$domain_registrar = htmlentities($row['domain_registrar']);
$domain_webhost = htmlentities($row['domain_webhost']);
$domain_expire = htmlentities($row['domain_expire'];
$domain_registrar_name = htmlentities($row['vendor_name']);
if(empty($domain_registrar_name)){
$domain_registrar_name = "-";
}
$sql_domain_webhost = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
$row = mysqli_fetch_array($sql_domain_webhost);
$domain_webhost_name = $row['vendor_name'];
$domain_webhost_name = htmlentities($row['vendor_name']);
if(empty($domain_webhost_name)){
$domain_webhost_name = "-";
}

8
client_edit_modal.php
View File

@ -61,7 +61,7 @@
$referral_sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($referral_sql)){
$referral = $row['category_name'];
$referral = htmlentities($row['category_name']);
?>
<option <?php if($client_referral == $referral){ echo "selected"; } ?> > <?php echo $referral; ?></option>
@ -142,9 +142,9 @@
while($row = mysqli_fetch_array($sql_tags_select)){
$tag_id_select = $row['tag_id'];
$tag_name_select = $row['tag_name'];
$tag_color_select = $row['tag_color'];
$tag_icon_select = $row['tag_icon'];
$tag_name_select = htmlentities($row['tag_name']);
$tag_color_select = htmlentities($row['tag_color']);
$tag_icon_select = htmlentities($row['tag_icon']);
?>
<li class="list-group-item">

30
client_events.php
View File

@ -25,14 +25,14 @@ if(isset($_GET['calendar_id'])){
$sql = mysqli_query($mysqli,"SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['event_id'];
$event_title = $row['event_title'];
$event_description = $row['event_description'];
$event_start = $row['event_start'];
$event_end = $row['event_end'];
$event_repeat = $row['event_repeat'];
$event_title = htmlentities($row['event_title']);
$event_description = htmlentities($row['event_description']);
$event_start = htmlentities($row['event_start']);
$event_end = htmlentities($row['event_end']);
$event_repeat = htmlentities($row['event_repeat']);
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_color = $row['calendar_color'];
$calendar_name = htmlentities($row['calendar_name']);
$calendar_color = htmlentities($row['calendar_color']);
include("calendar_event_edit_modal.php");
@ -73,15 +73,15 @@ while($row = mysqli_fetch_array($sql)){
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$event_id = $row['event_id'];
$event_title = $row['event_title'];
$event_start = $row['event_start'];
$event_end = $row['event_end'];
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_color = $row['calendar_color'];
$event_id = json_encode($row['event_id']);
$event_title = json_encode($row['event_title']);
$event_start = json_encode($row['event_start']);
$event_end = json_encode($row['event_end']);
$calendar_id = json_encode($row['calendar_id']);
$calendar_name = json_encode($row['calendar_name']);
$calendar_color = json_encode($row['calendar_color']);
echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
}
?>
],

12
client_files.php
View File

@ -33,9 +33,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while($row = mysqli_fetch_array($sql_files_images)){
$file_id = $row['file_id'];
$file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext'];
$file_name = htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']);
?>
@ -70,9 +70,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<?php
while($row = mysqli_fetch_array($sql_files_other)){
$file_id = $row['file_id'];
$file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext'];
$file_name = htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']);
if($file_ext == 'pdf'){
$file_icon = "file-pdf";
}elseif($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar'){

17
client_invoices.php
View File

@ -76,25 +76,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_scope = $row['invoice_scope'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
if(empty($invoice_scope)){
$invoice_scope_display = "-";
}else{
$invoice_scope_display = $invoice_scope;
}
$invoice_status = $row['invoice_status'];
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_created_at = $row['invoice_created_at'];
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$now = time();
$category_name = htmlentities($row['category_name']);
if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < $now ){
if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time() ){
$overdue_color = "text-danger font-weight-bold";
}else{
$overdue_color = "";

2
client_location_add_modal.php
View File

@ -116,7 +116,7 @@
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>

2
client_location_edit_modal.php
View File

@ -118,7 +118,7 @@
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id_select = $row['contact_id'];
$contact_name_select = $row['contact_name'];
$contact_name_select = htmlentities($row['contact_name']);
?>
<option <?php if($location_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>

18
client_locations.php
View File

@ -80,26 +80,26 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_country = $row['location_country'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$location_name = htmlentities($row['location_name']);
$location_country = htmlentities($row['location_country']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$location_phone = formatPhoneNumber($row['location_phone']);
if(empty($location_phone)){
$location_phone_display = "-";
}else{
$location_phone_display = $location_phone;
}
$location_hours = $row['location_hours'];
$location_hours = htmlentities($row['location_hours']);
if(empty($location_hours)){
$location_hours_display = "-";
}else{
$location_hours_display = $location_hours;
}
$location_photo = $row['location_photo'];
$location_notes = $row['location_notes'];
$location_photo = htmlentities($row['location_photo']);
$location_notes = htmlentities($row['location_notes']);
$location_created_at = $row['location_created_at'];
$location_contact_id = $row['location_contact_id'];
if($location_id == $primary_location){

8
client_login_add_modal.php
View File

@ -105,7 +105,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@ -129,7 +129,7 @@
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -153,7 +153,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
$asset_name = htmlentities($row['asset_name']);
?>
<option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option>
@ -177,7 +177,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql)){
$software_id = $row['software_id'];
$software_name = $row['software_name'];
$software_name = htmlentities($row['software_name']);
?>
<option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option>

8
client_login_edit_modal.php
View File

@ -111,7 +111,7 @@
$sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id_select = $row['contact_id'];
$contact_name_select = $row['contact_name'];
$contact_name_select = htmlentities($row['contact_name']);
?>
<option <?php if($login_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
@ -135,7 +135,7 @@
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if($login_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@ -159,7 +159,7 @@
$sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while($row = mysqli_fetch_array($sql_assets)){
$asset_id_select = $row['asset_id'];
$asset_name_select = $row['asset_name'];
$asset_name_select = htmlentities($row['asset_name']);
?>
<option <?php if($login_asset_id == $asset_id_select){ echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
@ -183,7 +183,7 @@
$sql_software = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software)){
$software_id_select = $row['software_id'];
$software_name_select = $row['software_name'];
$software_name_select = htmlentities($row['software_name']);
?>
<option <?php if($login_software_id == $software_id_select){ echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option>

10
client_logins.php
View File

@ -68,28 +68,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
$login_uri = $row['login_uri'];
$login_name = htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']);
if(empty($login_uri)){
$login_uri_display = "-";
}else{
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
}
$login_username = $row['login_username'];
$login_username = htmlentities($row['login_username']);
if(empty($login_username)){
$login_username_display = "-";
}else{
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
}
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = $row['login_otp_secret'];
$login_otp_secret = htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if(empty($login_otp_secret)){
$otp_display = "-";
}else{
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
}
$login_note = $row['login_note'];
$login_note = htmlentities($row['login_note']);
$login_contact_id = $row['login_contact_id'];
$login_vendor_id = $row['login_vendor_id'];
$login_asset_id = $row['login_asset_id'];

8
client_logs.php
View File

@ -71,14 +71,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_type = htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']);
$log_ip = htmlentities($row['log_ip']);
$log_user_agent = $row['log_user_agent'];
$log_user_agent = htmlentities($row['log_user_agent']);
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$user_name = $row['user_name'];
$user_name = htmlentities($row['user_name']);
if(empty($user_name)){
$user_name_display = "-";
}else{

2
client_network_add_modal.php
View File

@ -74,7 +74,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_name = htmlentities($row['location_name']);
?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>

12
client_networks.php
View File

@ -69,23 +69,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$network_id = $row['network_id'];
$network_name = $row['network_name'];
$network_vlan = $row['network_vlan'];
$network_name = htmlentities($row['network_name']);
$network_vlan = htmlentities($row['network_vlan']);
if(empty($network_vlan)){
$network_vlan_display = "-";
}else{
$network_vlan_display = $network_vlan;
}
$network = $row['network'];
$network_gateway = $row['network_gateway'];
$network_dhcp_range = $row['network_dhcp_range'];
$network = htmlentities($row['network']);
$network_gateway = htmlentities($row['network_gateway']);
$network_dhcp_range = htmlentities($row['network_dhcp_range']);
if(empty($network_dhcp_range)){
$network_dhcp_range_display = "-";
}else{
$network_dhcp_range_display = $network_dhcp_range;
}
$network_location_id = $row['network_location_id'];
$location_name = $row['location_name'];
$location_name = htmlentities($row['location_name']);
if(empty($location_name)){
$location_name_display = "-";
}else{

20
client_payments.php
View File

@ -74,23 +74,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_date = $row['invoice_date'];
$payment_date = $row['payment_date'];
$payment_method = $row['payment_method'];
$payment_reference = $row['payment_reference'];
$payment_method = htmlentities($row['payment_method']);
$payment_reference = htmlentities($row['payment_reference']);
if(empty($payment_reference)){
$payment_reference_display = "-";
}else{
$payment_reference_display = $payment_reference;
}
$payment_amount = $row['payment_amount'];
$payment_currency_code = $row['payment_currency_code'];
$account_name = $row['account_name'];
$payment_amount = htmlentities($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
$account_name = htmlentities($row['account_name']);
?>

14
client_quotes.php
View File

@ -75,21 +75,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$quote_id = $row['quote_id'];
$quote_prefix = $row['quote_prefix'];
$quote_number = $row['quote_number'];
$quote_scope = $row['quote_scope'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']);
if(empty($quote_scope)){
$quote_scope_display = "-";
}else{
$quote_scope_display = $quote_scope;
}
$quote_status = $row['quote_status'];
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = $row['quote_amount'];
$quote_currency_code = $row['quote_currency_code'];
$quote_amount = htmlentities($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_created_at = $row['quote_created_at'];
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
//Set Badge color based off of quote status
if($quote_status == "Sent"){

16
client_recurring_invoices.php
View File

@ -71,21 +71,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$recurring_id = $row['recurring_id'];
$recurring_prefix = $row['recurring_prefix'];
$recurring_number = $row['recurring_number'];
$recurring_scope = $row['recurring_scope'];
$recurring_frequency = $row['recurring_frequency'];
$recurring_status = $row['recurring_status'];
$recurring_prefix = htmlentities($row['recurring_prefix']);
$recurring_number = htmlentities($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']);
$recurring_last_sent = $row['recurring_last_sent'];
if($recurring_last_sent == 0){
$recurring_last_sent = "-";
}
$recurring_next_date = $row['recurring_next_date'];
$recurring_amount = $row['recurring_amount'];
$recurring_currency_code = $row['recurring_currency_code'];
$recurring_amount = htmlentities($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
$recurring_created_at = $row['recurring_created_at'];
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
if($recurring_status == 1){
$status = "Active";
$status_badge_color = "success";

6
client_scheduled_tickets.php
View File

@ -67,9 +67,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) {
$scheduled_ticket_id = $row['scheduled_ticket_id'];
$scheduled_ticket_subject = $row['scheduled_ticket_subject'];
$scheduled_ticket_priority = $row['scheduled_ticket_priority'];
$scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
$scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
$scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
$scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
$scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
?>

16
client_service_add_modal.php
View File

@ -104,7 +104,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
echo "<option value=\"$contact_id\">$contact_name</option>";
}
?>
@ -120,7 +120,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
?>
@ -136,7 +136,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
$document_name = htmlentities($row['document_name']);
echo "<option value=\"$document_id\">$document_name</option>";
}
?>
@ -162,7 +162,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
$asset_name = htmlentities($row['asset_name']);
echo "<option value=\"$asset_id\">$asset_name</option>";
}
?>
@ -180,7 +180,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
$login_name = htmlentities($row['login_name']);
echo "<option value=\"$login_id\">$login_name</option>";
}
?>
@ -203,7 +203,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
$domain_name = htmlentities($row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>";
}
?>
@ -221,8 +221,8 @@
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$cert_id = $row['certificate_id'];
$cert_name = $row['certificate_name'];
$cert_domain = $row['certificate_domain'];
$cert_name = htmlentities($row['certificate_name']);
$cert_domain = htmlentities($row['certificate_domain']);
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
}
?>

14
client_service_edit_modal.php
View File

@ -111,7 +111,7 @@
while($row_all = mysqli_fetch_array($sql_all)){
$contact_id = $row_all['contact_id'];
$contact_name = $row_all['contact_name'];
$contact_name = htmlentities($row_all['contact_name']);
if(in_array($contact_id, $selected_ids)){
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
@ -135,7 +135,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$vendor_id = $row_all['vendor_id'];
$vendor_name = $row_all['vendor_name'];
$vendor_name = htmlentities($row_all['vendor_name']);
if(in_array($vendor_id, $selected_ids)){
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
@ -159,7 +159,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$document_id = $row_all['document_id'];
$document_name = $row_all['document_name'];
$document_name = htmlentities($row_all['document_name']);
if(in_array($document_id, $selected_ids)){
echo "<option value=\"$document_id\" selected>$document_name</option>";
@ -194,7 +194,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$asset_id = $row_all['asset_id'];
$asset_name = $row_all['asset_name'];
$asset_name = htmlentities($row_all['asset_name']);
if(in_array($asset_id, $selected_ids)){
echo "<option value=\"$asset_id\" selected>$asset_name</option>";
@ -220,7 +220,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$login_id = $row_all['login_id'];
$login_name = $row_all['login_name'];
$login_name = htmlentities($row_all['login_name']);
if(in_array($login_id, $selected_ids)){
echo "<option value=\"$login_id\" selected>$login_name</option>";
@ -251,7 +251,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$domain_id = $row_all['domain_id'];
$domain_name = $row_all['domain_name'];
$domain_name = htmlentities($row_all['domain_name']);
if(in_array($domain_id, $selected_ids)){
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
@ -277,7 +277,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$cert_id = $row_all['certificate_id'];
$cert_name = $row_all['certificate_name'];
$cert_name = htmlentities($row_all['certificate_name']);
if(in_array($cert_id, $selected_ids)){
echo "<option value=\"$cert_id\" selected>$cert_name</option>";

73
client_services.php
View File

@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$service_id = $row['service_id'];
$service_name = $row['service_name'];
$service_description = $row['service_description'];
$service_category = $row['service_category'];
$service_importance = $row['service_importance'];
$service_backup = $row['service_backup'];
$service_notes = $row['service_notes'];
$service_name = htmlentities($row['service_name']);
$service_description = htmlentities($row['service_description']);
$service_category = htmlentities($row['service_category']);
$service_importance = htmlentities($row['service_importance']);
$service_backup = htmlentities($row['service_backup']);
$service_notes = htmlentities($row['service_notes']);
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
@ -109,32 +109,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
// Associated Assets (and their logins/networks/locations)
$sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets
LEFT JOIN assets
ON service_assets.asset_id = assets.asset_id
LEFT JOIN logins
ON service_assets.asset_id = logins.login_asset_id
LEFT JOIN networks
ON assets.asset_network_id = networks.network_id
LEFT JOIN locations
ON assets.asset_location_id = locations.location_id
WHERE service_id = '$service_id'");
LEFT JOIN assets
ON service_assets.asset_id = assets.asset_id
LEFT JOIN logins
ON service_assets.asset_id = logins.login_asset_id
LEFT JOIN networks
ON assets.asset_network_id = networks.network_id
LEFT JOIN locations
ON assets.asset_location_id = locations.location_id
WHERE service_id = '$service_id'"
);
// Associated logins
$sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins
LEFT JOIN logins
ON service_logins.login_id = logins.login_id
WHERE service_id = '$service_id'");
LEFT JOIN logins
ON service_logins.login_id = logins.login_id
WHERE service_id = '$service_id'"
);
// Associated Domains
$sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains
LEFT JOIN domains
ON service_domains.domain_id = domains.domain_id
WHERE service_id = '$service_id'");
LEFT JOIN domains
ON service_domains.domain_id = domains.domain_id
WHERE service_id = '$service_id'"
);
// Associated Certificates
$sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates
LEFT JOIN certificates
ON service_certificates.certificate_id = certificates.certificate_id
WHERE service_id = '$service_id'");
LEFT JOIN certificates
ON service_certificates.certificate_id = certificates.certificate_id
WHERE service_id = '$service_id'"
);
// Associated URLs ---- REMOVED for now
//$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
@ -142,21 +146,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
// Associated Vendors
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors
LEFT JOIN vendors
ON service_vendors.vendor_id = vendors.vendor_id
WHERE service_id = '$service_id'");
LEFT JOIN vendors
ON service_vendors.vendor_id = vendors.vendor_id
WHERE service_id = '$service_id'"
);
// Associated Contacts
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts
LEFT JOIN contacts
ON service_contacts.contact_id = contacts.contact_id
WHERE service_id = '$service_id'");
LEFT JOIN contacts
ON service_contacts.contact_id = contacts.contact_id
WHERE service_id = '$service_id'"
);
// Associated Documents
$sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents
LEFT JOIN documents
ON service_documents.document_id = documents.document_id
WHERE service_id = '$service_id'");
LEFT JOIN documents
ON service_documents.document_id = documents.document_id
WHERE service_id = '$service_id'"
);
include("client_service_edit_modal.php");
include("client_service_view_modal.php");

18
client_shared_items.php
View File

@ -69,30 +69,30 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$item_id = $row['item_id'];
$item_active = $row['item_active'];
$item_key = $row['item_key'];
$item_type = $row['item_type'];
$item_active = htmlentities($row['item_active']);
$item_key = htmlentities($row['item_key']);
$item_type = htmlentities($row['item_type']);
$item_related_id = $row['item_related_id'];
$item_note = $row['item_note'];
$item_views = $row['item_views'];
$item_view_limit = $row['item_view_limit'];
$item_note = htmlentities($row['item_note']);
$item_views = htmlentities($row['item_views']);
$item_view_limit = htmlentities($row['item_view_limit']);
$item_created_at = $row['item_created_at'];
$item_expire_at = $row['item_expire_at'];
if($item_type == 'Login'){
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql);
$item_name = $share_item['login_name'];
$item_name = htmlentities($share_item['login_name']);
}
elseif($item_type == 'Document'){
$share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql);
$item_name = $share_item['document_name'];
$item_name = htmlentities($share_item['document_name']);
}
elseif($item_type == 'File'){
$share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
$share_item = mysqli_fetch_array($share_item_sql);
$item_name = $share_item['file_name'];
$item_name = htmlentities($share_item['file_name']);
}

18
client_software.php
View File

@ -68,20 +68,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$software_id = $row['software_id'];
$software_name = $row['software_name'];
$software_version = $row['software_version'];
$software_type = $row['software_type'];
$software_license_type = $row['software_license_type'];
$software_key = $row['software_key'];
$software_seats = $row['software_seats'];
$software_name = htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']);
$software_purchase = $row['software_purchase'];
$software_expire = $row['software_expire'];
$software_notes = $row['software_notes'];
$software_notes = htmlentities($row['software_notes']);
// Get Login
$login_id = $row['login_id'];
$login_username = $row['login_username'];
$login_password = decryptLoginEntry($row['login_password']);
$login_username = htmlentities($row['login_username']);
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
$seat_count = 0;

10
client_software_add_modal.php
View File

@ -140,9 +140,9 @@
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
$asset_type = $row['asset_type'];
$contact_name = $row['contact_name'];
$asset_name = htmlentities($row['asset_name']);
$asset_type = htmlentities($row['asset_type']);
$contact_name = htmlentities($row['contact_name']);
?>
<li class="list-group-item">
@ -173,8 +173,8 @@
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
$contact_name = htmlentities($row['contact_name']);
$contact_email = htmlentities($row['contact_email']);
?>
<li class="list-group-item">

10
client_software_edit_modal.php
View File

@ -140,9 +140,9 @@
while($row = mysqli_fetch_array($sql_assets_select)){
$asset_id_select = $row['asset_id'];
$asset_name_select = $row['asset_name'];
$asset_type_select = $row['asset_type'];
$contact_name_select = $row['contact_name'];
$asset_name_select = htmlentities($row['asset_name']);
$asset_type_select = htmlentities($row['asset_type']);
$contact_name_select = htmlentities($row['contact_name']);
?>
<li class="list-group-item">
@ -173,8 +173,8 @@
while($row = mysqli_fetch_array($sql_contacts_select)){
$contact_id_select = $row['contact_id'];
$contact_name_select = $row['contact_name'];
$contact_email_select = $row['contact_email'];
$contact_name_select = htmlentities($row['contact_name']);
$contact_email_select = htmlentities($row['contact_email']);
?>
<li class="list-group-item">

30
client_tickets.php
View File

@ -82,12 +82,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$ticket_id = $row['ticket_id'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_details = $row['ticket_details'];
$ticket_priority = $row['ticket_priority'];
$ticket_status = $row['ticket_status'];
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = $row['ticket_created_at'];
$ticket_updated_at = $row['ticket_updated_at'];
if (empty($ticket_updated_at)) {
@ -128,26 +128,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
}
} else {
$ticket_assigned_to_display = $row['user_name'];
$ticket_assigned_to_display = htmlentities($row['user_name']);
}
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
if(empty($contact_name)){
$contact_display = "-";
}else{
$contact_display = "$contact_name<br><small class='text-secondary'>$contact_email</small>";
}
$contact_title = $row['contact_title'];
$contact_email = $row['contact_email'];
$contact_phone = $row['contact_phone'];
if(strlen($contact_phone)>2){
$contact_phone = substr($row['contact_phone'],0,3)."-".substr($row['contact_phone'],3,3)."-".substr($row['contact_phone'],6,4);
}
$contact_extension = $row['contact_extension'];
$contact_mobile = $row['contact_mobile'];
if(strlen($contact_mobile)>2){
$contact_mobile = substr($row['contact_mobile'],0,3)."-".substr($row['contact_mobile'],3,3)."-".substr($row['contact_mobile'],6,4);
}
$contact_title = htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
?>

12
client_trips.php
View File

@ -88,12 +88,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$trip_id = $row['trip_id'];
$trip_date = $row['trip_date'];
$trip_purpose = $row['trip_purpose'];
$trip_source = $row['trip_source'];
$trip_destination = $row['trip_destination'];
$trip_miles = $row['trip_miles'];
$trip_purpose = htmlentities($row['trip_purpose']);
$trip_source = htmlentities($row['trip_source']);
$trip_destination = htmlentities($row['trip_destination']);
$trip_miles = htmlentities($row['trip_miles']);
$trip_user_id = $row['trip_user_id'];
$round_trip = $row['round_trip'];
$round_trip = htmlentities($row['round_trip']);
$client_id = $row['trip_client_id'];
if($round_trip == 1){
@ -101,7 +101,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$round_trip_display = "";
}
$user_name = $row['user_name'];
$user_name = htmlentities($row['user_name']);
if(empty($user_name)){
$user_name_display = "-";
}else{

22
client_vendors.php
View File

@ -77,28 +77,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_description = $row['vendor_description'];
$vendor_name = htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']);
if(empty($vendor_description)){
$vendor_description_display = "-";
}else{
$vendor_description_display = $vendor_description;
}
$vendor_account_number = $row['vendor_account_number'];
$vendor_contact_name = $row['vendor_contact_name'];
$vendor_account_number = htmlentities($row['vendor_account_number']);
$vendor_contact_name = htmlentities($row['vendor_contact_name']);
if(empty($vendor_contact_name)){
$vendor_contact_name_display = "-";
}else{
$vendor_contact_name_display = $vendor_contact_name;
}
$vendor_phone = formatPhoneNumber($row['vendor_phone']);
$vendor_extension = $row['vendor_extension'];
$vendor_email = $row['vendor_email'];
$vendor_website = $row['vendor_website'];
$vendor_hours = $row['vendor_hours'];
$vendor_sla = $row['vendor_sla'];
$vendor_code = $row['vendor_code'];
$vendor_notes = $row['vendor_notes'];
$vendor_extension = htmlentities($row['vendor_extension']);
$vendor_email = htmlentities($row['vendor_email']);
$vendor_website = htmlentities($row['vendor_website']);
$vendor_hours = htmlentities($row['vendor_hours']);
$vendor_sla = htmlentities($row['vendor_sla']);
$vendor_code = htmlentities($row['vendor_code']);
$vendor_notes = htmlentities($row['vendor_notes']);
$vendor_template_id = $row['vendor_template_id'];
?>

38
clients.php
View File

@ -177,31 +177,31 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_type = $row['client_type'];
$client_name = htmlentities($row['client_name']);
$client_type = htmlentities($row['client_type']);
$location_id = $row['location_id'];
$location_country = $row['location_country'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$location_country = htmlentities($row['location_country']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
if(empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)){
$location_address_display = "-";
}else{
$location_address_display = "$location_address<br>$location_city $location_state $location_zip";
}
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_referral = $row['client_referral'];
$client_notes = $row['client_notes'];
$contact_email = htmlentities($row['contact_email']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
$client_referral = htmlentities($row['client_referral']);
$client_notes = htmlentities($row['client_notes']);
$client_created_at = $row['client_created_at'];
$client_updated_at = $row['client_updated_at'];
$client_archive_at = $row['client_archived_at'];
@ -214,9 +214,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql_client_tags)){
$client_tag_id = $row['tag_id'];
$client_tag_name = $row['tag_name'];
$client_tag_color = $row['tag_color'];
$client_tag_icon = $row['tag_icon'];
$client_tag_name = htmlentities($row['tag_name']);
$client_tag_color = htmlentities($row['tag_color']);
$client_tag_icon = htmlentities($row['tag_icon']);
if(empty($client_tag_icon)){
$client_tag_icon = "tag";
}

24
companies.php
View File

@ -52,20 +52,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
$company_locale = $row['company_locale'];
$company_currency = $row['company_currency'];
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
$company_locale = htmlentities($row['company_locale']);
$company_currency = htmlentities($row['company_currency']);
$company_initials = initials($company_name);
$company_initials = htmlentities(initials($company_name));

40
dashboard_financial.php
View File

@ -334,7 +334,7 @@ $vendors_added = $row['vendors_added'];
<?php
while($row = mysqli_fetch_array($sql_accounts)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
$opening_balance = $row['opening_balance'];
?>
@ -394,10 +394,10 @@ $vendors_added = $row['vendors_added'];
<?php
while($row = mysqli_fetch_array($sql_latest_invoice_payments)){
$payment_date = $row['payment_date'];
$payment_amount = $row['payment_amount'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$client_name = $row['client_name'];
$payment_amount = htmlentities($row['payment_amount']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$client_name = htmlentities($row['client_name']);
?>
<tr>
<td><?php echo $payment_date; ?></td>
@ -437,9 +437,9 @@ $vendors_added = $row['vendors_added'];
<?php
while($row = mysqli_fetch_array($sql_latest_expenses)){
$expense_date = $row['expense_date'];
$expense_amount = $row['expense_amount'];
$vendor_name = $row['vendor_name'];
$category_name = $row['category_name'];
$expense_amount = htmlentities($row['expense_amount']);
$vendor_name = htmlentities($row['vendor_name']);
$category_name = htmlentities($row['category_name']);
?>
<tr>
@ -741,8 +741,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_categories)){
$category_name = $row['category_name'];
echo "\"$category_name\",";
$category_name = json_encode($row['category_name']);
echo "$category_name,";
}
?>
@ -768,8 +768,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_categories)){
$category_color = $row['category_color'];
echo "\"$category_color\",";
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
?>
@ -798,8 +798,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_categories)){
$category_name = $row['category_name'];
echo "\"$category_name\",";
$category_name = json_encode($row['category_name']);
echo "$category_name,";
}
?>
@ -825,8 +825,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_categories)){
$category_color = $row['category_color'];
echo "\"$category_color\",";
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
?>
@ -851,8 +851,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_vendors = mysqli_query($mysqli,"SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_name = $row['vendor_name'];
echo "\"$vendor_name\",";
$vendor_name = json_encode($row['vendor_name']);
echo "$vendor_name,";
}
?>
@ -878,8 +878,8 @@ var myPieChart = new Chart(ctx, {
<?php
$sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_categories)){
$category_color = $row['category_color'];
echo "\"$category_color\",";
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
?>

8
expense_add_modal.php
View File

@ -46,8 +46,8 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$opening_balance = $row['opening_balance'];
$account_name = htmlentities($row['account_name']);
$opening_balance = htmlentities($row['opening_balance']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
@ -86,7 +86,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -121,7 +121,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

8
expense_copy_modal.php
View File

@ -47,8 +47,8 @@
$sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql_accounts)){
$account_id_select = $row['account_id'];
$account_name_select = $row['account_name'];
$opening_balance = $row['opening_balance'];
$account_name_select = htmlentities($row['account_name']);
$opening_balance = htmlentities($row['opening_balance']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_payments);
@ -85,7 +85,7 @@
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $session_company_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if($expense_vendor_id == $vendor_id_select){ ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php
@ -117,7 +117,7 @@
$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_categories)){
$category_id_select = $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($expense_category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php

8
expense_edit_modal.php
View File

@ -49,8 +49,8 @@
$sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql_accounts)){
$account_id_select = $row['account_id'];
$account_name_select = $row['account_name'];
$opening_balance = $row['opening_balance'];
$account_name_select = htmlentities($row['account_name']);
$opening_balance = htmlentities($row['opening_balance']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_payments);
@ -88,7 +88,7 @@
$sql_select = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) AND company_id = $session_company_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_select)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if($expense_vendor_id == $vendor_id_select){ ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php
@ -123,7 +123,7 @@
$sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_select)){
$category_id_select = $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($expense_category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php

16
expenses.php
View File

@ -149,17 +149,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$expense_id = $row['expense_id'];
$expense_date = $row['expense_date'];
$expense_amount = $row['expense_amount'];
$expense_currency_code = $row['expense_currency_code'];
$expense_description = $row['expense_description'];
$expense_receipt = $row['expense_receipt'];
$expense_reference = $row['expense_reference'];
$expense_amount = htmlentities($row['expense_amount']);
$expense_currency_code = htmlentities($row['expense_currency_code']);
$expense_description = htmlentities($row['expense_description']);
$expense_receipt = htmlentities($row['expense_receipt']);
$expense_reference = htmlentities($row['expense_reference']);
$expense_created_at = $row['expense_created_at'];
$expense_vendor_id = $row['expense_vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
$expense_category_id = $row['expense_category_id'];
$category_name = $row['category_name'];
$account_name = $row['account_name'];
$category_name = htmlentities($row['category_name']);
$account_name = htmlentities($row['account_name']);
$expense_account_id = $row['expense_account_id'];
if(empty($expense_receipt)){

40
global_search.php
View File

@ -48,9 +48,9 @@ if(isset($_GET['query'])){
while($row = mysqli_fetch_array($sql_clients)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
$location_phone = formatPhoneNumber($row['location_phone']);
$client_website = $row['client_website'];
$client_website = htmlentities($row['client_website']);
?>
<tr>
@ -94,15 +94,15 @@ if(isset($_GET['query'])){
while($row = mysqli_fetch_array($sql_contacts)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
$contact_email = htmlentities($row['contact_email']);
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$contact_department = $row['contact_department'];
$client_name = htmlentities($row['client_name']);
$contact_department = htmlentities($row['contact_department']);
?>
<tr>
@ -147,8 +147,8 @@ if(isset($_GET['query'])){
<?php
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_name = $row['vendor_name'];
$vendor_description = $row['vendor_description'];
$vendor_name = htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']);
$vendor_phone = formatPhoneNumber($row['vendor_phone']);
?>
<tr>
@ -189,8 +189,8 @@ if(isset($_GET['query'])){
<?php
while($row = mysqli_fetch_array($sql_products)){
$product_name = $row['product_name'];
$product_description = $row['product_description'];
$product_name = htmlentities($row['product_name']);
$product_description = htmlentities($row['product_description']);
?>
<tr>
<td><a href="products.php?q=<?php echo $q ?>"><?php echo $product_name; ?></a></td>
@ -230,9 +230,9 @@ if(isset($_GET['query'])){
<?php
while($row = mysqli_fetch_array($sql_documents)){
$document_name = $row['document_name'];
$document_name = htmlentities($row['document_name']);
$document_client_id = $row['document_client_id'];
$document_client = $row['client_name'];
$document_client = htmlentities($row['client_name']);
$document_updated = $row['document_updated_at'];
?>
@ -276,9 +276,9 @@ if(isset($_GET['query'])){
while($row = mysqli_fetch_array($sql_tickets)){
$ticket_id = $row['ticket_id'];
$ticket_subject = $row['ticket_subject'];
$ticket_client = $row['client_name'];
$ticket_status = $row['ticket_status'];
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_client = htmlentities($row['client_name']);
$ticket_status = htmlentities($row['ticket_status']);
?>
<tr>
@ -321,10 +321,10 @@ if(isset($_GET['query'])){
<?php
while($row = mysqli_fetch_array($sql_logins)){
$login_name = $row['login_name'];
$login_name = htmlentities($row['login_name']);
$login_client_id = $row['login_client_id'];
$login_username = $row['login_username'];
$login_password = decryptLoginEntry($row['login_password']);
$login_username = htmlentities($row['login_username']);
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
?>
<tr>

250
guest_view_invoice.php
View File

@ -21,45 +21,45 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_note = $row['invoice_note'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = $row['invoice_category_id'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_logo = $row['company_logo'];
$company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']);
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$company_locale = $row['company_locale'];
$config_invoice_footer = $row['config_invoice_footer'];
$company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
@ -216,8 +216,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
while($row = mysqli_fetch_array($sql_invoice_items)){
$item_id = $row['item_id'];
$item_name = $row['item_name'];
$item_description = $row['item_description'];
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_price'];
@ -300,8 +300,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
var docDefinition = {
info: {
title: '<?php echo "$company_name - Invoice"; ?>',
author: '<?php echo $company_name; ?>'
title: <?php echo json_encode(html_entity_decode($company_name) . "- Invoice") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?>
},
//watermark: {text: '<?php echo $invoice_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@ -312,7 +312,7 @@ var docDefinition = {
columns: [
<?php if(!empty($company_logo_base64)){ ?>
{
image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
width: 120
},
<?php } ?>
@ -324,7 +324,7 @@ var docDefinition = {
width: '*'
},
{
text: '<?php echo "$invoice_prefix$invoice_number"; ?>',
text: <?php echo json_encode(html_entity_decode("$invoice_prefix$invoice_number")) ?>,
style: 'invoiceNumber',
width: '*'
},
@ -335,12 +335,12 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode($company_name); ?>,
style:'invoiceBillingTitle',
text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
style: 'invoiceBillingTitle',
},
{
text: <?php echo json_encode($client_name); ?>,
style:'invoiceBillingTitleClient',
text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
style: 'invoiceBillingTitleClient',
},
]
},
@ -348,11 +348,11 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
style: 'invoiceBillingAddress'
},
{
text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
style: 'invoiceBillingAddressClient'
},
]
@ -369,7 +369,7 @@ var docDefinition = {
// Total
[
{
text:'',
text: '',
rowSpan: 3
},
{},
@ -378,23 +378,23 @@ var docDefinition = {
[
{},
{
text:'Invoice Date',
style:'invoiceDateTitle',
text: 'Invoice Date',
style: 'invoiceDateTitle'
},
{
text:'<?php echo $invoice_date ?>',
style:'invoiceDateValue',
text: <?php echo json_encode($invoice_date) ?>,
style: 'invoiceDateValue'
},
],
[
{},
{
text:'Due Date',
style:'invoiceDateTitle',
text: 'Due Date',
style: 'invoiceDateTitle'
},
{
text:'<?php echo $invoice_due ?>',
style:'invoiceDateValue',
text: <?php echo json_encode($invoice_due) ?>,
style: 'invoiceDateValue'
},
],
]
@ -459,29 +459,29 @@ var docDefinition = {
[
[
{
text: <?php echo json_encode($item_name); ?>,
text: <?php echo json_encode($item_name) ?>,
style:'itemTitle'
},
{
text: <?php echo json_encode($item_description); ?>,
text: <?php echo json_encode($item_description) ?>,
style:'itemDescription'
}
],
{
text:'<?php echo $item_quantity; ?>',
style:'itemQty'
text: <?php echo json_encode($item_quantity) ?>,
style: 'itemQty'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_price, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $invoice_currency_code)) ?>,
style: 'itemNumber'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code)) ?>,
style: 'itemNumber'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $invoice_currency_code)) ?>,
style: 'itemNumber'
}
],
@ -506,7 +506,7 @@ var docDefinition = {
[
{
text: 'Notes',
style:'notesTitle'
style: 'notesTitle'
},
{},
{}
@ -514,61 +514,61 @@ var docDefinition = {
[
{
rowSpan: 5,
text: <?php echo json_encode($invoice_note); ?>,
style:'notesText'
text: <?php echo json_encode(html_entity_decode($invoice_note)) ?>,
style: 'notesText'
},
{
text:'Subtotal',
style:'itemsFooterSubTitle'
text: 'Subtotal',
style: 'itemsFooterSubTitle'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Tax',
style:'itemsFooterSubTitle'
text: 'Tax',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Total',
style:'itemsFooterSubTitle'
text: 'Total',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Paid',
style:'itemsFooterSubTitle'
text: 'Paid',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Balance',
style:'itemsFooterTotalTitle'
text: 'Balance',
style: 'itemsFooterTotalTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $balance, $invoice_currency_code); ?>',
text: <?php echo json_encode(numfmt_format_currency($currency_format, $balance, $invoice_currency_code)) ?>,
style:'itemsFooterTotalTitle'
style: 'itemsFooterTotalTitle'
}
],
]
@ -577,7 +577,7 @@ var docDefinition = {
},
// TERMS / FOOTER
{
text: <?php echo json_encode("$config_invoice_footer"); ?>,
text: <?php echo json_encode(html_entity_decode($config_invoice_footer)) ?>,
style: 'documentFooterCenter'
}
], //End Content,
@ -586,32 +586,32 @@ var docDefinition = {
documentFooterCenter: {
fontSize: 9,
margin: [10,50,10,10],
alignment:'center'
alignment: 'center'
},
// Invoice Title
invoiceTitle: {
fontSize: 18,
bold: true,
alignment:'right',
margin:[0,0,0,3]
alignment: 'right',
margin: [0,0,0,3]
},
// Invoice Number
invoiceNumber: {
fontSize: 14,
alignment:'right'
alignment: 'right'
},
// Billing Headers
invoiceBillingTitle: {
fontSize: 14,
bold: true,
alignment:'left',
margin:[0,20,0,5]
alignment: 'left',
margin: [0,20,0,5]
},
invoiceBillingTitleClient: {
fontSize: 14,
bold: true,
alignment:'right',
margin:[0,20,0,5]
alignment: 'right',
margin: [0,20,0,5]
},
// Billing Details
invoiceBillingAddress: {
@ -621,26 +621,26 @@ var docDefinition = {
invoiceBillingAddressClient: {
fontSize: 10,
lineHeight: 1.2,
alignment:'right',
margin:[0,0,0,30]
alignment: 'right',
margin: [0,0,0,30]
},
// Invoice Dates
invoiceDateTitle: {
fontSize: 10,
alignment:'left',
margin:[0,5,0,5]
alignment: 'left',
margin: [0,5,0,5]
},
invoiceDateValue: {
fontSize: 10,
alignment:'right',
margin:[0,5,0,5]
alignment: 'right',
margin: [0,5,0,5]
},
// Items Header
itemsHeader: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right'
alignment: 'right'
},
// Item Title
itemTitle: {
@ -657,61 +657,61 @@ var docDefinition = {
itemQty: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'center',
alignment: 'center'
},
itemNumber: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'right',
alignment: 'right'
},
itemTotal: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment: 'right',
alignment: 'right'
},
// Items Footer (Subtotal, Total, Tax, etc)
itemsFooterSubTitle: {
fontSize: 10,
margin: [0,5,0,5],
alignment:'right',
alignment: 'right'
},
itemsFooterSubValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: false,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalTitle: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
notesTitle: {
fontSize: 10,
bold: true,
margin: [0,5,0,5],
margin: [0,5,0,5]
},
notesText: {
fontSize: 9,
margin: [0,5,50,5]
},
left: {
alignment:'left',
alignment: 'left'
},
center: {
alignment:'center',
alignment: 'center'
},
},
defaultStyle: {
columnGap: 20,
columnGap: 20
}
}
</script>
@ -744,13 +744,13 @@ var docDefinition = {
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_url_key = $row['invoice_url_key'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = time() - strtotime($invoice_due);
$days = floor($difference / (60*60*24) );
@ -804,13 +804,13 @@ var docDefinition = {
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_url_key = $row['invoice_url_key'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = strtotime($invoice_due) - time();
$days = floor($difference / (60*60*24) );
@ -865,13 +865,13 @@ var docDefinition = {
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_url_key = $row['invoice_url_key'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
?>
@ -894,10 +894,10 @@ var docDefinition = {
while($row = mysqli_fetch_array($sql_payments)){
$payment_id = $row['payment_id'];
$payment_date = $row['payment_date'];
$payment_amount = $row['payment_amount'];
$payment_currency_code = $row['payment_currency_code'];
$payment_method = $row['payment_method'];
$payment_reference = $row['payment_reference'];
$payment_amount = htmlentities($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
$payment_method = htmlentities($row['payment_method']);
$payment_reference = htmlentities($row['payment_reference']);
if(strtotime($payment_date) > strtotime($invoice_due)){
$payment_note = "Late";
$difference = strtotime($payment_date) - strtotime($invoice_due);

18
guest_view_item.php
View File

@ -41,10 +41,10 @@ if($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit'])
echo "<div class=\"alert alert-warning\" role=\"alert\">You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
$item_type = $row['item_type'];
$item_type = htmlentities($row['item_type']);
$item_related_id = $row['item_related_id'];
$item_encrypted_credential = $row['item_encrypted_credential'];
$item_note = $row['item_note'];
$item_encrypted_credential = htmlentities($row['item_encrypted_credential']);
$item_note = htmlentities($row['item_note']);
$item_views = intval($row['item_views']);
$item_created = $row['item_created_at'];
$item_expire = $row['item_expire_at'];
@ -60,7 +60,7 @@ if($item_type == "Document"){
exit();
}
$doc_title = $doc_row['document_name'];
$doc_title = htmlentities($doc_row['document_name']);
$doc_content = $doc_row['document_content'];
echo "<h3>A document has been shared with you</h3>";
@ -89,7 +89,7 @@ elseif($item_type == "File"){
exit();
}
$file_name = $file_row['file_name'];
$file_name = htmlentities($file_row['file_name']);
echo "<h3>A file has been shared with you</h3>";
if(!empty($item_note)){
@ -110,14 +110,14 @@ elseif($item_type == "Login"){
exit();
}
$login_name = $login_row['login_name'];
$login_uri = $login_row['login_uri'];
$login_username = $login_row['login_username'];
$login_name = htmlentities($login_row['login_name']);
$login_uri = htmlentities($login_row['login_uri']);
$login_username = htmlentities($login_row['login_username']);
$login_iv = substr($row['item_encrypted_credential'], 0, 16);
$login_ciphertext = substr($row['item_encrypted_credential'], 16);
$login_password = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $encryption_key,0, $login_iv);
$login_otp = $login_row['login_otp_secret'];
$login_notes = $login_row['login_note'];
$login_notes = htmlentities($login_row['login_note']);
echo "<h3>A login entry has been shared with you</h3>";
if(!empty($item_note)){

186
guest_view_quote.php
View File

@ -22,44 +22,44 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
$row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id'];
$quote_prefix = $row['quote_prefix'];
$quote_number = $row['quote_number'];
$quote_status = $row['quote_status'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = $row['quote_amount'];
$quote_currency_code = $row['quote_currency_code'];
$quote_note = $row['quote_note'];
$quote_amount = htmlentities($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']);
$category_id = $row['category_id'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_logo = $row['company_logo'];
$company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']);
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$company_locale = $row['company_locale'];
$config_quote_footer = $row['config_quote_footer'];
$company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']);
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@ -170,8 +170,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
while($row = mysqli_fetch_array($sql_items)){
$item_id = $row['item_id'];
$item_name = $row['item_name'];
$item_description = $row['item_description'];
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_price'];
@ -255,8 +255,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
var docDefinition = {
info: {
title: '<?php echo "$company_name - Quote"; ?>',
author: '<?php echo $company_name; ?>'
title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?>
},
//watermark: {text: '<?php echo $quote_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@ -267,7 +267,7 @@ var docDefinition = {
columns: [
<?php if(!empty($company_logo_base64)){ ?>
{
image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
width: 120
},
<?php } ?>
@ -279,7 +279,7 @@ var docDefinition = {
width: '*'
},
{
text: '<?php echo "$quote_prefix$quote_number"; ?>',
text: <?php echo json_encode(html_entity_decode("$quote_prefix$quote_number")) ?>,
style: 'invoiceNumber',
width: '*'
},
@ -290,12 +290,12 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode($company_name); ?>,
style:'invoiceBillingTitle',
text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
style: 'invoiceBillingTitle'
},
{
text: <?php echo json_encode($client_name); ?>,
style:'invoiceBillingTitleClient',
text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
style: 'invoiceBillingTitleClient'
},
]
},
@ -303,11 +303,11 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
style: 'invoiceBillingAddress'
},
{
text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
style: 'invoiceBillingAddressClient'
},
]
@ -324,7 +324,7 @@ var docDefinition = {
// Total
[
{
text:'',
text: '',
rowSpan: 2
},
{},
@ -333,12 +333,12 @@ var docDefinition = {
[
{},
{
text:'Quote Date',
style:'invoiceDateTitle',
text: 'Quote Date',
style: 'invoiceDateTitle'
},
{
text:'<?php echo $quote_date ?>',
style:'invoiceDateValue',
text: <?php echo json_encode($quote_date) ?>,
style: 'invoiceDateValue'
},
],
]
@ -403,29 +403,29 @@ var docDefinition = {
[
[
{
text: <?php echo json_encode($item_name); ?>,
style:'itemTitle'
text: <?php echo json_encode($item_name) ?>,
style: 'itemTitle'
},
{
text: <?php echo json_encode($item_description); ?>,
style:'itemDescription'
text: <?php echo json_encode($item_description) ?>,
style: 'itemDescription'
}
],
{
text:'<?php echo $item_quantity; ?>',
style:'itemQty'
text: <?php echo $item_quantity ?>,
style: 'itemQty'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_price, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $quote_currency_code)) ?>,
style: 'itemNumber'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $quote_currency_code)) ?>,
style: 'itemNumber'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $item_total, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $quote_currency_code)) ?>,
style: 'itemNumber'
}
],
@ -458,38 +458,38 @@ var docDefinition = {
[
{
rowSpan: 3,
text: <?php echo json_encode($quote_note); ?>,
style:'notesText'
text: <?php echo json_encode(html_entity_decode($quote_note)) ?>,
style: 'notesText'
},
{
text:'Subtotal',
style:'itemsFooterSubTitle'
text: 'Subtotal',
style: 'itemsFooterSubTitle'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Tax',
style:'itemsFooterSubTitle'
text: 'Tax',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Total',
style:'itemsFooterSubTitle'
text: 'Total',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
]
@ -507,32 +507,32 @@ var docDefinition = {
documentFooterCenter: {
fontSize: 9,
margin: [10,50,10,10],
alignment:'center'
alignment: 'center'
},
// Invoice Title
invoiceTitle: {
fontSize: 18,
bold: true,
alignment:'right',
margin:[0,0,0,3]
alignment: 'right',
margin: [0,0,0,3]
},
// Invoice Number
invoiceNumber: {
fontSize: 14,
alignment:'right'
alignment: 'right'
},
// Billing Headers
invoiceBillingTitle: {
fontSize: 14,
bold: true,
alignment:'left',
margin:[0,20,0,5]
alignment: 'left',
margin: [0,20,0,5]
},
invoiceBillingTitleClient: {
fontSize: 14,
bold: true,
alignment:'right',
margin:[0,20,0,5]
alignment: 'right',
margin: [0,20,0,5]
},
// Billing Details
invoiceBillingAddress: {
@ -542,26 +542,26 @@ var docDefinition = {
invoiceBillingAddressClient: {
fontSize: 10,
lineHeight: 1.2,
alignment:'right',
margin:[0,0,0,30]
alignment: 'right',
margin: [0,0,0,30]
},
// Invoice Dates
invoiceDateTitle: {
fontSize: 10,
alignment:'left',
margin:[0,5,0,5]
alignment: 'left',
margin: [0,5,0,5]
},
invoiceDateValue: {
fontSize: 10,
alignment:'right',
margin:[0,5,0,5]
alignment: 'right',
margin: [0,5,0,5]
},
// Items Header
itemsHeader: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right'
alignment: 'right'
},
// Item Title
itemTitle: {
@ -578,57 +578,57 @@ var docDefinition = {
itemQty: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'center',
alignment: 'center'
},
itemNumber: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'right',
alignment: 'right'
},
itemTotal: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment: 'right',
alignment: 'right'
},
// Items Footer (Subtotal, Total, Tax, etc)
itemsFooterSubTitle: {
fontSize: 10,
margin: [0,5,0,5],
alignment:'right',
alignment: 'right'
},
itemsFooterSubValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: false,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalTitle: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
notesTitle: {
fontSize: 10,
bold: true,
margin: [0,5,0,5],
margin: [0,5,0,5]
},
notesText: {
fontSize: 9,
margin: [0,5,50,5]
},
left: {
alignment:'left',
alignment: 'left'
},
center: {
alignment:'center',
alignment: 'center'
},
},
defaultStyle: {

36
inc_all_client.php
View File

@ -27,33 +27,33 @@ if(isset($_GET['client_id'])){
}else{
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$client_type = $row['client_type'];
$client_website = $row['client_website'];
$client_referral = $row['client_referral'];
$client_currency_code = $row['client_currency_code'];
$client_name = htmlentities($row['client_name']);
$client_type = htmlentities($row['client_type']);
$client_website = htmlentities($row['client_website']);
$client_referral = htmlentities($row['client_referral']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = $row['client_net_terms'];
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$client_notes = $row['client_notes'];
$client_notes = htmlentities($row['client_notes']);
$client_created_at = $row['client_created_at'];
$primary_contact = $row['primary_contact'];
$primary_location = $row['primary_location'];
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_title = $row['contact_title'];
$contact_email = $row['contact_email'];
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = $row['contact_phone'];
$contact_extension = $row['contact_extension'];
$contact_mobile = $row['contact_mobile'];
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$location_country = $row['location_country'];
$location_name = htmlentities($row['location_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$location_country = htmlentities($row['location_country']);
$location_phone = $row['location_phone'];
//Client Tags
@ -64,9 +64,9 @@ if(isset($_GET['client_id'])){
while($row = mysqli_fetch_array($sql_client_tags)){
$client_tag_id = $row['tag_id'];
$client_tag_name = $row['tag_name'];
$client_tag_color = $row['tag_color'];
$client_tag_icon = $row['tag_icon'];
$client_tag_name = htmlentities($row['tag_name']);
$client_tag_color = htmlentities($row['tag_color']);
$client_tag_icon = htmlentities($row['tag_icon']);
if(empty($client_tag_icon)){
$client_tag_icon = "tag";
}

11
inc_client_top_head.php
View File

@ -103,15 +103,14 @@ $location_phone = formatPhoneNumber($location_phone);
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export Data PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export Data PDF<br><small class="text-secondary">(with passwords)</small></a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit Client</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive Client</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete Client</a>
</div>
</div>
<?php } ?>

250
invoice.php
View File

@ -20,45 +20,45 @@ if(isset($_GET['invoice_id'])){
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_scope = $row['invoice_scope'];
$invoice_status = $row['invoice_status'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_note = $row['invoice_note'];
$invoice_url_key = $row['invoice_url_key'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_created_at = $row['invoice_created_at'];
$category_id = $row['invoice_category_id'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
@ -257,13 +257,13 @@ if(isset($_GET['invoice_id'])){
while($row = mysqli_fetch_array($sql_invoice_items)){
$item_id = $row['item_id'];
$item_name = $row['item_name'];
$item_description = $row['item_description'];
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_price'];
$item_tax = $row['item_tax'];
$item_total = $row['item_total'];
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = htmlentities($row['item_quantity']);
$item_price = htmlentities($row['item_price']);
$item_subtotal = htmlentities($row['item_price']);
$item_tax = htmlentities($row['item_tax']);
$item_total = htmlentities($row['item_total']);
$item_created_at = $row['item_created_at'];
$tax_id = $row['item_tax_id'];
$total_tax = $item_tax + $total_tax;
@ -308,8 +308,8 @@ if(isset($_GET['invoice_id'])){
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
while($row = mysqli_fetch_array($taxes_sql)){
$tax_id = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_percent = $row['tax_percent'];
$tax_name = htmlentities($row['tax_name']);
$tax_percent = htmlentities($row['tax_percent']);
?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@ -378,7 +378,7 @@ if(isset($_GET['invoice_id'])){
<hr class="d-none d-print-block mt-5">
<center class="d-none d-print-block" style="white-space:pre-line"><?php echo $config_invoice_footer; ?></center>
<center class="d-none d-print-block" style="white-space:pre-line"><?php echo htmlentities($config_invoice_footer); ?></center>
</div>
</div>
@ -410,8 +410,8 @@ if(isset($_GET['invoice_id'])){
while($row = mysqli_fetch_array($sql_history)){
$history_created_at = $row['history_created_at'];
$history_status = $row['history_status'];
$history_description = $row['history_description'];
$history_status = htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']);
?>
<tr>
@ -459,10 +459,10 @@ if(isset($_GET['invoice_id'])){
while($row = mysqli_fetch_array($sql_payments)){
$payment_id = $row['payment_id'];
$payment_date = $row['payment_date'];
$payment_amount = $row['payment_amount'];
$payment_currency_code = $row['payment_currency_code'];
$payment_reference = $row['payment_reference'];
$account_name = $row['account_name'];
$payment_amount = htmlentities($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
$payment_reference = htmlentities($row['payment_reference']);
$account_name = htmlentities($row['account_name']);
?>
<tr>
@ -524,8 +524,8 @@ include("footer.php");
var docDefinition = {
info: {
title: '<?php echo "$company_name - Invoice"; ?>',
author: '<?php echo $company_name; ?>'
title: <?php echo json_encode(html_entity_decode($company_name) . "- Invoice") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?>
},
//watermark: {text: '<?php echo $invoice_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@ -536,7 +536,7 @@ var docDefinition = {
columns: [
<?php if(!empty($company_logo_base64)){ ?>
{
image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
width: 120
},
<?php } ?>
@ -548,7 +548,7 @@ var docDefinition = {
width: '*'
},
{
text: <?php echo json_encode("$invoice_prefix$invoice_number"); ?>,
text: <?php echo json_encode(html_entity_decode("$invoice_prefix$invoice_number")) ?>,
style: 'invoiceNumber',
width: '*'
},
@ -559,12 +559,12 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode($company_name); ?>,
style:'invoiceBillingTitle',
text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
style: 'invoiceBillingTitle',
},
{
text: <?php echo json_encode($client_name); ?>,
style:'invoiceBillingTitleClient',
text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
style: 'invoiceBillingTitleClient',
},
]
},
@ -572,11 +572,11 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
style: 'invoiceBillingAddress'
},
{
text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
style: 'invoiceBillingAddressClient'
},
]
@ -593,7 +593,7 @@ var docDefinition = {
// Total
[
{
text:'',
text: '',
rowSpan: 3
},
{},
@ -602,23 +602,23 @@ var docDefinition = {
[
{},
{
text:'Invoice Date',
style:'invoiceDateTitle',
text: 'Invoice Date',
style: 'invoiceDateTitle'
},
{
text:<?php echo json_encode($invoice_date); ?>,
style:'invoiceDateValue',
text: <?php echo json_encode($invoice_date) ?>,
style: 'invoiceDateValue'
},
],
[
{},
{
text:'Due Date',
style:'invoiceDateTitle',
text: 'Due Date',
style: 'invoiceDateTitle'
},
{
text:<?php echo json_encode($invoice_due); ?>,
style:'invoiceDateValue',
text: <?php echo json_encode($invoice_due) ?>,
style: 'invoiceDateValue'
},
],
]
@ -683,29 +683,29 @@ var docDefinition = {
[
[
{
text: <?php echo json_encode($item_name); ?>,
style:'itemTitle'
text: <?php echo json_encode($item_name) ?>,
style: 'itemTitle'
},
{
text: <?php echo json_encode($item_description); ?>,
style:'itemDescription'
text: <?php echo json_encode($item_description) ?>,
style: 'itemDescription'
}
],
{
text:'<?php echo $item_quantity; ?>',
style:'itemQty'
text: <?php echo json_encode($item_quantity) ?>,
style: 'itemQty'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_price, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $invoice_currency_code)) ?>,
style: 'itemNumber'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code)) ?>,
style: 'itemNumber'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $invoice_currency_code)) ?>,
style: 'itemNumber'
}
],
@ -730,7 +730,7 @@ var docDefinition = {
[
{
text: 'Notes',
style:'notesTitle'
style: 'notesTitle'
},
{},
{}
@ -738,61 +738,61 @@ var docDefinition = {
[
{
rowSpan: 5,
text: <?php echo json_encode($invoice_note); ?>,
style:'notesText'
text: <?php echo json_encode(html_entity_decode($invoice_note)) ?>,
style: 'notesText'
},
{
text:'Subtotal',
style:'itemsFooterSubTitle'
text: 'Subtotal',
style: 'itemsFooterSubTitle'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Tax',
style:'itemsFooterSubTitle'
text: 'Tax',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Total',
style:'itemsFooterSubTitle'
text: 'Total',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Paid',
style:'itemsFooterSubTitle'
text: 'Paid',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Balance',
style:'itemsFooterTotalTitle'
text: 'Balance',
style: 'itemsFooterTotalTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $balance, $invoice_currency_code); ?>',
text: <?php echo json_encode(numfmt_format_currency($currency_format, $balance, $invoice_currency_code)) ?>,
style:'itemsFooterTotalTitle'
style: 'itemsFooterTotalTitle'
}
],
]
@ -801,7 +801,7 @@ var docDefinition = {
},
// TERMS / FOOTER
{
text: <?php echo json_encode("$config_invoice_footer"); ?>,
text: <?php echo json_encode($config_invoice_footer) ?>,
style: 'documentFooterCenter'
}
], //End Content,
@ -810,32 +810,32 @@ var docDefinition = {
documentFooterCenter: {
fontSize: 9,
margin: [10,50,10,10],
alignment:'center',
alignment: 'center',
},
// Invoice Title
invoiceTitle: {
fontSize: 18,
bold: true,
alignment:'right',
margin:[0,0,0,3]
alignment: 'right',
margin: [0,0,0,3]
},
// Invoice Number
invoiceNumber: {
fontSize: 14,
alignment:'right'
alignment: 'right'
},
// Billing Headers
invoiceBillingTitle: {
fontSize: 14,
bold: true,
alignment:'left',
margin:[0,20,0,5]
alignment: 'left',
margin: [0,20,0,5]
},
invoiceBillingTitleClient: {
fontSize: 14,
bold: true,
alignment:'right',
margin:[0,20,0,5]
alignment: 'right',
margin: [0,20,0,5]
},
// Billing Details
invoiceBillingAddress: {
@ -845,26 +845,26 @@ var docDefinition = {
invoiceBillingAddressClient: {
fontSize: 10,
lineHeight: 1.2,
alignment:'right',
margin:[0,0,0,30]
alignment: 'right',
margin: [0,0,0,30]
},
// Invoice Dates
invoiceDateTitle: {
fontSize: 10,
alignment:'left',
margin:[0,5,0,5]
alignment: 'left',
margin: [0,5,0,5]
},
invoiceDateValue: {
fontSize: 10,
alignment:'right',
margin:[0,5,0,5]
alignment: 'right',
margin: [0,5,0,5]
},
// Items Header
itemsHeader: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right'
alignment: 'right'
},
// Item Title
itemTitle: {
@ -881,61 +881,61 @@ var docDefinition = {
itemQty: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'center',
alignment: 'center'
},
itemNumber: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'right',
alignment: 'right'
},
itemTotal: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment: 'right',
alignment: 'right'
},
// Items Footer (Subtotal, Total, Tax, etc)
itemsFooterSubTitle: {
fontSize: 10,
margin: [0,5,0,5],
alignment:'right',
alignment:'right'
},
itemsFooterSubValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: false,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalTitle: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
notesTitle: {
fontSize: 10,
bold: true,
margin: [0,5,0,5],
margin: [0,5,0,5]
},
notesText: {
fontSize: 9,
margin: [0,5,50,5]
},
left: {
alignment:'left',
alignment: 'left'
},
center: {
alignment:'center',
alignment: 'center'
},
},
defaultStyle: {
columnGap: 20,
columnGap: 20
}
}
</script>
</script>

4
invoice_add_modal.php
View File

@ -27,7 +27,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@ -63,7 +63,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

2
invoice_edit_modal.php
View File

@ -45,7 +45,7 @@
$sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_income_category)){
$category_id_select= $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($category_id == $category_id_select){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>

20
invoices.php
View File

@ -267,26 +267,26 @@
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_scope = $row['invoice_scope'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
if(empty($invoice_scope)){
$invoice_scope_display = "-";
}else{
$invoice_scope_display = $invoice_scope;
}
$invoice_status = $row['invoice_status'];
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = $row['invoice_amount'];
$invoice_currency_code = $row['invoice_currency_code'];
$invoice_amount = htmlentities($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_created_at = $row['invoice_created_at'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$category_name = htmlentities($row['category_name']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}

10
logs.php
View File

@ -136,20 +136,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_type = htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']);
$log_ip = htmlentities($row['log_ip']);
$log_user_agent = $row['log_user_agent'];
$log_user_agent = htmlentities($row['log_user_agent']);
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$user_name = $row['user_name'];
$user_name = htmlentities($row['user_name']);
if(empty($user_name)){
$user_name_display = "-";
}else{
$user_name_display = $user_name;
}
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
if(empty($client_name)){
$client_name_display = "-";

6
notifications.php
View File

@ -34,10 +34,10 @@ $sql = mysqli_query($mysqli,"SELECT * FROM notifications LEFT JOIN clients ON no
while($row = mysqli_fetch_array($sql)){
$notification_id = $row['notification_id'];
$notification_type = $row['notification_type'];
$notification = $row['notification'];
$notification_type = htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']);
$notification_timestamp = $row['notification_timestamp'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
if(empty($client_name)){
$client_name_display = "-";

8
notifications_dismissed.php
View File

@ -90,11 +90,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$notification_id = $row['notification_id'];
$notification_timestamp = $row['notification_timestamp'];
$notification_type = $row['notification_type'];
$notification = $row['notification'];
$notification_type = htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']);
$notification_dismissed_at = $row['notification_dismissed_at'];
$user_name = $row['user_name'];
$client_name = $row['client_name'];
$user_name = htmlentities($row['user_name']);
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
if(empty($client_name)){
$client_name_display = "-";

18
payments.php
View File

@ -139,23 +139,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$invoice_id = $row['invoice_id'];
$invoice_prefix = $row['invoice_prefix'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$payment_date = $row['payment_date'];
$payment_method = $row['payment_method'];
$payment_amount = $row['payment_amount'];
$payment_currency_code = $row['payment_currency_code'];
$payment_reference = $row['payment_reference'];
$payment_method = htmlentities($row['payment_method']);
$payment_amount = htmlentities($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
$payment_reference = htmlentities($row['payment_reference']);
if(empty($payment_reference)){
$payment_reference_display = "-";
}else{
$payment_reference_display = $payment_reference;
}
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$account_name = $row['account_name'];
$client_name = htmlentities($row['client_name']);
$account_name = htmlentities($row['account_name']);
?>

BIN
plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/4.14.0,4114918a13a428a8482a8a449792a5a8747582b5,1.ser Normal file
View File

Binary file not shown.

BIN
plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/4.14.0,b359e061fc6632c745df51b43504cb541c9339de,1.ser Normal file
View File

Binary file not shown.

6
product_add_modal.php
View File

@ -27,7 +27,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@ -64,8 +64,8 @@
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_archived_at IS NULL AND company_id = $session_company_id ORDER BY tax_name ASC");
while($row = mysqli_fetch_array($taxes_sql)){
$tax_id = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_percent = $row['tax_percent'];
$tax_name = htmlentities($row['tax_name']);
$tax_percent = htmlentities($row['tax_percent']);
?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

6
product_edit_modal.php
View File

@ -27,7 +27,7 @@
$sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$product_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id");
while($row = mysqli_fetch_array($sql_select)){
$category_id_select = $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($category_id == $category_id_select){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
<?php
@ -64,8 +64,8 @@
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE (tax_archived_at > '$product_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC");
while($row = mysqli_fetch_array($taxes_sql)){
$tax_id_select = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_percent = $row['tax_percent'];
$tax_name = htmlentities($row['tax_name']);
$tax_percent = htmlentities($row['tax_percent']);
?>
<option <?php if($tax_id_select == $product_tax_id){ echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

6
products.php
View File

@ -64,11 +64,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$product_description_display = "<div style='white-space:pre-line'>$product_description</div>";
}
$product_price = $row['product_price'];
$product_currency_code = $row['product_currency_code'];
$product_price = htmlentities($row['product_price']);
$product_currency_code = htmlentities($row['product_currency_code']);
$product_created_at = $row['product_created_at'];
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
$product_tax_id = $row['product_tax_id'];
?>

214
quote.php
View File

@ -16,44 +16,44 @@ if(isset($_GET['quote_id'])){
$row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id'];
$quote_prefix = $row['quote_prefix'];
$quote_number = $row['quote_number'];
$quote_scope = $row['quote_scope'];
$quote_status = $row['quote_status'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = $row['quote_amount'];
$quote_currency_code = $row['quote_currency_code'];
$quote_note = $row['quote_note'];
$quote_url_key = $row['quote_url_key'];
$quote_amount = htmlentities($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']);
$quote_url_key = htmlentities($row['quote_url_key']);
$quote_created_at = $row['quote_created_at'];
$category_id = $row['quote_category_id'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
@ -221,13 +221,13 @@ if(isset($_GET['quote_id'])){
while($row = mysqli_fetch_array($sql_items)){
$item_id = $row['item_id'];
$item_name = $row['item_name'];
$item_description = $row['item_description'];
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_price'];
$item_tax = $row['item_tax'];
$item_total = $row['item_total'];
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = htmlentities($row['item_quantity']);
$item_price = htmlentities($row['item_price']);
$item_subtotal = htmlentities($row['item_price']);
$item_tax = htmlentities($row['item_tax']);
$item_total = htmlentities($row['item_total']);
$item_created_at = $row['item_created_at'];
$tax_id = $row['item_tax_id'];
$total_tax = $item_tax + $total_tax;
@ -272,8 +272,8 @@ if(isset($_GET['quote_id'])){
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
while($row = mysqli_fetch_array($taxes_sql)){
$tax_id = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_percent = $row['tax_percent'];
$tax_name = htmlentities($row['tax_name']);
$tax_percent = htmlentities($row['tax_percent']);
?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@ -337,7 +337,7 @@ if(isset($_GET['quote_id'])){
<hr class="d-none d-print-block mt-5">
<center class="d-none d-print-block" style="white-space:pre-line"><?php echo $config_quote_footer; ?></center>
<center class="d-none d-print-block" style="white-space:pre-line"><?php echo htmlentities($config_quote_footer); ?></center>
</div>
</div>
@ -369,8 +369,8 @@ if(isset($_GET['quote_id'])){
while($row = mysqli_fetch_array($sql_history)){
$history_created_at = $row['history_created_at'];
$history_status = $row['history_status'];
$history_description = $row['history_description'];
$history_status = htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']);
?>
<tr>
@ -429,8 +429,8 @@ include("footer.php");
var docDefinition = {
info: {
title: '<?php echo "$company_name - Quote"; ?>',
author: '<?php echo $company_name; ?>'
title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?>
},
//watermark: {text: '<?php echo $quote_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@ -441,7 +441,7 @@ var docDefinition = {
columns: [
<?php if(!empty($company_logo_base64)){ ?>
{
image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
width: 120
},
<?php } ?>
@ -453,7 +453,7 @@ var docDefinition = {
width: '*'
},
{
text: '<?php echo "$quote_prefix$quote_number"; ?>',
text: <?php echo json_encode("$quote_prefix$quote_number") ?>,
style: 'invoiceNumber',
width: '*'
},
@ -464,12 +464,12 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode($company_name); ?>,
style:'invoiceBillingTitle',
text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
style: 'invoiceBillingTitle'
},
{
text: <?php echo json_encode($client_name); ?>,
style:'invoiceBillingTitleClient',
text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
style: 'invoiceBillingTitleClient'
},
]
},
@ -477,11 +477,11 @@ var docDefinition = {
{
columns: [
{
text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
style: 'invoiceBillingAddress'
},
{
text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
style: 'invoiceBillingAddressClient'
},
]
@ -498,7 +498,7 @@ var docDefinition = {
// Total
[
{
text:'',
text: '',
rowSpan: 2
},
{},
@ -507,12 +507,12 @@ var docDefinition = {
[
{},
{
text:'Quote Date',
style:'invoiceDateTitle',
text: 'Quote Date',
style: 'invoiceDateTitle'
},
{
text:'<?php echo $quote_date ?>',
style:'invoiceDateValue',
text: <?php echo json_encode($quote_date) ?>,
style: 'invoiceDateValue'
},
],
]
@ -577,29 +577,29 @@ var docDefinition = {
[
[
{
text: <?php echo json_encode($item_name); ?>,
style:'itemTitle'
text: <?php echo json_encode($item_name) ?>,
style: 'itemTitle'
},
{
text: <?php echo json_encode($item_description); ?>,
style:'itemDescription'
text: <?php echo json_encode($item_description) ?>,
style: 'itemDescription'
}
],
{
text:'<?php echo $item_quantity; ?>',
style:'itemQty'
text: <?php echo json_encode($item_quantity) ?>,
style: 'itemQty'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_price, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $quote_currency_code)) ?>,
style: 'itemNumber'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $quote_currency_code)) ?>,
style: 'itemNumber'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $item_total, $quote_currency_code); ?>',
style:'itemNumber'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $quote_currency_code)) ?>,
style: 'itemNumber'
}
],
@ -624,7 +624,7 @@ var docDefinition = {
[
{
text: 'Notes',
style:'notesTitle'
style: 'notesTitle'
},
{},
{}
@ -632,38 +632,38 @@ var docDefinition = {
[
{
rowSpan: 3,
text: <?php echo json_encode($quote_note); ?>,
style:'notesText'
text: <?php echo json_encode(html_entity_decode($quote_note)) ?>,
style: 'notesText'
},
{
text:'Subtotal',
style:'itemsFooterSubTitle'
text: 'Subtotal',
style: 'itemsFooterSubTitle'
},
{
text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Tax',
style:'itemsFooterSubTitle'
text: 'Tax',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
[
{},
{
text:'Total',
style:'itemsFooterSubTitle'
text: 'Total',
style: 'itemsFooterSubTitle'
},
{
text: '<?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?>',
style:'itemsFooterSubValue'
text: <?php echo json_encode(numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code)) ?>,
style: 'itemsFooterSubValue'
}
],
]
@ -672,7 +672,7 @@ var docDefinition = {
},
// TERMS / FOOTER
{
text: <?php echo json_encode("$config_quote_footer"); ?>,
text: <?php echo json_encode($config_quote_footer) ?>,
style: 'documentFooterCenter'
}
], //End Content,
@ -681,14 +681,14 @@ var docDefinition = {
documentFooterCenter: {
fontSize: 9,
margin: [10,50,10,10],
alignment:'center'
alignment: 'center'
},
// Invoice Title
invoiceTitle: {
fontSize: 18,
bold: true,
alignment:'right',
margin:[0,0,0,3]
alignment: 'right',
margin: [0,0,0,3]
},
// Invoice Number
invoiceNumber: {
@ -699,14 +699,14 @@ var docDefinition = {
invoiceBillingTitle: {
fontSize: 14,
bold: true,
alignment:'left',
margin:[0,20,0,5]
alignment: 'left',
margin: [0,20,0,5]
},
invoiceBillingTitleClient: {
fontSize: 14,
bold: true,
alignment:'right',
margin:[0,20,0,5]
alignment: 'right',
margin: [0,20,0,5]
},
// Billing Details
invoiceBillingAddress: {
@ -716,26 +716,26 @@ var docDefinition = {
invoiceBillingAddressClient: {
fontSize: 10,
lineHeight: 1.2,
alignment:'right',
margin:[0,0,0,30]
alignment: 'right',
margin: [0,0,0,30]
},
// Invoice Dates
invoiceDateTitle: {
fontSize: 10,
alignment:'left',
margin:[0,5,0,5]
alignment: 'left',
margin: [0,5,0,5]
},
invoiceDateValue: {
fontSize: 10,
alignment:'right',
margin:[0,5,0,5]
alignment: 'right',
margin: [0,5,0,5]
},
// Items Header
itemsHeader: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right'
alignment: 'right'
},
// Item Title
itemTitle: {
@ -752,61 +752,61 @@ var docDefinition = {
itemQty: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'center',
alignment: 'center'
},
itemNumber: {
fontSize: 10,
margin: [0,5,0,5],
alignment: 'right',
alignment: 'right'
},
itemTotal: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment: 'right',
alignment: 'right'
},
// Items Footer (Subtotal, Total, Tax, etc)
itemsFooterSubTitle: {
fontSize: 10,
margin: [0,5,0,5],
alignment:'right',
alignment: 'right'
},
itemsFooterSubValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: false,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalTitle: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
itemsFooterTotalValue: {
fontSize: 10,
margin: [0,5,0,5],
bold: true,
alignment:'right',
alignment: 'right'
},
notesTitle: {
fontSize: 10,
bold: true,
margin: [0,5,0,5],
margin: [0,5,0,5]
},
notesText: {
fontSize: 9,
margin: [0,5,50,5]
},
left: {
alignment:'left',
alignment: 'left'
},
center: {
alignment:'center',
alignment: 'center'
},
},
defaultStyle: {
columnGap: 20,
columnGap: 20
}
}
</script>

4
quote_add_modal.php
View File

@ -28,7 +28,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
@ -64,7 +64,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

2
quote_edit_modal.php
View File

@ -35,7 +35,7 @@
$sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$quote_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_income_category)){
$category_id_select = $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($category_id_select == $category_id){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>

18
quotes.php
View File

@ -140,25 +140,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$quote_id = $row['quote_id'];
$quote_prefix = $row['quote_prefix'];
$quote_number = $row['quote_number'];
$quote_scope = $row['quote_scope'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']);
if(empty($quote_scope)){
$quote_scope_display = "-";
}else{
$quote_scope_display = $quote_scope;
}
$quote_status = $row['quote_status'];
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = $row['quote_amount'];
$quote_currency_code = $row['quote_currency_code'];
$quote_amount = htmlentities($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_created_at = $row['quote_created_at'];
$client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']);
$client_currency_code = $row['client_currency_code'];
$client_currency_code = htmlentities($row['client_currency_code']);
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$client_net_terms = $row['client_net_terms'];
$category_name = htmlentities($row['category_name']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}

82
recurring_invoice.php
View File

@ -16,35 +16,35 @@ if(isset($_GET['recurring_id'])){
$row = mysqli_fetch_array($sql);
$recurring_id = $row['recurring_id'];
$recurring_prefix = $row['recurring_prefix'];
$recurring_number = $row['recurring_number'];
$recurring_scope = $row['recurring_scope'];
$recurring_frequency = $row['recurring_frequency'];
$recurring_status = $row['recurring_status'];
$recurring_prefix = htmlentities($row['recurring_prefix']);
$recurring_number = htmlentities($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']);
$recurring_created_at = $row['recurring_created_at'];
$recurring_last_sent = $row['recurring_last_sent'];
if($recurring_last_sent == 0){
$recurring_last_sent = '-';
}
$recurring_next_date = $row['recurring_next_date'];
$recurring_amount = $row['recurring_amount'];
$recurring_currency_code = $row['recurring_currency_code'];
$recurring_note = $row['recurring_note'];
$recurring_amount = htmlentities($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
$recurring_note = htmlentities($row['recurring_note']);
$recurring_created_at = $row['recurring_created_at'];
$category_id = $row['recurring_category_id'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$location_address = $row['location_address'];
$location_city = $row['location_city'];
$location_state = $row['location_state'];
$location_zip = $row['location_zip'];
$contact_email = $row['contact_email'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = $row['contact_extension'];
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = $row['client_website'];
$client_currency_code = $row['client_currency_code'];
$client_net_terms = $row['client_net_terms'];
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if($recurring_status == 1){
$status = "Active";
@ -54,16 +54,16 @@ if(isset($_GET['recurring_id'])){
$status_badge_color = "secondary";
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
$company_city = $row['company_city'];
$company_state = $row['company_state'];
$company_zip = $row['company_zip'];
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = $row['company_email'];
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_recurring_id = $recurring_id ORDER BY history_id DESC");
@ -192,13 +192,13 @@ if(isset($_GET['recurring_id'])){
while($row = mysqli_fetch_array($sql_items)){
$item_id = $row['item_id'];
$item_name = $row['item_name'];
$item_description = $row['item_description'];
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_price'];
$item_tax = $row['item_tax'];
$item_total = $row['item_total'];
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = htmlentities($row['item_quantity']);
$item_price = htmlentities($row['item_price']);
$item_subtotal = htmlentities($row['item_price']);
$item_tax = htmlentities($row['item_tax']);
$item_total = htmlentities($row['item_total']);
$item_created_at = $row['item_created_at'];
$tax_id = $row['item_tax_id'];
$total_tax = $item_tax + $total_tax;
@ -243,8 +243,8 @@ if(isset($_GET['recurring_id'])){
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
while($row = mysqli_fetch_array($taxes_sql)){
$tax_id = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_percent = $row['tax_percent'];
$tax_name = htmlentities($row['tax_name']);
$tax_percent = htmlentities($row['tax_percent']);
?>
<option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@ -288,17 +288,17 @@ if(isset($_GET['recurring_id'])){
<tbody>
<tr class="border-bottom">
<td>Subtotal</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $recurring_currency_code); ?></td>
<td class="text-right"><?php echo htmlentities(numfmt_format_currency($currency_format, $sub_total, $recurring_currency_code)); ?></td>
</tr>
<?php if($total_tax > 0){ ?>
<tr class="border-bottom">
<td>Tax</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $total_tax, $recurring_currency_code); ?></td>
<td class="text-right"><?php echo htmlentities(numfmt_format_currency($currency_format, $total_tax, $recurring_currency_code)); ?></td>
</tr>
<?php } ?>
<tr class="border-bottom">
<td><strong>Amount</strong></td>
<td class="text-right"><strong><?php echo numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code); ?></strong></td>
<td class="text-right"><strong><?php echo htmlentities(numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code)); ?></strong></td>
</tr>
</tbody>
</table>
@ -334,8 +334,8 @@ if(isset($_GET['recurring_id'])){
while($row = mysqli_fetch_array($sql_history)){
$history_created_at = $row['history_created_at'];
$history_status = $row['history_status'];
$history_description = $row['history_description'];
$history_status = htmlentities($row['history_status']);
$history_description = htmlentities($row['history_description']);
?>
<tr>

4
recurring_invoice_add_modal.php
View File

@ -27,7 +27,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@ -78,7 +78,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

2
recurring_invoice_edit_modal.php
View File

@ -42,7 +42,7 @@
$sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$recurring_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_income_category)){
$category_id_select= $row['category_id'];
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>

20
recurring_invoices.php
View File

@ -143,24 +143,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$recurring_id = $row['recurring_id'];
$recurring_prefix = $row['recurring_prefix'];
$recurring_number = $row['recurring_number'];
$recurring_scope = $row['recurring_scope'];
$recurring_frequency = $row['recurring_frequency'];
$recurring_status = $row['recurring_status'];
$recurring_prefix = htmlentities($row['recurring_prefix']);
$recurring_number = htmlentities($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']);
$recurring_last_sent = $row['recurring_last_sent'];
if($recurring_last_sent == 0){
$recurring_last_sent = "-";
}
$recurring_next_date = $row['recurring_next_date'];
$recurring_amount = $row['recurring_amount'];
$recurring_currency_code = $row['recurring_currency_code'];
$recurring_amount = htmlentities($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
$recurring_created_at = $row['recurring_created_at'];
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_currency_code = $row['client_currency_code'];
$client_name = htmlentities($row['client_name']);
$client_currency_code = htmlentities($row['client_currency_code']);
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
if($recurring_status == 1){
$status = "Active";
$status_badge_color = "success";

2
report_expense_by_vendor.php
View File

@ -55,7 +55,7 @@ $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $s
<?php
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
$vendor_name = htmlentities($row['vendor_name']);
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS amount_paid FROM expenses WHERE YEAR(expense_date) = $year AND expense_vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql_amount_paid);

2
report_expense_summary.php
View File

@ -74,7 +74,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
<?php
while($row = mysqli_fetch_array($sql_categories)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<tr>

2
report_income_by_client.php
View File

@ -55,7 +55,7 @@ $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $s
<?php
while($row = mysqli_fetch_array($sql_clients)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
$row = mysqli_fetch_array($sql_amount_paid);

2
report_income_summary.php
View File

@ -74,7 +74,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
<?php
while($row = mysqli_fetch_array($sql_categories)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>

4
report_profit_loss.php
View File

@ -61,7 +61,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
<?php
while($row = mysqli_fetch_array($sql_categories_income)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<tr>
@ -268,7 +268,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
<?php
while($row = mysqli_fetch_array($sql_categories_expense)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<tr>

2
report_tax_summary.php
View File

@ -54,7 +54,7 @@ $sql_tax = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session
<?php
while($row = mysqli_fetch_array($sql_tax)){
$tax_id = $row['tax_id'];
$tax_name = $row['tax_name'];
$tax_name = htmlentities($row['tax_name']);
?>
<tr>

8
revenue_add_modal.php
View File

@ -64,8 +64,8 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$opening_balance = $row['opening_balance'];
$account_name = htmlentities($row['account_name']);
$opening_balance = htmlentities($row['opening_balance']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
@ -104,7 +104,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@ -139,7 +139,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option><?php echo "$category_name"; ?></option>

8
revenue_edit_modal.php
View File

@ -65,8 +65,8 @@
$sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE (account_archived_at > '$revenue_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql_accounts)){
$account_id_select = $row['account_id'];
$account_name_select = $row['account_name'];
$opening_balance = $row['opening_balance'];
$account_name_select = htmlentities($row['account_name']);
$opening_balance = htmlentities($row['opening_balance']);
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_payments);
@ -105,7 +105,7 @@
$sql_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$revenue_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_category)){
$category_id_select = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>
<option <?php if($category_id_select == $category_id){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name; ?></option>
@ -140,7 +140,7 @@
$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND (category_archived_at > '$revenue_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql_categories)){
$category_name_select = $row['category_name'];
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if($revenue_payment_method == $category_name_select){ echo "selected"; } ?>><?php echo "$category_name_select"; ?></option>

14
revenues.php
View File

@ -139,22 +139,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while($row = mysqli_fetch_array($sql)){
$revenue_id = $row['revenue_id'];
$revenue_description = $row['revenue_description'];
$revenue_reference = $row['revenue_reference'];
$revenue_description = htmlentities($row['revenue_description']);
$revenue_reference = htmlentities($row['revenue_reference']);
if(empty($revenue_reference)){
$revenue_reference_display = "-";
}else{
$revenue_reference_display = $revenue_reference;
}
$revenue_date = $row['revenue_date'];
$revenue_payment_method = $row['revenue_payment_method'];
$revenue_amount = $row['revenue_amount'];
$revenue_currency_code = $row['revenue_currency_code'];
$revenue_payment_method = htmlentities($row['revenue_payment_method']);
$revenue_amount = htmlentities($row['revenue_amount']);
$revenue_currency_code = htmlentities($row['revenue_currency_code']);
$revenue_created_at = $row['revenue_created_at'];
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
$category_id = $row['category_id'];
$category_name = $row['category_name'];
$category_name = htmlentities($row['category_name']);
?>

6
scheduled_ticket_add_modal.php
View File

@ -24,7 +24,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>" <?php if($primary_contact == $contact_id){ echo "selected"; } ?>><?php echo "$contact_name"; ?></option>
@ -48,7 +48,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@ -123,7 +123,7 @@
$sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while($row = mysqli_fetch_array($sql_assets)){
$asset_id_select = $row['asset_id'];
$asset_name_select = $row['asset_name'];
$asset_name_select = htmlentities($row['asset_name']);
?>
<option value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>

2
scheduled_ticket_edit_modal.php
View File

@ -9,7 +9,7 @@
</div>
<form action="post.php" method="post" autocomplete="off">
<div class="modal-body bg-white">
<input type="hidden" name="ticket_id" id="editTicketId"">
<input type="hidden" name="ticket_id" id="editTicketId">
<input type="hidden" name="client_id" id="editClientId">
<div class="form-group">

8
scheduled_tickets.php
View File

@ -66,11 +66,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) {
$scheduled_ticket_id = $row['scheduled_ticket_id'];
$scheduled_ticket_client_id = $row['client_id'];
$scheduled_ticket_subject = $row['scheduled_ticket_subject'];
$scheduled_ticket_priority = $row['scheduled_ticket_priority'];
$scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
$scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
$scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
$scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
$scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
$scheduled_ticket_client_name = $row['client_name'];
$scheduled_ticket_client_name = htmlentities($row['client_name']);
?>
<tr>

2
settings_alerts.php
View File

@ -30,7 +30,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-bell"></i></span>
</div>
<input type="text" class="form-control" name="config_invoice_overdue_reminders" placeholder="Send After Due Days" value="<?php echo $config_invoice_overdue_reminders; ?>">
<input type="text" class="form-control" name="config_invoice_overdue_reminders" placeholder="Send After Due Days" value="<?php echo htmlentities($config_invoice_overdue_reminders); ?>">
</div>
</div>

6
settings_api.php
View File

@ -53,8 +53,8 @@
while($row = mysqli_fetch_array($sql)){
$api_key_id = $row['api_key_id'];
$api_key_name = $row['api_key_name'];
$api_key_secret = "************" . substr($row['api_key_secret'], -4);
$api_key_name = htmlentities($row['api_key_name']);
$api_key_secret = htmlentities("************" . substr($row['api_key_secret'], -4));
$api_key_created_at = $row['api_key_created_at'];
$api_key_expire = $row['api_key_expire'];
if($api_key_expire < date("Y-m-d H:i:s")){
@ -65,7 +65,7 @@
$api_key_client = "<i>All Clients</i>";
}
else{
$api_key_client = $row['client_name'];
$api_key_client = htmlentities($row['client_name']);
}
?>

14
settings_defaults.php
View File

@ -20,7 +20,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
?>
<option <?php if($config_default_transfer_from_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@ -45,7 +45,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
?>
<option <?php if($config_default_transfer_to_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@ -70,7 +70,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
?>
<option <?php if($config_default_payment_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@ -95,7 +95,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while($row = mysqli_fetch_array($sql)){
$account_id = $row['account_id'];
$account_name = $row['account_name'];
$account_name = htmlentities($row['account_name']);
?>
<option <?php if($config_default_expense_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@ -119,7 +119,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$payment_method = $row['category_name'];
$payment_method = htmlentities($row['category_name']);
?>
<option <?php if($config_default_payment_method == $payment_method){ echo "selected"; } ?>><?php echo $payment_method; ?></option>
@ -143,7 +143,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id ORDER BY category_name ASC");
while($row = mysqli_fetch_array($sql)){
$payment_method = $row['category_name'];
$payment_method = htmlentities($row['category_name']);
?>
<option <?php if($config_default_expense_payment_method == $payment_method){ echo "selected"; } ?>><?php echo $payment_method; ?></option>
@ -168,7 +168,7 @@
$sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC");
while($row = mysqli_fetch_array($sql)){
$calendar_id = $row['calendar_id'];
$calendar_name = $row['calendar_name'];
$calendar_name = htmlentities($row['calendar_name']);
?>
<option <?php if($config_default_calendar == $calendar_id){ echo "selected"; } ?> value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>

Some files were not shown because too many files have changed in this diff Show More