diff --git a/accounts.php b/accounts.php index 0540b9c0..95cbe117 100644 --- a/accounts.php +++ b/accounts.php @@ -30,7 +30,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- +
@@ -52,10 +52,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); while ($row = mysqli_fetch_array($sql)) { $account_id = intval($row['account_id']); - $account_name = htmlentities($row['account_name']); + $account_name = nullable_htmlentities($row['account_name']); $opening_balance = floatval($row['opening_balance']); - $account_currency_code = htmlentities($row['account_currency_code']); - $account_notes = htmlentities($row['account_notes']); + $account_currency_code = nullable_htmlentities($row['account_currency_code']); + $account_notes = nullable_htmlentities($row['account_notes']); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id"); $row = mysqli_fetch_array($sql_payments); diff --git a/ajax.php b/ajax.php index d52ad331..09b90ab0 100644 --- a/ajax.php +++ b/ajax.php @@ -205,10 +205,10 @@ if (isset($_GET['ticket_query_views'])) { $users = array_unique($users); if (count($users) > 1) { // Multiple viewers - $response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket."); + $response['message'] = nullable_htmlentities(implode(", ", $users) . " are viewing this ticket."); } else { // Single viewer - $response['message'] = htmlentities(implode("", $users) . " is viewing this ticket."); + $response['message'] = nullable_htmlentities(implode("", $users) . " is viewing this ticket."); } } else { // No viewers diff --git a/clients.php b/clients.php index 61dee692..e16d6a23 100644 --- a/clients.php +++ b/clients.php @@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- +
@@ -83,13 +83,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- +
- +
@@ -112,36 +112,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); while ($row = mysqli_fetch_array($sql)) { $client_id = intval($row['client_id']); - $client_name = htmlentities($row['client_name']); - $client_type = htmlentities($row['client_type']); + $client_name = nullable_htmlentities($row['client_name']); + $client_type = nullable_htmlentities($row['client_type']); $location_id = intval($row['location_id']); - $location_country = htmlentities($row['location_country']); - $location_address = htmlentities($row['location_address']); - $location_city = htmlentities($row['location_city']); - $location_state = htmlentities($row['location_state']); - $location_zip = htmlentities($row['location_zip']); + $location_country = nullable_htmlentities($row['location_country']); + $location_address = nullable_htmlentities($row['location_address']); + $location_city = nullable_htmlentities($row['location_city']); + $location_state = nullable_htmlentities($row['location_state']); + $location_zip = nullable_htmlentities($row['location_zip']); if (empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)) { $location_address_display = "-"; } else { $location_address_display = "$location_address
$location_city $location_state $location_zip"; } $contact_id = intval($row['contact_id']); - $contact_name = htmlentities($row['contact_name']); - $contact_title = htmlentities($row['contact_title']); + $contact_name = nullable_htmlentities($row['contact_name']); + $contact_title = nullable_htmlentities($row['contact_title']); $contact_phone = formatPhoneNumber($row['contact_phone']); - $contact_extension = htmlentities($row['contact_extension']); + $contact_extension = nullable_htmlentities($row['contact_extension']); $contact_mobile = formatPhoneNumber($row['contact_mobile']); - $contact_email = htmlentities($row['contact_email']); - $client_website = htmlentities($row['client_website']); + $contact_email = nullable_htmlentities($row['contact_email']); + $client_website = nullable_htmlentities($row['client_website']); $client_rate = floatval($row['client_rate']); - $client_currency_code = htmlentities($row['client_currency_code']); + $client_currency_code = nullable_htmlentities($row['client_currency_code']); $client_net_terms = intval($row['client_net_terms']); - $client_tax_id_number = htmlentities($row['client_tax_id_number']); - $client_referral = htmlentities($row['client_referral']); - $client_notes = htmlentities($row['client_notes']); + $client_tax_id_number = nullable_htmlentities($row['client_tax_id_number']); + $client_referral = nullable_htmlentities($row['client_referral']); + $client_notes = nullable_htmlentities($row['client_notes']); $client_created_at = date('Y-m-d', strtotime($row['client_created_at'])); - $client_updated_at = htmlentities($row['client_updated_at']); - $client_archive_at = htmlentities($row['client_archived_at']); + $client_updated_at = nullable_htmlentities($row['client_updated_at']); + $client_archive_at = nullable_htmlentities($row['client_archived_at']); // Client Tags @@ -151,9 +151,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); while ($row = mysqli_fetch_array($sql_client_tags)) { $client_tag_id = intval($row['tag_id']); - $client_tag_name = htmlentities($row['tag_name']); - $client_tag_color = htmlentities($row['tag_color']); - $client_tag_icon = htmlentities($row['tag_icon']); + $client_tag_name = nullable_htmlentities($row['tag_name']); + $client_tag_color = nullable_htmlentities($row['tag_color']); + $client_tag_icon = nullable_htmlentities($row['tag_icon']); if (empty($client_tag_icon)) { $client_tag_icon = "tag"; } diff --git a/cron.php b/cron.php index c7c252cb..4c3002ea 100644 --- a/cron.php +++ b/cron.php @@ -461,9 +461,9 @@ foreach ($invoiceAlertArray as $day) { mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Overdue', notification = 'Invoice $invoice_prefix$invoice_number for $client_name in the amount of $invoice_amount is overdue by $day days', notification_client_id = $client_id, notification_entity_id = $invoice_id"); $subject = "Overdue Invoice $invoice_prefix$invoice_number"; - $body = "Hello $contact_name,

According to our records, we have not received payment for invoice $invoice_prefix$invoice_number. Please submit your payment as soon as possible. If you have any questions please contact us at $company_phone. + $body = "Hello $contact_name,

Our records indicate that we have not yet received payment for the invoice $invoice_prefix$invoice_number. We kindly request that you submit your payment as soon as possible. If you have any questions or concerns, please do not hesitate to contact us at $company_phone.

- Please view the details of the invoice below.

Invoice: $invoice_prefix$invoice_number
Issue Date: $invoice_date
Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "
Due Date: $invoice_due


To view your invoice click here


~
$company_name
Billing Department
$config_invoice_from_email
$company_phone"; + Kindly review the invoice details mentioned below.

Invoice: $invoice_prefix$invoice_number
Issue Date: $invoice_date
Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "
Due Date: $invoice_due


To view your invoice click here


~
$company_name
Billing Department
$config_invoice_from_email
$company_phone"; $mail = sendSingleEmail( $config_smtp_host, @@ -581,7 +581,7 @@ while ($row = mysqli_fetch_array($sql_recurring)) { $subject = "Invoice $invoice_prefix$invoice_number"; - $body = "Hello $contact_name,

Please view the details of the invoice below.

Invoice: $invoice_prefix$invoice_number
Issue Date: $invoice_date
Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "
Due Date: $invoice_due


To view your invoice click here


~
$company_name
Billing Department
$config_invoice_from_email
$company_phone"; + $body = "Hello $contact_name,

Kindly review the invoice details mentioned below.

Invoice: $invoice_prefix$invoice_number
Issue Date: $invoice_date
Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "
Due Date: $invoice_due


To view your invoice click here


~
$company_name
Billing Department
$config_invoice_from_email
$company_phone"; $mail = sendSingleEmail( $config_smtp_host, diff --git a/portal/document.php b/portal/document.php index d112ede1..d17e6909 100644 --- a/portal/document.php +++ b/portal/document.php @@ -32,7 +32,7 @@ $sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, docume $row = mysqli_fetch_array($sql_document); $document_id = intval($row['document_id']); -$document_name = htmlentities($row['document_name']); +$document_name = nullable_htmlentities($row['document_name']); $document_content = $purifier->purify($row['document_content']); ?> diff --git a/portal/documents.php b/portal/documents.php index 54066f3b..5d950689 100644 --- a/portal/documents.php +++ b/portal/documents.php @@ -53,9 +53,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum diff --git a/portal/invoices.php b/portal/invoices.php index 8aa9c4f2..5b74f2a4 100644 --- a/portal/invoices.php +++ b/portal/invoices.php @@ -57,14 +57,14 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie diff --git a/portal/portal_footer.php b/portal/portal_footer.php index 8a4f94fc..f8f579dd 100644 --- a/portal/portal_footer.php +++ b/portal/portal_footer.php @@ -11,7 +11,7 @@
-

+

diff --git a/portal/portal_header.php b/portal/portal_header.php index c67033f9..e800f367 100644 --- a/portal/portal_header.php +++ b/portal/portal_header.php @@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy - <?php echo htmlentities($company_name); ?> | Client Portal + <?php echo nullable_htmlentities($company_name); ?> | Client Portal @@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy