mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 03:14:52 +00:00
Replace all instances of htmlentities() with the new function nullable_htmlentities() thanks @bhopkins0
This commit is contained in:
johnnyq
@@ -32,7 +32,7 @@ $sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, docume
|
||||
$row = mysqli_fetch_array($sql_document);
|
||||
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = $purifier->purify($row['document_content']);
|
||||
|
||||
?>
|
||||
|
||||
@@ -53,9 +53,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($documents_sql)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -57,14 +57,14 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($invoices_sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_scope = htmlentities($row['invoice_scope']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
|
||||
if (empty($invoice_scope)) {
|
||||
$invoice_scope_display = "-";
|
||||
|
||||
@@ -248,7 +248,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
<?php
|
||||
// Show feedback from session
|
||||
if (!empty($_SESSION['login_message'])) {
|
||||
echo htmlentities($_SESSION['login_message']);
|
||||
echo nullable_htmlentities($_SESSION['login_message']);
|
||||
unset($_SESSION['login_message']);
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
<p class="text-center"><?php echo htmlentities($session_company_name); ?></p>
|
||||
<p class="text-center"><?php echo nullable_htmlentities($session_company_name); ?></p>
|
||||
|
||||
<!-- jQuery -->
|
||||
<script src="../plugins/jquery/jquery.min.js"></script>
|
||||
|
||||
@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title><?php echo htmlentities($company_name); ?> | Client Portal</title>
|
||||
<title><?php echo nullable_htmlentities($company_name); ?> | Client Portal</title>
|
||||
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
|
||||
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
|
||||
<div class="container">
|
||||
<a class="navbar-brand" href="index.php"><?php echo htmlentities($company_name); ?></a>
|
||||
<a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($company_name); ?></a>
|
||||
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
|
||||
<span class="navbar-toggler-icon"></span>
|
||||
</button>
|
||||
@@ -63,7 +63,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
<ul class="nav navbar-nav pull-right">
|
||||
<li class="nav-item dropdown">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
|
||||
<?php echo htmlentities($session_contact_name); ?>
|
||||
<?php echo nullable_htmlentities($session_contact_name); ?>
|
||||
</a>
|
||||
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
|
||||
<a class="dropdown-item" href="profile.php">Profile</a>
|
||||
|
||||
@@ -56,13 +56,13 @@ $quotes_sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($quotes_sql)) {
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = intval($row['quote_number']);
|
||||
$quote_scope = htmlentities($row['quote_scope']);
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_scope = nullable_htmlentities($row['quote_scope']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_url_key = htmlentities($row['quote_url_key']);
|
||||
$quote_url_key = nullable_htmlentities($row['quote_url_key']);
|
||||
|
||||
if (empty($quote_scope)) {
|
||||
$quote_scope_display = "-";
|
||||
|
||||
@@ -25,13 +25,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
||||
|
||||
if ($ticket_row) {
|
||||
|
||||
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
|
||||
$ticket_number = intval($ticket_row['ticket_number']);
|
||||
$ticket_status = htmlentities($ticket_row['ticket_status']);
|
||||
$ticket_priority = htmlentities($ticket_row['ticket_priority']);
|
||||
$ticket_subject = htmlentities($ticket_row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
|
||||
$ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
|
||||
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
|
||||
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
|
||||
$ticket_feedback = htmlentities($ticket_row['ticket_feedback']);
|
||||
$ticket_feedback = nullable_htmlentities($ticket_row['ticket_feedback']);
|
||||
|
||||
?>
|
||||
|
||||
@@ -114,18 +114,18 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$ticket_reply_id = intval($row['ticket_reply_id']);
|
||||
$ticket_reply = $purifier->purify($row['ticket_reply']);
|
||||
$ticket_reply_created_at = htmlentities($row['ticket_reply_created_at']);
|
||||
$ticket_reply_updated_at = htmlentities($row['ticket_reply_updated_at']);
|
||||
$ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']);
|
||||
$ticket_reply_updated_at = nullable_htmlentities($row['ticket_reply_updated_at']);
|
||||
$ticket_reply_by = intval($row['ticket_reply_by']);
|
||||
$ticket_reply_type = $row['ticket_reply_type'];
|
||||
|
||||
if ($ticket_reply_type == "Client") {
|
||||
$ticket_reply_by_display = htmlentities($row['contact_name']);
|
||||
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
|
||||
$user_initials = initials($row['contact_name']);
|
||||
$user_avatar = $row['contact_photo'];
|
||||
$avatar_link = "../uploads/clients/$session_client_id/$user_avatar";
|
||||
} else {
|
||||
$ticket_reply_by_display = htmlentities($row['user_name']);
|
||||
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
|
||||
$user_id = intval($row['user_id']);
|
||||
$user_avatar = $row['user_avatar'];
|
||||
$user_initials = initials($row['user_name']);
|
||||
|
||||
@@ -57,11 +57,11 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($all_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_contact_name = htmlentities($row['contact_name']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
$ticket_contact_name = nullable_htmlentities($row['contact_name']);
|
||||
|
||||
echo "<tr>";
|
||||
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";
|
||||
|
||||
@@ -84,10 +84,10 @@ $total_tickets = intval($row['total_tickets']);
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($contact_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
?>
|
||||
|
||||
<tr>
|
||||
|
||||
Reference in New Issue
Block a user