Replace all instances of htmlentities() with the new function nullable_htmlentities() thanks @bhopkins0

This commit is contained in:
johnnyq
2023-05-11 18:23:36 -04:00
parent f136a915b4
commit ccf0d3ab77
14 changed files with 69 additions and 69 deletions

View File

@@ -32,7 +32,7 @@ $sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, docume
$row = mysqli_fetch_array($sql_document);
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
?>

View File

@@ -53,9 +53,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
<?php
while ($row = mysqli_fetch_array($documents_sql)) {
$document_id = intval($row['document_id']);
$folder_name = htmlentities($row['folder_name']);
$document_name = htmlentities($row['document_name']);
$document_created_at = htmlentities($row['document_created_at']);
$folder_name = nullable_htmlentities($row['folder_name']);
$document_name = nullable_htmlentities($row['document_name']);
$document_created_at = nullable_htmlentities($row['document_created_at']);
?>

View File

@@ -57,14 +57,14 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
<?php
while ($row = mysqli_fetch_array($invoices_sql)) {
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
$invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
if (empty($invoice_scope)) {
$invoice_scope_display = "-";

View File

@@ -248,7 +248,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<?php
// Show feedback from session
if (!empty($_SESSION['login_message'])) {
echo htmlentities($_SESSION['login_message']);
echo nullable_htmlentities($_SESSION['login_message']);
unset($_SESSION['login_message']);
}
?>

View File

@@ -11,7 +11,7 @@
<br>
<hr>
<p class="text-center"><?php echo htmlentities($session_company_name); ?></p>
<p class="text-center"><?php echo nullable_htmlentities($session_company_name); ?></p>
<!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script>

View File

@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo htmlentities($company_name); ?> | Client Portal</title>
<title><?php echo nullable_htmlentities($company_name); ?> | Client Portal</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="index.php"><?php echo htmlentities($company_name); ?></a>
<a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($company_name); ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
@@ -63,7 +63,7 @@ header("X-Frame-Options: DENY"); // Legacy
<ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
<?php echo htmlentities($session_contact_name); ?>
<?php echo nullable_htmlentities($session_contact_name); ?>
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a>

View File

@@ -56,13 +56,13 @@ $quotes_sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id
<?php
while ($row = mysqli_fetch_array($quotes_sql)) {
$quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']);
$quote_scope = nullable_htmlentities($row['quote_scope']);
$quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']);
$quote_url_key = htmlentities($row['quote_url_key']);
$quote_url_key = nullable_htmlentities($row['quote_url_key']);
if (empty($quote_scope)) {
$quote_scope_display = "-";

View File

@@ -25,13 +25,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
if ($ticket_row) {
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']);
$ticket_status = htmlentities($ticket_row['ticket_status']);
$ticket_priority = htmlentities($ticket_row['ticket_priority']);
$ticket_subject = htmlentities($ticket_row['ticket_subject']);
$ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
$ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
$ticket_feedback = htmlentities($ticket_row['ticket_feedback']);
$ticket_feedback = nullable_htmlentities($ticket_row['ticket_feedback']);
?>
@@ -114,18 +114,18 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
while ($row = mysqli_fetch_array($sql)) {
$ticket_reply_id = intval($row['ticket_reply_id']);
$ticket_reply = $purifier->purify($row['ticket_reply']);
$ticket_reply_created_at = htmlentities($row['ticket_reply_created_at']);
$ticket_reply_updated_at = htmlentities($row['ticket_reply_updated_at']);
$ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']);
$ticket_reply_updated_at = nullable_htmlentities($row['ticket_reply_updated_at']);
$ticket_reply_by = intval($row['ticket_reply_by']);
$ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = htmlentities($row['contact_name']);
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
$user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_client_id/$user_avatar";
} else {
$ticket_reply_by_display = htmlentities($row['user_name']);
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
$user_id = intval($row['user_id']);
$user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']);

View File

@@ -57,11 +57,11 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<?php
while ($row = mysqli_fetch_array($all_tickets)) {
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_contact_name = htmlentities($row['contact_name']);
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_status = nullable_htmlentities($row['ticket_status']);
$ticket_contact_name = nullable_htmlentities($row['contact_name']);
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";

View File

@@ -84,10 +84,10 @@ $total_tickets = intval($row['total_tickets']);
<?php
while ($row = mysqli_fetch_array($contact_tickets)) {
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_status = nullable_htmlentities($row['ticket_status']);
?>
<tr>