AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-03 04:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace all instances of htmlentities() with the new function nullable_htmlentities() thanks @bhopkins0

Browse Source
This commit is contained in:
johnnyq
2023-05-11 18:23:36 -04:00
parent f136a915b4
commit ccf0d3ab77
14 changed files with 69 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
accounts.php
View File

@@ -30,7 +30,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts"> <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Accounts">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -52,10 +52,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$account_id = intval($row['account_id']); $account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']); $account_name = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']); $opening_balance = floatval($row['opening_balance']);
$account_currency_code = htmlentities($row['account_currency_code']); $account_currency_code = nullable_htmlentities($row['account_currency_code']);
$account_notes = htmlentities($row['account_notes']); $account_notes = nullable_htmlentities($row['account_notes']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id"); $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments); $row = mysqli_fetch_array($sql_payments);

4
ajax.php
View File

@@ -205,10 +205,10 @@ if (isset($_GET['ticket_query_views'])) {
$users = array_unique($users); $users = array_unique($users);
if (count($users) > 1) { if (count($users) > 1) {
// Multiple viewers // Multiple viewers
$response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket."); $response['message'] = nullable_htmlentities(implode(", ", $users) . " are viewing this ticket.");
} else { } else {
// Single viewer // Single viewer
$response['message'] = htmlentities(implode("", $users) . " is viewing this ticket."); $response['message'] = nullable_htmlentities(implode("", $users) . " is viewing this ticket.");
} }
} else { } else {
// No viewers // No viewers

48
clients.php
View File

@@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row"> <div class="row">
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search" autofocus> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search" autofocus>
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button> <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -83,13 +83,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date from</label> <label>Date from</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>"> <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<label>Date to</label> <label>Date to</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>"> <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
</div> </div>
</div> </div>
</div> </div>
@@ -112,36 +112,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']); $client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']); $client_name = nullable_htmlentities($row['client_name']);
$client_type = htmlentities($row['client_type']); $client_type = nullable_htmlentities($row['client_type']);
$location_id = intval($row['location_id']); $location_id = intval($row['location_id']);
$location_country = htmlentities($row['location_country']); $location_country = nullable_htmlentities($row['location_country']);
$location_address = htmlentities($row['location_address']); $location_address = nullable_htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = nullable_htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = nullable_htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = nullable_htmlentities($row['location_zip']);
if (empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)) { if (empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)) {
$location_address_display = "-"; $location_address_display = "-";
} else { } else {
$location_address_display = "$location_address<br>$location_city $location_state $location_zip"; $location_address_display = "$location_address<br>$location_city $location_state $location_zip";
} }
$contact_id = intval($row['contact_id']); $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = nullable_htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = nullable_htmlentities($row['contact_title']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = nullable_htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = htmlentities($row['contact_email']); $contact_email = nullable_htmlentities($row['contact_email']);
$client_website = htmlentities($row['client_website']); $client_website = nullable_htmlentities($row['client_website']);
$client_rate = floatval($row['client_rate']); $client_rate = floatval($row['client_rate']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']); $client_net_terms = intval($row['client_net_terms']);
$client_tax_id_number = htmlentities($row['client_tax_id_number']); $client_tax_id_number = nullable_htmlentities($row['client_tax_id_number']);
$client_referral = htmlentities($row['client_referral']); $client_referral = nullable_htmlentities($row['client_referral']);
$client_notes = htmlentities($row['client_notes']); $client_notes = nullable_htmlentities($row['client_notes']);
$client_created_at = date('Y-m-d', strtotime($row['client_created_at'])); $client_created_at = date('Y-m-d', strtotime($row['client_created_at']));
$client_updated_at = htmlentities($row['client_updated_at']); $client_updated_at = nullable_htmlentities($row['client_updated_at']);
$client_archive_at = htmlentities($row['client_archived_at']); $client_archive_at = nullable_htmlentities($row['client_archived_at']);
// Client Tags // Client Tags
@@ -151,9 +151,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql_client_tags)) { while ($row = mysqli_fetch_array($sql_client_tags)) {
$client_tag_id = intval($row['tag_id']); $client_tag_id = intval($row['tag_id']);
$client_tag_name = htmlentities($row['tag_name']); $client_tag_name = nullable_htmlentities($row['tag_name']);
$client_tag_color = htmlentities($row['tag_color']); $client_tag_color = nullable_htmlentities($row['tag_color']);
$client_tag_icon = htmlentities($row['tag_icon']); $client_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($client_tag_icon)) { if (empty($client_tag_icon)) {
$client_tag_icon = "tag"; $client_tag_icon = "tag";
} }

6
cron.php
View File

@@ -461,9 +461,9 @@ foreach ($invoiceAlertArray as $day) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Overdue', notification = 'Invoice $invoice_prefix$invoice_number for $client_name in the amount of $invoice_amount is overdue by $day days', notification_client_id = $client_id, notification_entity_id = $invoice_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Overdue', notification = 'Invoice $invoice_prefix$invoice_number for $client_name in the amount of $invoice_amount is overdue by $day days', notification_client_id = $client_id, notification_entity_id = $invoice_id");
$subject = "Overdue Invoice $invoice_prefix$invoice_number"; $subject = "Overdue Invoice $invoice_prefix$invoice_number";
$body = "Hello $contact_name,<br><br>According to our records, we have not received payment for invoice $invoice_prefix$invoice_number. Please submit your payment as soon as possible. If you have any questions please contact us at $company_phone. $body = "Hello $contact_name,<br><br>Our records indicate that we have not yet received payment for the invoice $invoice_prefix$invoice_number. We kindly request that you submit your payment as soon as possible. If you have any questions or concerns, please do not hesitate to contact us at $company_phone.
<br><br> <br><br>
Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone"; Kindly review the invoice details mentioned below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
$mail = sendSingleEmail( $mail = sendSingleEmail(
$config_smtp_host, $config_smtp_host,
@@ -581,7 +581,7 @@ while ($row = mysqli_fetch_array($sql_recurring)) {
$subject = "Invoice $invoice_prefix$invoice_number"; $subject = "Invoice $invoice_prefix$invoice_number";
$body = "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone"; $body = "Hello $contact_name,<br><br>Kindly review the invoice details mentioned below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
$mail = sendSingleEmail( $mail = sendSingleEmail(
$config_smtp_host, $config_smtp_host,

2
portal/document.php
View File

@@ -32,7 +32,7 @@ $sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, docume
$row = mysqli_fetch_array($sql_document); $row = mysqli_fetch_array($sql_document);
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']); $document_content = $purifier->purify($row['document_content']);
?> ?>

6
portal/documents.php
View File

@@ -53,9 +53,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
<?php <?php
while ($row = mysqli_fetch_array($documents_sql)) { while ($row = mysqli_fetch_array($documents_sql)) {
$document_id = intval($row['document_id']); $document_id = intval($row['document_id']);
$folder_name = htmlentities($row['folder_name']); $folder_name = nullable_htmlentities($row['folder_name']);
$document_name = htmlentities($row['document_name']); $document_name = nullable_htmlentities($row['document_name']);
$document_created_at = htmlentities($row['document_created_at']); $document_created_at = nullable_htmlentities($row['document_created_at']);
?> ?>

12
portal/invoices.php
View File

@@ -57,14 +57,14 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
<?php <?php
while ($row = mysqli_fetch_array($invoices_sql)) { while ($row = mysqli_fetch_array($invoices_sql)) {
$invoice_id = intval($row['invoice_id']); $invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']); $invoice_scope = nullable_htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = nullable_htmlentities($row['invoice_status']);
$invoice_date = htmlentities($row['invoice_date']); $invoice_date = nullable_htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']); $invoice_due = nullable_htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_url_key = htmlentities($row['invoice_url_key']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
if (empty($invoice_scope)) { if (empty($invoice_scope)) {
$invoice_scope_display = "-"; $invoice_scope_display = "-";

2
portal/login_reset.php
View File

@@ -248,7 +248,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<?php <?php
// Show feedback from session // Show feedback from session
if (!empty($_SESSION['login_message'])) { if (!empty($_SESSION['login_message'])) {
echo htmlentities($_SESSION['login_message']); echo nullable_htmlentities($_SESSION['login_message']);
unset($_SESSION['login_message']); unset($_SESSION['login_message']);
} }
?> ?>

2
portal/portal_footer.php
View File

@@ -11,7 +11,7 @@
<br> <br>
<hr> <hr>
<p class="text-center"><?php echo htmlentities($session_company_name); ?></p> <p class="text-center"><?php echo nullable_htmlentities($session_company_name); ?></p>
<!-- jQuery --> <!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script> <script src="../plugins/jquery/jquery.min.js"></script>

6
portal/portal_header.php
View File

@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo htmlentities($company_name); ?> | Client Portal</title> <title><?php echo nullable_htmlentities($company_name); ?> | Client Portal</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy
<nav class="navbar navbar-expand-lg navbar-dark bg-dark"> <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container"> <div class="container">
<a class="navbar-brand" href="index.php"><?php echo htmlentities($company_name); ?></a> <a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($company_name); ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span> <span class="navbar-toggler-icon"></span>
</button> </button>
@@ -63,7 +63,7 @@ header("X-Frame-Options: DENY"); // Legacy
<ul class="nav navbar-nav pull-right"> <ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown"> <li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
<?php echo htmlentities($session_contact_name); ?> <?php echo nullable_htmlentities($session_contact_name); ?>
</a> </a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown"> <div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a> <a class="dropdown-item" href="profile.php">Profile</a>

10
portal/quotes.php
View File

@@ -56,13 +56,13 @@ $quotes_sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id
<?php <?php
while ($row = mysqli_fetch_array($quotes_sql)) { while ($row = mysqli_fetch_array($quotes_sql)) {
$quote_id = intval($row['quote_id']); $quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']); $quote_number = intval($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']); $quote_scope = nullable_htmlentities($row['quote_scope']);
$quote_status = htmlentities($row['quote_status']); $quote_status = nullable_htmlentities($row['quote_status']);
$quote_date = htmlentities($row['quote_date']); $quote_date = nullable_htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_url_key = htmlentities($row['quote_url_key']); $quote_url_key = nullable_htmlentities($row['quote_url_key']);
if (empty($quote_scope)) { if (empty($quote_scope)) {
$quote_scope_display = "-"; $quote_scope_display = "-";

18
portal/ticket.php
View File

@@ -25,13 +25,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
if ($ticket_row) { if ($ticket_row) {
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
$ticket_number = intval($ticket_row['ticket_number']); $ticket_number = intval($ticket_row['ticket_number']);
$ticket_status = htmlentities($ticket_row['ticket_status']); $ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
$ticket_priority = htmlentities($ticket_row['ticket_priority']); $ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
$ticket_subject = htmlentities($ticket_row['ticket_subject']); $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
$ticket_details = $purifier->purify($ticket_row['ticket_details']); $ticket_details = $purifier->purify($ticket_row['ticket_details']);
$ticket_feedback = htmlentities($ticket_row['ticket_feedback']); $ticket_feedback = nullable_htmlentities($ticket_row['ticket_feedback']);
?> ?>
@@ -114,18 +114,18 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$ticket_reply_id = intval($row['ticket_reply_id']); $ticket_reply_id = intval($row['ticket_reply_id']);
$ticket_reply = $purifier->purify($row['ticket_reply']); $ticket_reply = $purifier->purify($row['ticket_reply']);
$ticket_reply_created_at = htmlentities($row['ticket_reply_created_at']); $ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']);
$ticket_reply_updated_at = htmlentities($row['ticket_reply_updated_at']); $ticket_reply_updated_at = nullable_htmlentities($row['ticket_reply_updated_at']);
$ticket_reply_by = intval($row['ticket_reply_by']); $ticket_reply_by = intval($row['ticket_reply_by']);
$ticket_reply_type = $row['ticket_reply_type']; $ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") { if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = htmlentities($row['contact_name']); $ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
$user_initials = initials($row['contact_name']); $user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo']; $user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_client_id/$user_avatar"; $avatar_link = "../uploads/clients/$session_client_id/$user_avatar";
} else { } else {
$ticket_reply_by_display = htmlentities($row['user_name']); $ticket_reply_by_display = nullable_htmlentities($row['user_name']);
$user_id = intval($row['user_id']); $user_id = intval($row['user_id']);
$user_avatar = $row['user_avatar']; $user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']); $user_initials = initials($row['user_name']);

8
portal/ticket_view_all.php
View File

@@ -57,11 +57,11 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<?php <?php
while ($row = mysqli_fetch_array($all_tickets)) { while ($row = mysqli_fetch_array($all_tickets)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
$ticket_contact_name = htmlentities($row['contact_name']); $ticket_contact_name = nullable_htmlentities($row['contact_name']);
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>"; echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";

6
portal/tickets.php
View File

@@ -84,10 +84,10 @@ $total_tickets = intval($row['total_tickets']);
<?php <?php
while ($row = mysqli_fetch_array($contact_tickets)) { while ($row = mysqli_fetch_array($contact_tickets)) {
$ticket_id = intval($row['ticket_id']); $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = nullable_htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = nullable_htmlentities($row['ticket_status']);
?> ?>
<tr> <tr>