diff --git a/api/v1/assets/asset_model.php b/api/v1/assets/asset_model.php index 5d92ae65..024df520 100644 --- a/api/v1/assets/asset_model.php +++ b/api/v1/assets/asset_model.php @@ -2,7 +2,7 @@ // Variable assignment from POST (or: blank/from DB is updating) if (isset($_POST['asset_name'])) { - $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name']))); + $name = sanitizeInput(_POST['asset_name']); } elseif (isset($asset_row) && isset($asset_row['asset_name'])) { $name = $asset_row['asset_name']; } else { @@ -10,7 +10,7 @@ if (isset($_POST['asset_name'])) { } if (isset($_POST['asset_type'])) { - $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type']))); + $type = sanitizeInput($_POST['asset_type']); } elseif (isset($asset_row) && isset($asset_row['asset_type'])) { $type = $asset_row['asset_type']; } else { @@ -18,14 +18,14 @@ if (isset($_POST['asset_type'])) { } if (isset($_POST['asset_make'])) { - $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make']))); + $make = sanitizeInput($_POST['asset_make']); } elseif (isset($asset_row) && isset($asset_row['asset_make'])) { $make = $asset_row['asset_make']; } else { $make = ''; } if (isset($_POST['asset_model'])) { - $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model']))); + $model = sanitizeInput($_POST['asset_model']); } elseif (isset($asset_row) && isset($asset_row['asset_model'])) { $model = $asset_row['asset_model']; } else { @@ -33,7 +33,7 @@ if (isset($_POST['asset_model'])) { } if (isset($_POST['asset_serial'])) { - $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial']))); + $serial = sanitizeInput($_POST['asset_serial']); } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) { $serial = $asset_row['asset_serial']; } else { @@ -41,7 +41,7 @@ if (isset($_POST['asset_serial'])) { } if (isset($_POST['asset_os'])) { - $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os']))); + $os = sanitizeInput($_POST['asset_os']); } elseif (isset($asset_row) && isset($asset_row['asset_os'])) { $os = $asset_row['asset_os']; } else { @@ -49,7 +49,7 @@ if (isset($_POST['asset_os'])) { } if (isset($_POST['asset_ip'])) { - $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip']))); + $aip = sanitizeInput($_POST['asset_ip']); } elseif (isset($asset_row) && isset($asset_row['asset_ip'])) { $aip = $asset_row['asset_ip']; } else { @@ -57,7 +57,7 @@ if (isset($_POST['asset_ip'])) { } if (isset($_POST['asset_mac'])) { - $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac']))); + $mac = sanitizeInput($_POST['asset_mac']); } elseif (isset($asset_row) && isset($asset_row['asset_mac'])) { $mac = $asset_row['asset_mac']; } else { @@ -65,7 +65,7 @@ if (isset($_POST['asset_mac'])) { } if (isset($_POST['asset_status'])) { - $status = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_status']))); + $status = sanitizeInput($_POST['asset_status']); } elseif (isset($asset_row) && isset($asset_row['asset_status'])) { $status = $asset_row['asset_status']; } else { @@ -73,7 +73,7 @@ if (isset($_POST['asset_status'])) { } if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) { - $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date']))); + $purchase_date = sanitizeInput($_POST['asset_purchase_date']); } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) { $purchase_date = $asset_row['asset_purchase_date']; } else { @@ -81,7 +81,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'] } if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) { - $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire']))); + $warranty_expire = sanitizeInput($_POST['asset_warranty_expire']); } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) { $warranty_expire = $asset_row['asset_warranty_expire']; } else { @@ -89,7 +89,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi } if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) { - $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date']))); + $install_date = sanitizeInput($_POST['asset_install_date']); } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) { $install_date = $asset_row['asset_install_date']; } else { @@ -97,7 +97,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) } if (isset($_POST['asset_notes'])) { - $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes']))); + $notes = sanitizeInput($_POST['asset_notes']); } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) { $notes = $asset_row['asset_notes']; } else { diff --git a/api/v1/assets/create.php b/api/v1/assets/create.php index 928baa85..4ea30ab4 100644 --- a/api/v1/assets/create.php +++ b/api/v1/assets/create.php @@ -11,14 +11,14 @@ $insert_id = false; if (!empty($name) && !empty($client_id)) { // Insert into Database - $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'"); + $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'"); if ($insert_sql) { $insert_id = mysqli_insert_id($mysqli); //Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id"); } } diff --git a/api/v1/assets/update.php b/api/v1/assets/update.php index 633b58c8..5cbc47d8 100644 --- a/api/v1/assets/update.php +++ b/api/v1/assets/update.php @@ -16,7 +16,7 @@ if (!empty($asset_id)) { // Variable assignment from POST - assigning the current database value if a value is not provided require_once('asset_model.php'); - $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); + $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); // Check insert & get insert ID if ($update_sql) { diff --git a/api/v1/contacts/contact_model.php b/api/v1/contacts/contact_model.php index fab66f8a..8fa13b27 100644 --- a/api/v1/contacts/contact_model.php +++ b/api/v1/contacts/contact_model.php @@ -3,7 +3,7 @@ define('number_regex', '/[^0-9]/'); // Variable assignment from POST (or: blank/from DB is updating) if (isset($_POST['contact_name'])) { - $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name']))); + $name = sanitizeInput($_POST['contact_name']); } elseif ($contact_row) { $name = $contact_row['contact_name']; } else { @@ -11,7 +11,7 @@ if (isset($_POST['contact_name'])) { } if (isset($_POST['contact_title'])) { - $title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title']))); + $title = sanitizeInput($_POST['contact_title']); } elseif ($contact_row) { $title = $contact_row['contact_title']; } else { @@ -19,7 +19,7 @@ if (isset($_POST['contact_title'])) { } if (isset($_POST['contact_department'])) { - $department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department']))); + $department = sanitizeInput($_POST['contact_department']); } elseif ($contact_row) { $department = $contact_row['contact_department']; } else { @@ -27,7 +27,7 @@ if (isset($_POST['contact_department'])) { } if (isset($_POST['contact_email'])) { - $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email']))); + $email = sanitizeInput($_POST['contact_email']); } elseif ($contact_row) { $email = $contact_row['contact_email']; } else { @@ -59,7 +59,7 @@ if (isset($_POST['contact_mobile'])) { } if (isset($_POST['contact_notes'])) { - $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes']))); + $notes = sanitizeInput($_POST['contact_notes']); } elseif ($contact_row) { $notes = $contact_row['contact_notes']; } else { @@ -67,7 +67,7 @@ if (isset($_POST['contact_notes'])) { } if (isset($_POST['contact_auth_method'])) { - $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method']))); + $auth_method = sanitizeInput($_POST['contact_auth_method']); } elseif ($contact_row) { $auth_method = $contact_row['contact_auth_method']; } else { diff --git a/client_add_modal.php b/client_add_modal.php index 8834fd0b..602563b8 100644 --- a/client_add_modal.php +++ b/client_add_modal.php @@ -295,6 +295,16 @@ + + +
+ +

No Tags Found!

+ Try adding a few Settings > Tags +
+ + + diff --git a/client_edit_modal.php b/client_edit_modal.php index fbc7c12b..55d972ee 100644 --- a/client_edit_modal.php +++ b/client_edit_modal.php @@ -161,6 +161,16 @@ + + +
+ +

No Tags Found!

+ Try adding a few Settings > Tags +
+ + +