mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
Added a helper if no tags exist when attempting to add them to a client, Added some santizeInput tags to API
This commit is contained in:
johnnyq
@@ -2,7 +2,7 @@
|
||||
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
if (isset($_POST['asset_name'])) {
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
|
||||
$name = sanitizeInput(_POST['asset_name']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
|
||||
$name = $asset_row['asset_name'];
|
||||
} else {
|
||||
@@ -10,7 +10,7 @@ if (isset($_POST['asset_name'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_type'])) {
|
||||
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
|
||||
$type = sanitizeInput($_POST['asset_type']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
|
||||
$type = $asset_row['asset_type'];
|
||||
} else {
|
||||
@@ -18,14 +18,14 @@ if (isset($_POST['asset_type'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_make'])) {
|
||||
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
|
||||
$make = sanitizeInput($_POST['asset_make']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
|
||||
$make = $asset_row['asset_make'];
|
||||
} else {
|
||||
$make = '';
|
||||
}
|
||||
if (isset($_POST['asset_model'])) {
|
||||
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
|
||||
$model = sanitizeInput($_POST['asset_model']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
|
||||
$model = $asset_row['asset_model'];
|
||||
} else {
|
||||
@@ -33,7 +33,7 @@ if (isset($_POST['asset_model'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_serial'])) {
|
||||
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
|
||||
$serial = sanitizeInput($_POST['asset_serial']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
|
||||
$serial = $asset_row['asset_serial'];
|
||||
} else {
|
||||
@@ -41,7 +41,7 @@ if (isset($_POST['asset_serial'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_os'])) {
|
||||
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
|
||||
$os = sanitizeInput($_POST['asset_os']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
|
||||
$os = $asset_row['asset_os'];
|
||||
} else {
|
||||
@@ -49,7 +49,7 @@ if (isset($_POST['asset_os'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_ip'])) {
|
||||
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
|
||||
$aip = sanitizeInput($_POST['asset_ip']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_ip'])) {
|
||||
$aip = $asset_row['asset_ip'];
|
||||
} else {
|
||||
@@ -57,7 +57,7 @@ if (isset($_POST['asset_ip'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_mac'])) {
|
||||
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
|
||||
$mac = sanitizeInput($_POST['asset_mac']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_mac'])) {
|
||||
$mac = $asset_row['asset_mac'];
|
||||
} else {
|
||||
@@ -65,7 +65,7 @@ if (isset($_POST['asset_mac'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_status'])) {
|
||||
$status = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_status'])));
|
||||
$status = sanitizeInput($_POST['asset_status']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
|
||||
$status = $asset_row['asset_status'];
|
||||
} else {
|
||||
@@ -73,7 +73,7 @@ if (isset($_POST['asset_status'])) {
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
|
||||
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
|
||||
$purchase_date = sanitizeInput($_POST['asset_purchase_date']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
|
||||
$purchase_date = $asset_row['asset_purchase_date'];
|
||||
} else {
|
||||
@@ -81,7 +81,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
|
||||
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
|
||||
$warranty_expire = sanitizeInput($_POST['asset_warranty_expire']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
|
||||
$warranty_expire = $asset_row['asset_warranty_expire'];
|
||||
} else {
|
||||
@@ -89,7 +89,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
|
||||
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
|
||||
$install_date = sanitizeInput($_POST['asset_install_date']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
|
||||
$install_date = $asset_row['asset_install_date'];
|
||||
} else {
|
||||
@@ -97,7 +97,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
|
||||
}
|
||||
|
||||
if (isset($_POST['asset_notes'])) {
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
|
||||
$notes = sanitizeInput($_POST['asset_notes']);
|
||||
} elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
|
||||
$notes = $asset_row['asset_notes'];
|
||||
} else {
|
||||
|
||||
@@ -11,14 +11,14 @@ $insert_id = false;
|
||||
|
||||
if (!empty($name) && !empty($client_id)) {
|
||||
// Insert into Database
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ if (!empty($asset_id)) {
|
||||
// Variable assignment from POST - assigning the current database value if a value is not provided
|
||||
require_once('asset_model.php');
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($update_sql) {
|
||||
|
||||
Reference in New Issue
Block a user