AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-09 15:24:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added a helper if no tags exist when attempting to add them to a client, Added some santizeInput tags to API

Browse Source
This commit is contained in:
johnnyq
2023-02-28 11:58:08 -05:00
parent 2acb5e0b7b
commit cdfb61b294
6 changed files with 43 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
api/v1/assets/asset_model.php
View File

@@ -2,7 +2,7 @@
// Variable assignment from POST (or: blank/from DB is updating) // Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['asset_name'])) { if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name']))); $name = sanitizeInput(_POST['asset_name']);
} elseif (isset($asset_row) && isset($asset_row['asset_name'])) { } elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
$name = $asset_row['asset_name']; $name = $asset_row['asset_name'];
} else { } else {
@@ -10,7 +10,7 @@ if (isset($_POST['asset_name'])) {
} }
if (isset($_POST['asset_type'])) { if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type']))); $type = sanitizeInput($_POST['asset_type']);
} elseif (isset($asset_row) && isset($asset_row['asset_type'])) { } elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
$type = $asset_row['asset_type']; $type = $asset_row['asset_type'];
} else { } else {
@@ -18,14 +18,14 @@ if (isset($_POST['asset_type'])) {
} }
if (isset($_POST['asset_make'])) { if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make']))); $make = sanitizeInput($_POST['asset_make']);
} elseif (isset($asset_row) && isset($asset_row['asset_make'])) { } elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
$make = $asset_row['asset_make']; $make = $asset_row['asset_make'];
} else { } else {
$make = ''; $make = '';
} }
if (isset($_POST['asset_model'])) { if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model']))); $model = sanitizeInput($_POST['asset_model']);
} elseif (isset($asset_row) && isset($asset_row['asset_model'])) { } elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
$model = $asset_row['asset_model']; $model = $asset_row['asset_model'];
} else { } else {
@@ -33,7 +33,7 @@ if (isset($_POST['asset_model'])) {
} }
if (isset($_POST['asset_serial'])) { if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial']))); $serial = sanitizeInput($_POST['asset_serial']);
} elseif (isset($asset_row) && isset($asset_row['asset_serial'])) { } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
$serial = $asset_row['asset_serial']; $serial = $asset_row['asset_serial'];
} else { } else {
@@ -41,7 +41,7 @@ if (isset($_POST['asset_serial'])) {
} }
if (isset($_POST['asset_os'])) { if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os']))); $os = sanitizeInput($_POST['asset_os']);
} elseif (isset($asset_row) && isset($asset_row['asset_os'])) { } elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
$os = $asset_row['asset_os']; $os = $asset_row['asset_os'];
} else { } else {
@@ -49,7 +49,7 @@ if (isset($_POST['asset_os'])) {
} }
if (isset($_POST['asset_ip'])) { if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip']))); $aip = sanitizeInput($_POST['asset_ip']);
} elseif (isset($asset_row) && isset($asset_row['asset_ip'])) { } elseif (isset($asset_row) && isset($asset_row['asset_ip'])) {
$aip = $asset_row['asset_ip']; $aip = $asset_row['asset_ip'];
} else { } else {
@@ -57,7 +57,7 @@ if (isset($_POST['asset_ip'])) {
} }
if (isset($_POST['asset_mac'])) { if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac']))); $mac = sanitizeInput($_POST['asset_mac']);
} elseif (isset($asset_row) && isset($asset_row['asset_mac'])) { } elseif (isset($asset_row) && isset($asset_row['asset_mac'])) {
$mac = $asset_row['asset_mac']; $mac = $asset_row['asset_mac'];
} else { } else {
@@ -65,7 +65,7 @@ if (isset($_POST['asset_mac'])) {
} }
if (isset($_POST['asset_status'])) { if (isset($_POST['asset_status'])) {
$status = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_status']))); $status = sanitizeInput($_POST['asset_status']);
} elseif (isset($asset_row) && isset($asset_row['asset_status'])) { } elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
$status = $asset_row['asset_status']; $status = $asset_row['asset_status'];
} else { } else {
@@ -73,7 +73,7 @@ if (isset($_POST['asset_status'])) {
} }
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) { if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date']))); $purchase_date = sanitizeInput($_POST['asset_purchase_date']);
} elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) { } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
$purchase_date = $asset_row['asset_purchase_date']; $purchase_date = $asset_row['asset_purchase_date'];
} else { } else {
@@ -81,7 +81,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
} }
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) { if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire']))); $warranty_expire = sanitizeInput($_POST['asset_warranty_expire']);
} elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) { } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
$warranty_expire = $asset_row['asset_warranty_expire']; $warranty_expire = $asset_row['asset_warranty_expire'];
} else { } else {
@@ -89,7 +89,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
} }
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) { if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date']))); $install_date = sanitizeInput($_POST['asset_install_date']);
} elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) { } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
$install_date = $asset_row['asset_install_date']; $install_date = $asset_row['asset_install_date'];
} else { } else {
@@ -97,7 +97,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
} }
if (isset($_POST['asset_notes'])) { if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes']))); $notes = sanitizeInput($_POST['asset_notes']);
} elseif (isset($asset_row) && isset($asset_row['asset_notes'])) { } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
$notes = $asset_row['asset_notes']; $notes = $asset_row['asset_notes'];
} else { } else {

6
api/v1/assets/create.php
View File

@@ -11,14 +11,14 @@ $insert_id = false;
if (!empty($name) && !empty($client_id)) { if (!empty($name) && !empty($client_id)) {
// Insert into Database // Insert into Database
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'"); $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if ($insert_sql) { if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli); $insert_id = mysqli_insert_id($mysqli);
//Logging //Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
} }
} }

2
api/v1/assets/update.php
View File

@@ -16,7 +16,7 @@ if (!empty($asset_id)) {
// Variable assignment from POST - assigning the current database value if a value is not provided // Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php'); require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check insert & get insert ID // Check insert & get insert ID
if ($update_sql) { if ($update_sql) {

12
api/v1/contacts/contact_model.php
View File

@@ -3,7 +3,7 @@ define('number_regex', '/[^0-9]/');
// Variable assignment from POST (or: blank/from DB is updating) // Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['contact_name'])) { if (isset($_POST['contact_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name']))); $name = sanitizeInput($_POST['contact_name']);
} elseif ($contact_row) { } elseif ($contact_row) {
$name = $contact_row['contact_name']; $name = $contact_row['contact_name'];
} else { } else {
@@ -11,7 +11,7 @@ if (isset($_POST['contact_name'])) {
} }
if (isset($_POST['contact_title'])) { if (isset($_POST['contact_title'])) {
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title']))); $title = sanitizeInput($_POST['contact_title']);
} elseif ($contact_row) { } elseif ($contact_row) {
$title = $contact_row['contact_title']; $title = $contact_row['contact_title'];
} else { } else {
@@ -19,7 +19,7 @@ if (isset($_POST['contact_title'])) {
} }
if (isset($_POST['contact_department'])) { if (isset($_POST['contact_department'])) {
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department']))); $department = sanitizeInput($_POST['contact_department']);
} elseif ($contact_row) { } elseif ($contact_row) {
$department = $contact_row['contact_department']; $department = $contact_row['contact_department'];
} else { } else {
@@ -27,7 +27,7 @@ if (isset($_POST['contact_department'])) {
} }
if (isset($_POST['contact_email'])) { if (isset($_POST['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email']))); $email = sanitizeInput($_POST['contact_email']);
} elseif ($contact_row) { } elseif ($contact_row) {
$email = $contact_row['contact_email']; $email = $contact_row['contact_email'];
} else { } else {
@@ -59,7 +59,7 @@ if (isset($_POST['contact_mobile'])) {
} }
if (isset($_POST['contact_notes'])) { if (isset($_POST['contact_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes']))); $notes = sanitizeInput($_POST['contact_notes']);
} elseif ($contact_row) { } elseif ($contact_row) {
$notes = $contact_row['contact_notes']; $notes = $contact_row['contact_notes'];
} else { } else {
@@ -67,7 +67,7 @@ if (isset($_POST['contact_notes'])) {
} }
if (isset($_POST['contact_auth_method'])) { if (isset($_POST['contact_auth_method'])) {
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method']))); $auth_method = sanitizeInput($_POST['contact_auth_method']);
} elseif ($contact_row) { } elseif ($contact_row) {
$auth_method = $contact_row['contact_auth_method']; $auth_method = $contact_row['contact_auth_method'];
} else { } else {

10
client_add_modal.php
View File

@@ -295,6 +295,16 @@
</ul> </ul>
<?php if (mysqli_num_rows($sql_tags_select) == 0){ ?>
<div class='my-3 text-center'>
<i class='fa fa-fw fa-6x fa-tags text-secondary'></i>
<h3 class='text-secondary mt-3'>No Tags Found!</h3>
<a href="settings_tags.php">Try adding a few <b>Settings > Tags</b></a>
</div>
<?php } ?>
</div> </div>
</div> </div>

10
client_edit_modal.php
View File

@@ -161,6 +161,16 @@
</ul> </ul>
<?php if (mysqli_num_rows($sql_tags_select) == 0){ ?>
<div class='my-3 text-center'>
<i class='fa fa-fw fa-6x fa-tags text-secondary'></i>
<h3 class='text-secondary mt-3'>No Tags Found!</h3>
<a href="settings_tags.php">Try adding a few <b>Settings > Tags</b></a>
</div>
<?php } ?>
</div> </div>
</div> </div>