AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert services to strip_tags

This commit is contained in:
Marcus Hill 2022-02-21 20:51:19 +00:00
parent 633eeb1296
commit d5c142c86f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
post.php
View File

@ -5766,7 +5766,7 @@ if(isset($_POST['add_service'])){
$service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
$service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
$service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
$service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
$service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
// Create Service
$service_sql = mysqli_query($mysqli, "INSERT INTO services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_created_at = NOW(), service_client_id = '$client_id', company_id = '$session_company_id'");
@ -5859,7 +5859,7 @@ if(isset($_POST['edit_service'])){
$service_category = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['category']))); //TODO: Needs integration with company categories
$service_importance = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['importance'])));
$service_backup = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['backup'])));
$service_notes = trim(htmlentities(mysqli_real_escape_string($mysqli,$_POST['note'])));
$service_notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
// Update main service details
mysqli_query($mysqli, "UPDATE services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_updated_at = NOW() WHERE service_id = '$service_id' AND company_id = '$session_company_id'");