mirror of https://github.com/itflow-org/itflow
Correct typos
This commit is contained in:
Marcus Hill
parent
2c3ebb3bbb
commit
d73b3cb960
|
|
@ -20,7 +20,7 @@ ITFlow is in Beta.
|
|||
|
||||
**Please do not report security vulnerabilities through public GitHub issues.**
|
||||
|
||||
If you have discovered a security issue, please report it to us in as much detail as possible so we can fix it.
|
||||
If you have discovered a security issue, please report it to us in as much detail as possible, so we can fix it.
|
||||
You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail.
|
||||
|
||||
Security contact:
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ $session_company_currency = $row['company_currency'];
|
|||
|
||||
include("get_settings.php");
|
||||
|
||||
//Detects if using an apple device and uses apple maps instead of google
|
||||
//Detects if using an Apple device and uses Apple Maps instead of google
|
||||
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
|
||||
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
|
||||
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<div class="mb-4" style="text-align: center;">
|
||||
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
|
||||
<h2>Are you sure?</h2>
|
||||
<h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc? This process cannot be undone.</h6>
|
||||
<h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc.? This process cannot be undone.</h6>
|
||||
<div class="form-group">
|
||||
<input type="hidden" id="clientName<?php echo $client_id ?>" value="<?php echo $client_name; ?>">
|
||||
<input class="form-control" type="text" id="clientNameProvided<?php echo $client_id ?>" onkeyup="validateClientNameDelete(<?php echo $client_id ?>)" placeholder="Please enter: '<?php echo $client_name; ?>'">
|
||||
|
|
|
|||
6
cron.php
6
cron.php
|
|
@ -254,7 +254,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
|
|||
|
||||
}
|
||||
|
||||
//Send Recurring Invoices that match todays date and are active
|
||||
//Send Recurring Invoices that match today's date and are active
|
||||
|
||||
//Loop through all recurring that match today's date and is active
|
||||
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
|
||||
|
|
@ -296,8 +296,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
|
|||
|
||||
while ($row = mysqli_fetch_array($sql_invoice_items)) {
|
||||
$item_id = $row['item_id'];
|
||||
$item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of ,
|
||||
$item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of ,
|
||||
$item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape in case of ,
|
||||
$item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape in case of ,
|
||||
$item_quantity = $row['item_quantity'];
|
||||
$item_price = $row['item_price'];
|
||||
$item_subtotal = $row['item_subtotal'];
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ $largest_income_month = 0;
|
|||
$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
|
||||
$row = mysqli_fetch_array($sql_total_payments_to_invoices);
|
||||
$total_payments_to_invoices = $row['total_payments_to_invoices'];
|
||||
//Do not grab transfer payment as these have an category_id of 0
|
||||
//Do not grab transfer payment as these have a category_id of 0
|
||||
$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
|
||||
$row = mysqli_fetch_array($sql_total_revenues);
|
||||
$total_revenues = $row['total_revenues'];
|
||||
|
|
|
|||
|
|
@ -243,7 +243,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
|
|||
|
||||
if (CURRENT_DATABASE_VERSION == '0.1.1') {
|
||||
// Insert queries here required to update to DB version 0.1.2
|
||||
// Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors
|
||||
// Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
|
||||
|
||||
mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
|
||||
mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ function get_device() {
|
|||
}
|
||||
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
|
||||
$mobile_browser++;
|
||||
//Check for tablets on opera mini alternative headers
|
||||
//Check for tablets on Opera Mini alternative headers
|
||||
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
|
||||
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
|
||||
$tablet_browser++;
|
||||
|
|
@ -290,7 +290,7 @@ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) {
|
|||
/*
|
||||
Generates what is probably best described as a session key (ephemeral-ish)
|
||||
- Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential
|
||||
- Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie
|
||||
- Ciphertext/IV is stored on the server in the users' session, encryption key is controlled/provided by the user as a cookie
|
||||
- Only the user can decrypt their session ciphertext to get the master key
|
||||
- Encryption key never hits the disk in cleartext
|
||||
*/
|
||||
|
|
@ -541,7 +541,7 @@ function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_
|
|||
}
|
||||
|
||||
catch(Exception $e) {
|
||||
// If we couldn't send the message return the error so we can log it
|
||||
// If we couldn't send the message return the error, so we can log it
|
||||
return "Message not sent. Mailer Error: {$mail->ErrorInfo}";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ if (isset($_POST['login'])) {
|
|||
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
|
||||
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
|
||||
|
||||
// Set PHP session in DB so we can access the session encryption data (above)
|
||||
// Set PHP session in DB, so we can access the session encryption data (above)
|
||||
$user_php_session = session_id();
|
||||
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ $auth_code_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/au
|
|||
$token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token";
|
||||
|
||||
// Initial Login Request, via Microsoft
|
||||
// Returns a authorization code if login was successful
|
||||
// Returns an authorization code if login was successful
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
|
||||
$params = array (
|
||||
|
|
@ -45,7 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
|||
|
||||
}
|
||||
|
||||
// Login was successful, Microsoft has returned us a authorization code via POST
|
||||
// Login was successful, Microsoft has returned us an authorization code via POST
|
||||
// Request an access token using authorization code (& client secret) (server side)
|
||||
if (isset($_POST['code']) && $_POST['state'] == session_id()) {
|
||||
|
||||
|
|
@ -117,7 +117,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
|
|||
|
||||
}
|
||||
|
||||
// If the user is just sat on the page, redirect them to login to try again
|
||||
// If the user is just sat on the page, redirect them to log in to try again
|
||||
if (empty($_GET)) {
|
||||
echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
|
||||
}
|
||||
|
|
@ -118,7 +118,7 @@
|
|||
|
||||
if ($debug) {
|
||||
print "Prior to HMAC calculation pad with zero on the left until 8 characters.<br/>";
|
||||
print "Calculate sha1 HMAC(Hash-based Message Authentication Code http://en.wikipedia.org/wiki/HMAC).<br/>";
|
||||
print "Calculate sha1 HMAC(Hash-based Message Authentication Code https://en.wikipedia.org/wiki/HMAC).<br/>";
|
||||
print "hash_hmac ('sha1', $binary, $key)<br/>";
|
||||
}
|
||||
$result = hash_hmac ('sha1', $binary, $key);
|
||||
|
|
|
|||
|
|
@ -769,7 +769,7 @@ $locales_array = [
|
|||
|
||||
if (isset($_POST['add_database'])) {
|
||||
|
||||
// Check if database has been setup already. If it has, direct user to edit directly instead.
|
||||
// Check if database has been set up already. If it has, direct user to edit directly instead.
|
||||
if (file_exists('config.php')) {
|
||||
$_SESSION['alert_message'] = "Database already configured. Any further changes should be made by editing the config.php file.";
|
||||
header("Location: setup.php?user");
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
|
||||
<h2>Are you sure?</h2>
|
||||
<h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
|
||||
<h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to login or use ITFlow, but all associated content will remain accessible.</h6>
|
||||
<h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to log in or use ITFlow, but all associated content will remain accessible.</h6>
|
||||
<button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
|
||||
<a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
|
|||
<?php if (empty($session_token)) { ?>
|
||||
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
|
||||
<?php }else{ ?>
|
||||
<p>You have setup 2FA. Your QR code is below.</p>
|
||||
<p>You have set up 2FA. Your QR code is below.</p>
|
||||
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
|
||||
<?php } ?>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue