From dc80894dd9c9f6d2789d2ea2bd0bce01a96c616c Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 16 Feb 2023 14:38:23 -0500
Subject: [PATCH] Added inputSantize function to trim SQL escape and Strip Tags
 when string enter the database and to tidy up the code

---
 functions.php      | 15 +++++++++++++++
 models/contact.php | 13 +++++++------
 post.php           | 36 ++++++++++++++++++------------------
 3 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/functions.php b/functions.php
index f48b587c..9c197841 100644
--- a/functions.php
+++ b/functions.php
@@ -625,3 +625,18 @@ function checkFileUpload($file, $allowed_extensions)
     return md5(time() . $name) . '.' . $extension;
 
 }
+
+function sanitizeInput($input) {
+    global $mysqli;
+    // Remove white space from beginning and end of input
+    $input = trim($input);
+
+    // Remove HTML and PHP tags
+    $input = strip_tags($input);
+
+    // Escape special characters
+    $input = mysqli_real_escape_string($mysqli, $input);
+
+    // Return sanitized input
+    return $input;
+}
diff --git a/models/contact.php b/models/contact.php
index 1a2af870..d9992c2c 100644
--- a/models/contact.php
+++ b/models/contact.php
@@ -1,16 +1,17 @@
 <?php
+
 $client_id = intval($_POST['client_id']);
-$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
-$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['title'])));
-$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['department'])));
+$name = sanitizeInput($_POST['name']);
+$title = sanitizeInput($_POST['title']);
+$department = sanitizeInput($_POST['department']);
 $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
 $extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
 $mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
-$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])));
+$email = sanitizeInput($_POST['email']);
 $primary_contact = intval($_POST['primary_contact']);
-$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
+$notes = sanitizeInput($_POST['notes']);
 $contact_important = intval($_POST['contact_important']);
 $contact_billing = intval($_POST['contact_billing']);
 $contact_technical = intval($_POST['contact_technical']);
 $location_id = intval($_POST['location']);
-$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['auth_method'])));
+$auth_method = sanitizeInput($_POST['auth_method']);
diff --git a/post.php b/post.php
index 3b0b04aa..1534a58c 100644
--- a/post.php
+++ b/post.php
@@ -18,7 +18,7 @@ if(isset($_GET['switch_company'])){
     //Get Company Name
     $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id");
     $row = mysqli_fetch_array($sql);
-    $company_name = $row['company_name'];
+    $company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name']));
 
     //Check to see if user has Permission to access the company
     if(in_array($company_id,$session_user_company_access_array)){
@@ -197,7 +197,7 @@ if(isset($_GET['activate_user'])){
     // Get User Name
     $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
     $row = mysqli_fetch_array($sql);
-    $user_name = $row['user_name'];
+    $user_name = strip_tags(mysqli_real_escape_string($mysqli,$row['user_name']));
 
     mysqli_query($mysqli,"UPDATE users SET user_status = 1 WHERE user_id = $user_id");
 
@@ -220,7 +220,7 @@ if(isset($_GET['disable_user'])){
     // Get User Name
     $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
     $row = mysqli_fetch_array($sql);
-    $user_name = $row['user_name'];
+    $user_name = strip_tags(mysqli_real_escape_string($mysqli,$row['user_name']));
 
     mysqli_query($mysqli,"UPDATE users SET user_status = 0 WHERE user_id = $user_id");
 
@@ -402,7 +402,7 @@ if(isset($_GET['archive_user'])){
     // Get user details
     $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
     $row = mysqli_fetch_array($sql);
-    $name = $row['user_name'];
+    $name = strip_tags(mysqli_real_escape_string($mysqli,$row['user_name']));
 
     // Archive user query
     mysqli_query($mysqli,"UPDATE users SET user_name = '$name (archived)', user_password = '$password', user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
@@ -454,7 +454,7 @@ if(isset($_GET['delete_api_key'])){
 
     // Get API Key Name
     $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"));
-    $name = $row['api_key_name'];
+    $name = strip_tags(mysqli_real_escape_string($mysqli,$row['api_key_name']));
 
     mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
 
@@ -637,7 +637,7 @@ if(isset($_GET['archive_company'])){
     //Get Company Name
     $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id");
     $row = mysqli_fetch_array($sql);
-    $company_name = $row['company_name'];
+    $company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name']));
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Archive', log_description = '$session_name archived company $company_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");
 
     $_SESSION['alert_type'] = "error";
@@ -659,7 +659,7 @@ if(isset($_GET['delete_company'])){
     // Get Company Name
     $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id");
     $row = mysqli_fetch_array($sql);
-    $company_name = $row['company_name'];
+    $company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name']));
 
     // Delete Company and all relational data A-Z
 
@@ -1070,16 +1070,16 @@ if(isset($_POST['send_telemetry_data'])){
 
     validateAdminRole();
 
-    $comments = $_POST['comments'];
+    $comments = strip_tags(mysqli_real_escape_string($mysqli,$_POST['comments']));
 
     $sql = mysqli_query($mysqli,"SELECT * FROM companies LIMIT 1");
     $row = mysqli_fetch_array($sql);
 
-    $company_name = $row['company_name'];
-    $city = $row['company_city'];
-    $state = $row['company_state'];
-    $country = $row['company_country'];
-    $currency = $row['company_currency'];
+    $company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name']));
+    $city = strip_tags(mysqli_real_escape_string($mysqli,$row['company_city']));
+    $state = strip_tags(mysqli_real_escape_string($mysqli,$row['company_state']));
+    $country = strip_tags(mysqli_real_escape_string($mysqli,$row['company_country']));
+    $currency = strip_tags(mysqli_real_escape_string($mysqli,$row['company_currency']));
     $current_version = exec("git rev-parse HEAD");
 
     // Client Count
@@ -1503,11 +1503,11 @@ if(isset($_GET['update'])){
         $sql = mysqli_query($mysqli,"SELECT * FROM companies LIMIT 1");
         $row = mysqli_fetch_array($sql);
 
-        $company_name = $row['company_name'];
-        $city = $row['company_city'];
-        $state = $row['company_state'];
-        $country = $row['company_country'];
-        $currency = $row['company_currency'];
+        $company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name']));
+        $city = strip_tags(mysqli_real_escape_string($mysqli,$row['company_city']));
+        $state = strip_tags(mysqli_real_escape_string($mysqli,$row['company_state']));
+        $country = strip_tags(mysqli_real_escape_string($mysqli,$row['company_country']));
+        $currency = strip_tags(mysqli_real_escape_string($mysqli,$row['company_currency']));
         $current_version = exec("git rev-parse HEAD");
 
         // Client Count