AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add stronger input validation/output escaping for theme, tags and categories vars

Browse Source
This commit is contained in:
Marcus Hill
2023-03-05 19:13:48 +00:00
parent 5640a22c18
commit feb0267002
8 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
settings_side_nav.php
View File

@@ -1,5 +1,5 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
<!-- Sidebar -->
<div class="sidebar">
@@ -8,7 +8,7 @@
<nav class="mt-2">
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
<li class="nav-item mb-2">
<a href="dashboard_financial.php" class="nav-link">
<i class="nav-icon fas fa-arrow-left"></i>
@@ -24,7 +24,7 @@
<p>Users</p>
</a>
</li>
<li class="nav-item">
<a href="companies.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "companies.php") { echo "active"; } ?>">
<i class="nav-icon far fa-building"></i>
@@ -82,71 +82,71 @@
<li class="nav-header mt-3">SETTINGS</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_theme.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_theme.php") { echo "active"; } ?>"
href="settings_theme.php">
<i class="nav-icon fa fa-palette"></i>
<p>Theme</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_mail.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_mail.php") { echo "active"; } ?>"
href="settings_mail.php">
<i class="nav-icon far fa-envelope"></i>
<p>Mail</p>
</a>
</a>
</li>
<?php if ($config_module_enable_accounting) { ?>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_defaults.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_defaults.php") { echo "active"; } ?>"
href="settings_defaults.php">
<i class="nav-icon fas fa-cog"></i>
<p>Defaults</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_invoice.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_invoice.php") { echo "active"; } ?>"
href="settings_invoice.php">
<i class="nav-icon fas fa-file"></i>
<p>Invoice</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_quote.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_quote.php") { echo "active"; } ?>"
href="settings_quote.php">
<i class="nav-icon far fa-file"></i>
<p>Quote</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_alerts.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_alerts.php") { echo "active"; } ?>"
href="settings_alerts.php">
<i class="nav-icon far fa-bell"></i>
<p>Alerts</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_online_payment.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_online_payment.php") { echo "active"; } ?>"
href="settings_online_payment.php">
<i class="nav-icon far fa-credit-card"></i>
<p>Online Payment</p>
</a>
</a>
</li>
<?php } ?>
<?php if ($config_module_enable_ticketing) { ?>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_ticket.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_ticket.php") { echo "active"; } ?>"
href="settings_ticket.php">
<i class="nav-icon fas fa-life-ring"></i>
<p>Ticket</p>
</a>
</a>
</li>
<?php } ?>
@@ -154,31 +154,31 @@
<a href="settings_integrations.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_integrations.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-puzzle-piece"></i>
<p>Integrations</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_update.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_update.php") { echo "active"; } ?>"
href="settings_update.php">
<i class="nav-icon fas fa-arrow-alt-circle-up"></i>
<p>Update</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_telemetry.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_telemetry.php") { echo "active"; } ?>"
href="settings_telemetry.php">
<i class="nav-icon fas fa-broadcast-tower"></i>
<p>Telemetry</p>
</a>
</a>
</li>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_backup.php") { echo "active"; } ?>"
<a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_backup.php") { echo "active"; } ?>"
href="settings_backup.php">
<i class="nav-icon fas fa-database"></i>
<p>Backup</p>
</a>
</a>
</li>
<li class="nav-item">
@@ -188,7 +188,7 @@
<p>Modules</p>
</a>
</li>
<li class="nav-item">
<a href="logs.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "logs.php") { echo "active"; } ?>">
<i class="nav-icon far fa-eye"></i>
@@ -196,7 +196,7 @@
</a>
</li>
</ul>
</nav>
<!-- /.sidebar-menu -->
</div>