AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,843 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

1843 Commits

Author SHA1 Message Date
Xander Luedtke 252deefdcd initial docker commit 2023-01-03 18:22:36 -07:00
Johnny 09bb1d4636
Merge pull request #550 from wrongecho/code-audit-pt2 
Ticketing cleanups
 2023-01-03 17:17:22 -05:00
Marcus Hill 56899e60cf Move ticket merge javascript to separate file 2023-01-03 20:43:51 +00:00
Marcus Hill f23d7a5263 Commented unused code. Converted to 4 spaces 2023-01-03 20:39:14 +00:00
Marcus Hill 7e81882bff Separate out time tracking and collision detection JS into separate javascript files 2023-01-03 20:30:39 +00:00
Marcus Hill a780df5205 Change spacing to 4 spaces; general refactor/tidy up 2023-01-03 20:20:54 +00:00
Marcus Hill d8410d95b2 Rem old commented code 2023-01-03 20:00:01 +00:00
johnnyq c324fbbfff Update more UI modals to nicer look 2023-01-02 22:21:12 -05:00
Johnny 893f4405ff
Merge pull request #547 from wrongecho/code-audit 
Misc changes from code security audit
 2023-01-02 21:16:17 -05:00
Marcus Hill b70052b864 - Validate user email before sending welcome message 
- Remove old code from edit_user - we now enforce admin role properly
- Users may only edit their own profiles - enforced via session id rather than role
- Rem ticket views deletion comment - ticket views are cleaned up daily via cron
- Require CSRF Token when adding/removing 2FA and backing up master key
 2023-01-02 21:06:51 +00:00
johnnyq 637712aa71 Eworked year selector on the dashboard 2023-01-02 16:03:52 -05:00
Marcus Hill 1b96f8659e Rem comment - we set this info in the session at login and enforce roles there, and will be updating overall site role enforcement 2023-01-02 19:40:09 +00:00
Marcus Hill 9eea00bccf Change stripslashes to htmlentities 2023-01-02 19:29:00 +00:00
Marcus Hill a66b6052df Change stripslashes to strip_tags for better html sanitization 2023-01-02 19:28:24 +00:00
Marcus Hill 24f825ca08 SQL Escape tech username in session. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user 2023-01-02 19:22:21 +00:00
Marcus Hill 019776f538 Change manual admin role verification to use the function 2023-01-02 19:10:00 +00:00
Marcus Hill 7688356a5f Remove commented calendar CSS from header as it's loaded by itself on the relevant pages 2023-01-02 19:06:12 +00:00
Marcus Hill a3a4dafaf5 Add item name to shared file view logs 2023-01-02 18:47:06 +00:00
Marcus Hill 3b3c0ee5db Prevent access to unused file 2023-01-02 18:38:21 +00:00
Marcus Hill 0673e550e5 Add file name to shared file download logs 2023-01-02 18:35:07 +00:00
johnnyq d9fdcb8702 Fixed wording on edit invoice modal instead of payment due changed to invoice due 2023-01-02 12:18:10 -05:00
Marcus Hill 4c0acc87b1 Change include to require 2023-01-02 16:07:51 +00:00
Marcus Hill 66259c295b Escape potential HTML data from ticket fields 2023-01-02 15:54:37 +00:00
Marcus Hill f7bfeedf54 Escape potential HTML data from ticket reply contact/user fields 2023-01-02 15:50:35 +00:00
Marcus Hill f2efa79c57 Escape potential HTML data from ticket fields 2023-01-02 15:48:47 +00:00
Marcus Hill 4b10a2ac68 Improve security of password reset token for client portal 2023-01-02 15:38:40 +00:00
Marcus Hill 3ea7406c2e Better name azure client id variable as to not be confusing with itflow client ids 2023-01-02 15:27:29 +00:00
Marcus Hill e32439cc4c Escape potential HTML from ticket fields 2023-01-02 15:24:30 +00:00
Marcus Hill 67b306795b Sanitize portal session vars against sql/html code 2023-01-02 15:17:58 +00:00
Marcus Hill fcdeee6321 SQL Escape client name field to prevent potentially breaking SQL queries 2023-01-02 15:06:51 +00:00
Marcus Hill d86285aafd SQL Escape domain/cert/client/ticket fields to prevent them potentially breaking SQL queries 2023-01-02 15:03:56 +00:00
Marcus Hill f150b3cb27 Tidy comment 2023-01-02 14:57:46 +00:00
Marcus Hill b1bb854328 Escape potential HTML in ticket prefix 2023-01-02 14:56:04 +00:00
Marcus Hill 72fd102e57 SQL Escape tech username. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user 2023-01-02 14:54:49 +00:00
Marcus Hill 5460825ece Replace stripslashes with strip_tags 2023-01-02 14:44:46 +00:00
Marcus Hill dcf0bb67d1 Escape potential HTML characters in client name 2023-01-02 14:41:14 +00:00
Marcus Hill 447f20c91c Escape potential HTML characters in the API Key name, as this is used in logs 2023-01-02 14:38:52 +00:00
Marcus Hill 1aa87ccaeb API Key error wording 2023-01-02 14:37:56 +00:00
Marcus Hill cf8713fc73 Fix software read API query via key 2023-01-02 14:34:59 +00:00
Marcus Hill 5a35f508c6 Remove unrequired trim & strip tags - only needs sql escape 2023-01-02 14:32:17 +00:00
Marcus Hill 8687f56eb0 Remove unrequired trim & strip tags - only needs sql escape 2023-01-02 14:31:29 +00:00
Marcus Hill 2454961389 Escape special characters in a shared doc/file/login name to prevent potentially breaking the ajax sharing log query 2023-01-02 14:14:30 +00:00
Marcus Hill b37778b7a1 Escape potential HTML and limit output from SQL query to required fields when calling merge ticket details ajax query 2023-01-02 14:00:37 +00:00
Marcus Hill 79dc34da92 Escape potential HTML characters in usernames (ticket collision detection) 2023-01-02 13:48:16 +00:00
Marcus Hill 3bf4d7a1f1 Remove test file 2023-01-02 13:03:41 +00:00
Marcus Hill f5a2b1df68 Rename & disable unused stripe test page 2023-01-02 12:56:51 +00:00
Marcus Hill 17850f3510 Remove test/old client print and client header pages 2023-01-02 12:50:42 +00:00
Marcus Hill 8ea674d35e Remove unused assets.php file 2023-01-02 12:45:13 +00:00
Johnny 3fd62cd16e
Merge pull request #545 from wrongecho/tidy 
Code Style Tidying
 2023-01-01 15:56:34 -05:00
Johnny 94d8ec5360
Merge pull request #544 from wrongecho/cert-expiring-circle 
Show expiring certs in the client side navbar
 2023-01-01 15:56:14 -05:00