AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,875 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
Marcus Hill 5460825ece Replace stripslashes with strip_tags 2023-01-02 14:44:46 +00:00
johnnyq 2a16b6d2ae Remove some tags there and here some more output formatting all thanks to the great security researcher @indevi0us for pointing these out to us. 2022-12-21 21:31:51 -05:00
Marcus Hill 51792a1a2f Set a max date attribute for date input fields to prevent/discourage them going over 4 characters (client side validation) 2022-12-17 18:03:53 +00:00
johnnyq b6e540825f Format output for the proper code syntax, this should fix many various issues with output formatting and page breakage 2022-12-02 19:58:21 -05:00
Marcus Hill 2d92237891 This should link to the client log page, not overview 2022-10-02 15:24:02 +01:00
Marcus Hill d4c04ae537 Update link to client page from client.php to client_overview.php 2022-10-02 15:15:20 +01:00
johnnyq e5a4451bb9 Update settings File naming consistancy to match the rest of ITFlow naming 2022-09-21 12:30:04 -04:00
Marcus Hill b4f2fdd03d Code deduplication/tidying 
- Move default pagination/sort/search query variable mapping to pagination_head.php
- Remove user_logs.php
 2022-04-14 19:49:18 +01:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
johnnyq 3b615d2f3a UI updates mainly icon swaps etc 2022-02-22 14:41:48 -05:00
johnnyq 1829c7299e Made the php includes much more modular and simpler by lumping them all in 1 file inc_all.php instead of all over the place 2022-02-22 00:29:39 -05:00
johnnyq 29422b9d52 Added Client name to logs along with a link to the client logs page 2022-02-21 21:56:16 -05:00
johnnyq 48dbb3ec4c More Define canned date if not set. Prevents undefined errors Same as a48e302 2022-01-13 14:07:51 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq faf39fc84a Code cleanup and fix possible injections when a trusted user is logged in thanks to mwdmeyer, constant_chaos, disclosure5 and rightwayround from /r/msp for pointing these issues out 2021-12-12 13:16:26 -05:00
johnnyq 9e9bb50db0 Fixed a SQL injection could only work if you had a login thanks disclosure5 for pointing this out from reddit/r/msp 2021-12-12 01:22:39 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq f3053ffbd4 BREAKING CHANGES: Major Backend Code Changes Updated Foreign keys to prepend their table names ex invoice_client_id, switched most queries over to JOIN instead of = Combined contacts and location into client removed client email, phone etc fields, tons of small bug fixes, and other small UI changes all across the board 2021-08-27 23:14:06 -04:00
johnny@pittpc.com 66f9e2b10f Removed Records per page as a setting and added it as session variable define at 10 by default when logged in DB Structure Updated 2021-02-10 13:40:28 -05:00
johnny@pittpc.com 530d46a812 Added selectable num of records on each listing page, fixed up Pagination Records UI, added new stripe library, further worked on stripe integration, fixed mispelling in client details 2021-02-10 11:21:38 -05:00
johnny@pittpc.com 274e1dc9e8 Hide Archived dropdowns when adding adding a new item, except when you are editing an item from before the archived date, Do not allow archiving account until balance is 0. 2021-02-07 13:58:42 -05:00
johnny@pittpc.com 632714cd17 Added Tax ID to each line item, also if tax % changes the new recurring will automatically get updated and sent with the right tax rate DB Structure updated 2021-02-06 00:18:37 -05:00
johnny@pittpc.com 46e0147026 Some Small fixes in setup 2021-02-05 15:36:08 -05:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com 7b4618c16f Number of Records per page is now configurable 2021-01-15 19:51:40 -05:00
johnny@pittpc.com 07ae63f635 Seperated User Audit Logs and General Logs 2020-09-25 17:12:36 -04:00
johnny@pittpc.com ca427ab763 Updated User Settings Page and added logging to most functions 2019-09-06 03:03:16 -04:00
johnny@pittpc.com d259d1b3dc Started Logs: Login attempts are now logged, created a logs list in the side nav 2019-09-06 00:16:19 -04:00