ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated new models with santizeInput function to reduce clutter

Browse Source
This commit is contained in:
johnnyq
2023-02-16 14:54:49 -05:00
parent dc80894dd9
commit 56e0c7d30b
14 changed files with 61 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
models/category.php
View File

@@ -1,4 +1,4 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['type']))); $type = sanitizeInput($_POST['type']);
$color = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['color']))); $color = sanitizeInput($_POST['color']);

12
models/client.php
View File

@@ -1,8 +1,8 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['type']))); $type = sanitizeInput($_POST['type']);
$website = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['website']))); $website = sanitizeInput($_POST['website']);
$referral = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['referral']))); $referral = sanitizeInput($_POST['referral']);
$currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['currency_code']))); $currency_code = sanitizeInput($_POST['currency_code']);
$net_terms = intval($_POST['net_terms']); $net_terms = intval($_POST['net_terms']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes']))); $notes = sanitizeInput($_POST['notes']);

20
models/company.php
View File

@@ -1,12 +1,12 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$address = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['address']))); $address = sanitizeInput($_POST['address']);
$city = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['city']))); $city = sanitizeInput($_POST['city']);
$state = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['state']))); $state = sanitizeInput($_POST['state']);
$zip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['zip']))); $zip = sanitizeInput($_POST['zip']);
$country = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['country']))); $country = sanitizeInput($_POST['country']);
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']); $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']))); $email = sanitizeInput($_POST['email']);
$website = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['website']))); $website = sanitizeInput($_POST['website']);
$locale = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['locale']))); $locale = sanitizeInput($_POST['locale']);
$currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['currency_code']))); $currency_code = sanitizeInput($_POST['currency_code']);

10
models/event.php
View File

@@ -1,9 +1,9 @@
<?php <?php
$calendar_id = intval($_POST['calendar']); $calendar_id = intval($_POST['calendar']);
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['title']))); $title = sanitizeInput($_POST['title']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description']))); $description = sanitizeInput($_POST['description']);
$start = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['start']))); $start = sanitizeInput($_POST['start']);
$end = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['end']))); $end = sanitizeInput($_POST['end']);
$repeat = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['repeat']))); $repeat = sanitizeInput($_POST['repeat']);
$client = intval($_POST['client']); $client = intval($_POST['client']);
$email_event = intval($_POST['email_event']); $email_event = intval($_POST['email_event']);

6
models/expense.php
View File

@@ -1,8 +1,8 @@
<?php <?php
$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date']))); $date = sanitizeInput($_POST['date']);
$amount = floatval($_POST['amount']); $amount = floatval($_POST['amount']);
$account = intval($_POST['account']); $account = intval($_POST['account']);
$vendor = intval($_POST['vendor']); $vendor = intval($_POST['vendor']);
$category = intval($_POST['category']); $category = intval($_POST['category']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description']))); $description = sanitizeInput($_POST['description']);
$reference = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['reference']))); $reference = sanitizeInput($_POST['reference']);

4
models/invoice.php
View File

@@ -1,4 +1,4 @@
<?php <?php
$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date']))); $date = sanitizeInput($_POST['date']);
$category = intval($_POST['category']); $category = intval($_POST['category']);
$scope = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['scope']))); $scope = sanitizeInput($_POST['scope']);

4
models/product.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description']))); $description = sanitizeInput($_POST['description']);
$price = floatval($_POST['price']); $price = floatval($_POST['price']);
$category = intval($_POST['category']); $category = intval($_POST['category']);
$tax = intval($_POST['tax']); $tax = intval($_POST['tax']);

4
models/quote.php
View File

@@ -1,4 +1,4 @@
<?php <?php
$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date']))); $date = sanitizeInput($_POST['date']);
$category = intval($_POST['category']); $category = intval($_POST['category']);
$scope = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['scope']))); $scope = sanitizeInput($_POST['scope']);

6
models/tag.php
View File

@@ -1,5 +1,5 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$type = intval($_POST['type']); $type = intval($_POST['type']);
$color = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['color']))); $color = sanitizeInput($_POST['color']);
$icon = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['icon']))); $icon = sanitizeInput($_POST['icon']);

4
models/transfer.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date']))); $date = sanitizeInput($_POST['date']);
$amount = floatval($_POST['amount']); $amount = floatval($_POST['amount']);
$account_from = intval($_POST['account_from']); $account_from = intval($_POST['account_from']);
$account_to = intval($_POST['account_to']); $account_to = intval($_POST['account_to']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes']))); $notes = sanitizeInput($_POST['notes']);

8
models/trip.php
View File

@@ -1,9 +1,9 @@
<?php <?php
$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date']))); $date = sanitizeInput($_POST['date']);
$source = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['source']))); $source = sanitizeInput($_POST['source']);
$destination = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['destination']))); $destination = sanitizeInput($_POST['destination']);
$miles = floatval($_POST['miles']); $miles = floatval($_POST['miles']);
$roundtrip = intval($_POST['roundtrip']); $roundtrip = intval($_POST['roundtrip']);
$purpose = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['purpose']))); $purpose = sanitizeInput($_POST['purpose']);
$user_id = intval($_POST['user']); $user_id = intval($_POST['user']);
$client_id = intval($_POST['client']); $client_id = intval($_POST['client']);

4
models/user.php
View File

@@ -1,5 +1,5 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']))); $email = sanitizeInput($_POST['email']);
$default_company = intval($_POST['default_company']); $default_company = intval($_POST['default_company']);
$role = intval($_POST['role']); $role = intval($_POST['role']);

22
models/vendor.php
View File

@@ -1,13 +1,13 @@
<?php <?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name']))); $name = sanitizeInput($_POST['name']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description']))); $description = sanitizeInput($_POST['description']);
$account_number = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['account_number']))); $account_number = sanitizeInput($_POST['account_number']);
$contact_name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name']))); $contact_name = sanitizeInput($_POST['contact_name']);
$phone = preg_replace("/[^0-9]/", '', $_POST['phone']); $phone = preg_replace("/[^0-9]/", '', $_POST['phone']);
$extension = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['extension']))); $extension = preg_replace("/[^0-9]/", '', $_POST['extension']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']))); $email = sanitizeInput($_POST['email']);
$website = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['website']))); $website = sanitizeInput($_POST['website']);
$hours = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['hours']))); $hours = sanitizeInput($_POST['hours']);
$sla = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['sla']))); $sla = sanitizeInput($_POST['sla']);
$code = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['code']))); $code = sanitizeInput($_POST['code']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes']))); $notes = sanitizeInput($_POST['notes']);

12
post.php
View File

@@ -18,7 +18,7 @@ if(isset($_GET['switch_company'])){
//Get Company Name //Get Company Name
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id"); $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $company_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$company_name = strip_tags(mysqli_real_escape_string($mysqli,$row['company_name'])); $company_name = sanitizeInput($row['company_name']);
//Check to see if user has Permission to access the company //Check to see if user has Permission to access the company
if(in_array($company_id,$session_user_company_access_array)){ if(in_array($company_id,$session_user_company_access_array)){
@@ -126,7 +126,7 @@ if(isset($_POST['edit_user'])){
$user_id = intval($_POST['user_id']); $user_id = intval($_POST['user_id']);
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']))); $existing_file_name = sanitizeInput($_POST['existing_file_name']);
$extended_log_description = ''; $extended_log_description = '';
if(!empty($_POST['2fa'])) { if(!empty($_POST['2fa'])) {
$two_fa = $_POST['2fa']; $two_fa = $_POST['2fa'];
@@ -197,7 +197,7 @@ if(isset($_GET['activate_user'])){
// Get User Name // Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id"); $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$user_name = strip_tags(mysqli_real_escape_string($mysqli,$row['user_name'])); $user_name = sanitizeInput($row['user_name']);
mysqli_query($mysqli,"UPDATE users SET user_status = 1 WHERE user_id = $user_id"); mysqli_query($mysqli,"UPDATE users SET user_status = 1 WHERE user_id = $user_id");
@@ -220,7 +220,7 @@ if(isset($_GET['disable_user'])){
// Get User Name // Get User Name
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id"); $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$user_name = strip_tags(mysqli_real_escape_string($mysqli,$row['user_name'])); $user_name = sanitizeInput($row['user_name']);
mysqli_query($mysqli,"UPDATE users SET user_status = 0 WHERE user_id = $user_id"); mysqli_query($mysqli,"UPDATE users SET user_status = 0 WHERE user_id = $user_id");
@@ -240,8 +240,8 @@ if(isset($_POST['edit_profile'])){
validateCSRFToken($_POST['csrf_token']); validateCSRFToken($_POST['csrf_token']);
$user_id = $session_user_id; $user_id = $session_user_id;
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $name = sanitizeInput($_POST['name']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']))); $email = sanitizeInput($_POST['email']);
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']))); $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
$logout = false; $logout = false;