ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #642 from wrongecho/stricter-input-validation-theme-tags

Browse Source 
Add stronger input validation/output escaping
This commit is contained in:
wrongecho
2023-03-05 19:31:22 +00:00
committed by GitHub
parent ff18e704c8 2210ad9f3e
commit 9a3266190c
8 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client_side_nav.php
+1 -1
View File
@@ -1,5 +1,5 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
<!-- Sidebar -->
<div class="sidebar">
header.php
+1 -1
View File
@@ -36,5 +36,5 @@ header("X-Frame-Options: DENY");
<script src="plugins/toastr/toastr.min.js"></script>
</head>
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo $config_theme; ?>">
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo htmlentities($config_theme); ?>">
<div class="wrapper text-sm">
models/category.php
+1 -1
View File
@@ -1,4 +1,4 @@
<?php
$name = sanitizeInput($_POST['name']);
$type = sanitizeInput($_POST['type']);
$color = sanitizeInput($_POST['color']);
$color = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['color']));
models/tag.php
+2 -2
View File
@@ -1,5 +1,5 @@
<?php
$name = sanitizeInput($_POST['name']);
$type = intval($_POST['type']);
$color = sanitizeInput($_POST['color']);
$icon = sanitizeInput($_POST['icon']);
$color = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['color']));
$icon = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['icon']));
post.php
+1 -1
View File
@@ -870,7 +870,7 @@ if(isset($_POST['edit_theme_settings'])){
validateAdminRole();
$theme = sanitizeInput($_POST['theme']);
$theme = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['theme']));
mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = $session_company_id");
settings_side_nav.php
+1 -1
View File
@@ -1,5 +1,5 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
<!-- Sidebar -->
<div class="sidebar">
side_nav.php
+1 -1
View File
@@ -1,5 +1,5 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
<!-- Sidebar -->
<div class="sidebar">
top_nav.php
+1 -1
View File
@@ -1,5 +1,5 @@
<!-- Navbar -->
<nav class="main-header navbar navbar-expand navbar-<?php echo $config_theme; ?> navbar-dark">
<nav class="main-header navbar navbar-expand navbar-<?php echo htmlentities($config_theme); ?> navbar-dark">
<!-- Left navbar links -->
<ul class="navbar-nav">