Replace all instances of htmlentities() with the new function nullable_htmlentities() thanks @bhopkins0
This commit is contained in:
johnnyq
@@ -30,7 +30,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
<div class="card-body">
|
||||
<form autocomplete="off">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts">
|
||||
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Accounts">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
@@ -52,10 +52,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$account_id = intval($row['account_id']);
|
||||
$account_name = htmlentities($row['account_name']);
|
||||
$account_name = nullable_htmlentities($row['account_name']);
|
||||
$opening_balance = floatval($row['opening_balance']);
|
||||
$account_currency_code = htmlentities($row['account_currency_code']);
|
||||
$account_notes = htmlentities($row['account_notes']);
|
||||
$account_currency_code = nullable_htmlentities($row['account_currency_code']);
|
||||
$account_notes = nullable_htmlentities($row['account_notes']);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
|
||||
$row = mysqli_fetch_array($sql_payments);
|
||||
|
||||
4
ajax.php
4
ajax.php
@@ -205,10 +205,10 @@ if (isset($_GET['ticket_query_views'])) {
|
||||
$users = array_unique($users);
|
||||
if (count($users) > 1) {
|
||||
// Multiple viewers
|
||||
$response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
|
||||
$response['message'] = nullable_htmlentities(implode(", ", $users) . " are viewing this ticket.");
|
||||
} else {
|
||||
// Single viewer
|
||||
$response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
|
||||
$response['message'] = nullable_htmlentities(implode("", $users) . " is viewing this ticket.");
|
||||
}
|
||||
} else {
|
||||
// No viewers
|
||||
|
||||
48
clients.php
48
clients.php
@@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
<div class="row">
|
||||
<div class="col-md-4">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search" autofocus>
|
||||
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search" autofocus>
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
@@ -83,13 +83,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date from</label>
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
|
||||
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="form-group">
|
||||
<label>Date to</label>
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
|
||||
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -112,36 +112,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = htmlentities($row['client_name']);
|
||||
$client_type = htmlentities($row['client_type']);
|
||||
$client_name = nullable_htmlentities($row['client_name']);
|
||||
$client_type = nullable_htmlentities($row['client_type']);
|
||||
$location_id = intval($row['location_id']);
|
||||
$location_country = htmlentities($row['location_country']);
|
||||
$location_address = htmlentities($row['location_address']);
|
||||
$location_city = htmlentities($row['location_city']);
|
||||
$location_state = htmlentities($row['location_state']);
|
||||
$location_zip = htmlentities($row['location_zip']);
|
||||
$location_country = nullable_htmlentities($row['location_country']);
|
||||
$location_address = nullable_htmlentities($row['location_address']);
|
||||
$location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
if (empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)) {
|
||||
$location_address_display = "-";
|
||||
} else {
|
||||
$location_address_display = "$location_address<br>$location_city $location_state $location_zip";
|
||||
}
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$contact_name = htmlentities($row['contact_name']);
|
||||
$contact_title = htmlentities($row['contact_title']);
|
||||
$contact_name = nullable_htmlentities($row['contact_name']);
|
||||
$contact_title = nullable_htmlentities($row['contact_title']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = htmlentities($row['contact_extension']);
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$contact_email = htmlentities($row['contact_email']);
|
||||
$client_website = htmlentities($row['client_website']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_rate = floatval($row['client_rate']);
|
||||
$client_currency_code = htmlentities($row['client_currency_code']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
$client_tax_id_number = htmlentities($row['client_tax_id_number']);
|
||||
$client_referral = htmlentities($row['client_referral']);
|
||||
$client_notes = htmlentities($row['client_notes']);
|
||||
$client_tax_id_number = nullable_htmlentities($row['client_tax_id_number']);
|
||||
$client_referral = nullable_htmlentities($row['client_referral']);
|
||||
$client_notes = nullable_htmlentities($row['client_notes']);
|
||||
$client_created_at = date('Y-m-d', strtotime($row['client_created_at']));
|
||||
$client_updated_at = htmlentities($row['client_updated_at']);
|
||||
$client_archive_at = htmlentities($row['client_archived_at']);
|
||||
$client_updated_at = nullable_htmlentities($row['client_updated_at']);
|
||||
$client_archive_at = nullable_htmlentities($row['client_archived_at']);
|
||||
|
||||
// Client Tags
|
||||
|
||||
@@ -151,9 +151,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
||||
while ($row = mysqli_fetch_array($sql_client_tags)) {
|
||||
|
||||
$client_tag_id = intval($row['tag_id']);
|
||||
$client_tag_name = htmlentities($row['tag_name']);
|
||||
$client_tag_color = htmlentities($row['tag_color']);
|
||||
$client_tag_icon = htmlentities($row['tag_icon']);
|
||||
$client_tag_name = nullable_htmlentities($row['tag_name']);
|
||||
$client_tag_color = nullable_htmlentities($row['tag_color']);
|
||||
$client_tag_icon = nullable_htmlentities($row['tag_icon']);
|
||||
if (empty($client_tag_icon)) {
|
||||
$client_tag_icon = "tag";
|
||||
}
|
||||
|
||||
6
cron.php
6
cron.php
@@ -461,9 +461,9 @@ foreach ($invoiceAlertArray as $day) {
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Overdue', notification = 'Invoice $invoice_prefix$invoice_number for $client_name in the amount of $invoice_amount is overdue by $day days', notification_client_id = $client_id, notification_entity_id = $invoice_id");
|
||||
|
||||
$subject = "Overdue Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name,<br><br>According to our records, we have not received payment for invoice $invoice_prefix$invoice_number. Please submit your payment as soon as possible. If you have any questions please contact us at $company_phone.
|
||||
$body = "Hello $contact_name,<br><br>Our records indicate that we have not yet received payment for the invoice $invoice_prefix$invoice_number. We kindly request that you submit your payment as soon as possible. If you have any questions or concerns, please do not hesitate to contact us at $company_phone.
|
||||
<br><br>
|
||||
Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
|
||||
Kindly review the invoice details mentioned below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
|
||||
|
||||
$mail = sendSingleEmail(
|
||||
$config_smtp_host,
|
||||
@@ -581,7 +581,7 @@ while ($row = mysqli_fetch_array($sql_recurring)) {
|
||||
|
||||
|
||||
$subject = "Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
|
||||
$body = "Hello $contact_name,<br><br>Kindly review the invoice details mentioned below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone";
|
||||
|
||||
$mail = sendSingleEmail(
|
||||
$config_smtp_host,
|
||||
|
||||
@@ -32,7 +32,7 @@ $sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, docume
|
||||
$row = mysqli_fetch_array($sql_document);
|
||||
|
||||
$document_id = intval($row['document_id']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_content = $purifier->purify($row['document_content']);
|
||||
|
||||
?>
|
||||
|
||||
@@ -53,9 +53,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($documents_sql)) {
|
||||
$document_id = intval($row['document_id']);
|
||||
$folder_name = htmlentities($row['folder_name']);
|
||||
$document_name = htmlentities($row['document_name']);
|
||||
$document_created_at = htmlentities($row['document_created_at']);
|
||||
$folder_name = nullable_htmlentities($row['folder_name']);
|
||||
$document_name = nullable_htmlentities($row['document_name']);
|
||||
$document_created_at = nullable_htmlentities($row['document_created_at']);
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -57,14 +57,14 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($invoices_sql)) {
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = htmlentities($row['invoice_prefix']);
|
||||
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_scope = htmlentities($row['invoice_scope']);
|
||||
$invoice_status = htmlentities($row['invoice_status']);
|
||||
$invoice_date = htmlentities($row['invoice_date']);
|
||||
$invoice_due = htmlentities($row['invoice_due']);
|
||||
$invoice_scope = nullable_htmlentities($row['invoice_scope']);
|
||||
$invoice_status = nullable_htmlentities($row['invoice_status']);
|
||||
$invoice_date = nullable_htmlentities($row['invoice_date']);
|
||||
$invoice_due = nullable_htmlentities($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_url_key = htmlentities($row['invoice_url_key']);
|
||||
$invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
|
||||
|
||||
if (empty($invoice_scope)) {
|
||||
$invoice_scope_display = "-";
|
||||
|
||||
@@ -248,7 +248,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
<?php
|
||||
// Show feedback from session
|
||||
if (!empty($_SESSION['login_message'])) {
|
||||
echo htmlentities($_SESSION['login_message']);
|
||||
echo nullable_htmlentities($_SESSION['login_message']);
|
||||
unset($_SESSION['login_message']);
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
<p class="text-center"><?php echo htmlentities($session_company_name); ?></p>
|
||||
<p class="text-center"><?php echo nullable_htmlentities($session_company_name); ?></p>
|
||||
|
||||
<!-- jQuery -->
|
||||
<script src="../plugins/jquery/jquery.min.js"></script>
|
||||
|
||||
@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title><?php echo htmlentities($company_name); ?> | Client Portal</title>
|
||||
<title><?php echo nullable_htmlentities($company_name); ?> | Client Portal</title>
|
||||
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
|
||||
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
|
||||
<div class="container">
|
||||
<a class="navbar-brand" href="index.php"><?php echo htmlentities($company_name); ?></a>
|
||||
<a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($company_name); ?></a>
|
||||
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
|
||||
<span class="navbar-toggler-icon"></span>
|
||||
</button>
|
||||
@@ -63,7 +63,7 @@ header("X-Frame-Options: DENY"); // Legacy
|
||||
<ul class="nav navbar-nav pull-right">
|
||||
<li class="nav-item dropdown">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
|
||||
<?php echo htmlentities($session_contact_name); ?>
|
||||
<?php echo nullable_htmlentities($session_contact_name); ?>
|
||||
</a>
|
||||
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
|
||||
<a class="dropdown-item" href="profile.php">Profile</a>
|
||||
|
||||
@@ -56,13 +56,13 @@ $quotes_sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($quotes_sql)) {
|
||||
$quote_id = intval($row['quote_id']);
|
||||
$quote_prefix = htmlentities($row['quote_prefix']);
|
||||
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
|
||||
$quote_number = intval($row['quote_number']);
|
||||
$quote_scope = htmlentities($row['quote_scope']);
|
||||
$quote_status = htmlentities($row['quote_status']);
|
||||
$quote_date = htmlentities($row['quote_date']);
|
||||
$quote_scope = nullable_htmlentities($row['quote_scope']);
|
||||
$quote_status = nullable_htmlentities($row['quote_status']);
|
||||
$quote_date = nullable_htmlentities($row['quote_date']);
|
||||
$quote_amount = floatval($row['quote_amount']);
|
||||
$quote_url_key = htmlentities($row['quote_url_key']);
|
||||
$quote_url_key = nullable_htmlentities($row['quote_url_key']);
|
||||
|
||||
if (empty($quote_scope)) {
|
||||
$quote_scope_display = "-";
|
||||
|
||||
@@ -25,13 +25,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
||||
|
||||
if ($ticket_row) {
|
||||
|
||||
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
|
||||
$ticket_number = intval($ticket_row['ticket_number']);
|
||||
$ticket_status = htmlentities($ticket_row['ticket_status']);
|
||||
$ticket_priority = htmlentities($ticket_row['ticket_priority']);
|
||||
$ticket_subject = htmlentities($ticket_row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
|
||||
$ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
|
||||
$ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
|
||||
$ticket_details = $purifier->purify($ticket_row['ticket_details']);
|
||||
$ticket_feedback = htmlentities($ticket_row['ticket_feedback']);
|
||||
$ticket_feedback = nullable_htmlentities($ticket_row['ticket_feedback']);
|
||||
|
||||
?>
|
||||
|
||||
@@ -114,18 +114,18 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
||||
while ($row = mysqli_fetch_array($sql)) {
|
||||
$ticket_reply_id = intval($row['ticket_reply_id']);
|
||||
$ticket_reply = $purifier->purify($row['ticket_reply']);
|
||||
$ticket_reply_created_at = htmlentities($row['ticket_reply_created_at']);
|
||||
$ticket_reply_updated_at = htmlentities($row['ticket_reply_updated_at']);
|
||||
$ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']);
|
||||
$ticket_reply_updated_at = nullable_htmlentities($row['ticket_reply_updated_at']);
|
||||
$ticket_reply_by = intval($row['ticket_reply_by']);
|
||||
$ticket_reply_type = $row['ticket_reply_type'];
|
||||
|
||||
if ($ticket_reply_type == "Client") {
|
||||
$ticket_reply_by_display = htmlentities($row['contact_name']);
|
||||
$ticket_reply_by_display = nullable_htmlentities($row['contact_name']);
|
||||
$user_initials = initials($row['contact_name']);
|
||||
$user_avatar = $row['contact_photo'];
|
||||
$avatar_link = "../uploads/clients/$session_client_id/$user_avatar";
|
||||
} else {
|
||||
$ticket_reply_by_display = htmlentities($row['user_name']);
|
||||
$ticket_reply_by_display = nullable_htmlentities($row['user_name']);
|
||||
$user_id = intval($row['user_id']);
|
||||
$user_avatar = $row['user_avatar'];
|
||||
$user_initials = initials($row['user_name']);
|
||||
|
||||
@@ -57,11 +57,11 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($all_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_contact_name = htmlentities($row['contact_name']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
$ticket_contact_name = nullable_htmlentities($row['contact_name']);
|
||||
|
||||
echo "<tr>";
|
||||
echo "<td> <a href='ticket.php?id=$ticket_id'> $ticket_prefix$ticket_id</a></td>";
|
||||
|
||||
@@ -84,10 +84,10 @@ $total_tickets = intval($row['total_tickets']);
|
||||
<?php
|
||||
while ($row = mysqli_fetch_array($contact_tickets)) {
|
||||
$ticket_id = intval($row['ticket_id']);
|
||||
$ticket_prefix = htmlentities($row['ticket_prefix']);
|
||||
$ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
|
||||
$ticket_number = intval($row['ticket_number']);
|
||||
$ticket_subject = htmlentities($row['ticket_subject']);
|
||||
$ticket_status = htmlentities($row['ticket_status']);
|
||||
$ticket_subject = nullable_htmlentities($row['ticket_subject']);
|
||||
$ticket_status = nullable_htmlentities($row['ticket_status']);
|
||||
?>
|
||||
|
||||
<tr>
|
||||
|
||||
Reference in New Issue
Block a user