Skip to content

Commit

Permalink
Fix security issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmkalam24
kmkalam24 committed Apr 28, 2023
1 parent 1b7cc62 commit 1b426f5
Show file tree
Hide file tree
Showing 32 changed files with 8,604 additions and 32 deletions.
17 changes: 14 additions & 3 deletions assets/js/bms.js
View file
Expand Up @@ -863,7 +863,7 @@ BMS.FUNCTIONS = {
var noResults = "";
if ( $(selector).attr("select2-create-new-url") === undefined ) {

noResults = "<?php echo __('Nothing found')?>";
noResults = "<?php echo __('Nothing found'); ?>";

} else {

Expand Down Expand Up @@ -907,12 +907,22 @@ BMS.FUNCTIONS = {
},
cache: true
},
templateSelection: function(state) {

if(!state.id) {
return state.text;
} else {
return $("<div>").text(state.text).html();
}

// console.log(state.text);
},
templateResult: function(state) {

if(!state.id) {
return state.text;
}


if (typeof state.text === "object" ) {

Expand Down Expand Up @@ -940,7 +950,8 @@ BMS.FUNCTIONS = {

} else {

return state.text;
// return state.text;
return $("<div>").text(state.text).html();

}

Expand Down
2 changes: 1 addition & 1 deletion assets/js/bms.min.js
View file

Large diffs are not rendered by default.

6 changes: 4 additions & 2 deletions assets/js/events.js
View file
Expand Up @@ -1844,7 +1844,7 @@ $(document).on('dblclick', 'iledit', function (event) {
// Display changed items
if (type === 'select2' || type === 'select') {

$thistd.html(`<iledit data-val='` + $(that).val() + `'>` + $("option:selected", that).text() + `</iledit>`);
$thistd.html(`<iledit data-val='` + $(that).val() + `'>` + $("option:selected", that).html() + `</iledit>`);

} else {

Expand All @@ -1863,7 +1863,9 @@ $(document).on('dblclick', 'iledit', function (event) {
// Display data items if not changed
if (type === 'select2' || type === 'select') {

$thistd.html(`<iledit data-val='` + $(that).val() + `'>` + $("option:selected", that).text() + `</iledit>`);
console.log( $("option:selected", that).html() );

$thistd.html(`<iledit data-val='` + $(that).val() + `'>` + $("option:selected", that).html() + `</iledit>`);

} else {

Expand Down
2 changes: 1 addition & 1 deletion assets/js/events.min.js
View file

Large diffs are not rendered by default.

28 changes: 14 additions & 14 deletions core/ajax/ajax_data.php
View file
Expand Up @@ -777,7 +777,7 @@
loan_ids, sum(loan_installment_paying_amount) as loan_installment_paid_amount
from {$table_prefix}loan_installment where is_trash = 0 group by loan_ids
) as loan_installment on loan_id = loan_ids
where emp_id = {$emp_id}
where emp_id = '{$emp_id}'
order by loan_id
desc limit 1"
)["data"][0];
Expand Down Expand Up @@ -824,7 +824,7 @@
sum(payments_return_amount) as payments_return_amount
from {$table_prefix}payments_return where is_trash = 0 and payments_return_type = 'Outgoing' group by payments_return_customer_id
) as payment_return on customer_id = payments_return_customer_id
where customer_id = {$customer_id}"
where customer_id = '{$customer_id}'"
)["data"][0];

echo json_encode($customerPaymentsData);
Expand Down Expand Up @@ -896,7 +896,7 @@
where is_trash = 0 and payments_return_type = 'Outgoing' and date(payments_return_date) between '{$dateRange[0]}' and '{$dateRange[1]}'
group by payments_return_customer_id
) as payment_return on customer_id = payments_return_customer_id
where customer_id = {$customer_id}"
where customer_id = '{$customer_id}'"
)["data"][0];

$customerPaymentsData["previous_balance"] = easySelectD("
Expand Down Expand Up @@ -935,7 +935,7 @@
where is_trash = 0 and payments_return_type = 'Outgoing' and date(payments_return_date) < '{$dateRange[0]}'
group by payments_return_customer_id
) as payment_return on customer_id = payments_return_customer_id
where customer_id = {$customer_id}
where customer_id = '{$customer_id}'
")["data"][0]["previous_balance"];

echo json_encode($customerPaymentsData);
Expand All @@ -962,18 +962,18 @@
left join (select
loan_ids,
1 as thisMonthInstallmentPayingStatus
from {$table_prefix}loan_installment where is_trash = 0 and MONTH(loan_installment_date) = {$month} and year(loan_installment_date) = {$year} group by loan_ids
from {$table_prefix}loan_installment where is_trash = 0 and MONTH(loan_installment_date) = '{$month}' and year(loan_installment_date) = '{$year}' group by loan_ids
) as thisMonthStatus on loan_id = thisMonthStatus.loan_ids
where loan.is_trash = 0 and loan_borrower = {$emp_id} and loan_installment_starting_from <= '{$year}-{$month}-01'
where loan.is_trash = 0 and loan_borrower = '{$emp_id}' and loan_installment_starting_from <= '{$year}-{$month}-01'
and ( loan_paid_amount is null or loan_paid_amount < loan_amount)"
// loan_paid_amount can be NULL on left join if there is no recrods, for that the is null check.
// We can also use HAVING cluese without using is null check. But it will raise a error with full_group_by mode.
// We can also use HAVING clause without using is null check. But it will raise a error with full_group_by mode.
);

$selectSalary = easySelectA(array(
"table" => "employees",
"fields" => "round(emp_salary, 2) as emp_salary",
"where" => array("emp_id = {$emp_id}")
"where" => array("emp_id = '{$emp_id}'")
))["data"][0]["emp_salary"];

if(!isset($getLoanDetails["data"])) {
Expand Down Expand Up @@ -1042,7 +1042,7 @@
sum(payments_return_amount) as payments_return_amount_sum
from {$table_prefix}payments_return where is_trash = 0 group by payments_return_emp_id
) as get_advance_return on payments_return_emp_id = emp_id
where emp_id = {$emp_id}"
where emp_id = '{$emp_id}'"
)["data"][0];

echo json_encode($getEmpAdvancePaymentData);
Expand Down Expand Up @@ -1089,7 +1089,7 @@
sum(CASE WHEN is_return = 1 then purchase_due end) as purchase_return_grand_total
from {$table_prefix}purchases where is_trash = 0 group by purchase_company_id
) as purchaseBill on purchaseBill.purchase_company_id = company_id
where company_id = {$company_id}"
where company_id = '{$company_id}'"
)["data"][0];

echo json_encode($getEmpAdvancePaymentData);
Expand Down Expand Up @@ -1369,7 +1369,7 @@

if(isset($_GET['page']) and $_GET['page'] == "customerPurchaseList") {

$invoiceSearch = ( isset($_GET["s"]) and !empty($_GET["s"]) ) ? "and sales_reference like '%{$_GET["s"]}%'" : "";
$invoiceSearch = ( isset($_GET["s"]) and !empty($_GET["s"]) ) ? "and sales_reference like '%". safe_input($_GET["s"]) ."%'" : "";

$selectSales = easySelectA(array(
"table" => "sales",
Expand Down Expand Up @@ -1542,10 +1542,10 @@

$productCategoryFilter = ( isset($_GET["catId"]) and !empty($_GET["catId"]) ) ? $_GET["catId"] : "";
$productBrandFilter = ( isset($_GET["brand"]) and !empty($_GET["brand"]) ) ? $_GET["brand"] : "";
$productEditionFilter = ( isset($_GET["edition"]) and !empty($_GET["edition"]) ) ? " AND product.product_edition = '{$_GET["edition"]}'" : " AND product_type != 'Child' ";
$productEditionFilter = ( isset($_GET["edition"]) and !empty($_GET["edition"]) ) ? " AND product.product_edition = '". safe_input($_GET["edition"]) ."'" : " AND product_type != 'Child' ";
$productGenericFilter = ( isset($_GET["generic"]) and !empty($_GET["generic"]) ) ? $_GET["generic"] : "";
$productAuthorFilter = ( isset($_GET["author"]) and !empty($_GET["author"]) ) ? $_GET["author"] : "";
$productTerms = ( isset($_GET["terms"]) and !empty($_GET["terms"]) ) ? " AND product_name like '%{$_GET["terms"]}%'" : "";
$productTerms = ( isset($_GET["terms"]) and !empty($_GET["terms"]) ) ? " AND product_name like '%". safe_input($_GET["terms"]) ."%'" : "";
$productSort = ( isset($_GET["sort"]) and !empty($_GET["sort"]) ) ? $_GET["sort"] : "";

$oderBy = array(
Expand Down Expand Up @@ -1692,7 +1692,7 @@
if(isset($_GET['page']) and $_GET['page'] == "getChildProductData") {


$warehouse_filter = empty($_GET["wid"]) ? "" : " = " . safe_input($_GET["wid"]);
$warehouse_filter = empty($_GET["wid"]) ? "" : " = '" . safe_input($_GET["wid"]) . "'";

$getChildProductData = easySelectA(array(
"table" => "products as product",
Expand Down
3 changes: 2 additions & 1 deletion core/ajax/ajax_select2.php
View file
Expand Up @@ -1014,7 +1014,8 @@
"table" => "product_batches",
"fields" => "batch_id, batch_number",
"where" => array(
"is_trash = 0 and date(batch_expiry_date) >= curdate() and batch_number LIKE '". $search ."%'",
"is_trash = 0 and date(batch_expiry_date) >= curdate()",
" and batch_number LIKE " => "{$search}%",
" and product_id" => $product_id
),
"limit" => array (
Expand Down
10 changes: 10 additions & 0 deletions core/functions.php
View file
Expand Up @@ -1565,6 +1565,16 @@ function easyUpload(
);

} else {

// Remove path traversal characters
$location = str_replace(
array(
"./",
"../"
),
"",
$location
);

$uploadDir = DIR_UPLOAD . $location;

Expand Down
2 changes: 1 addition & 1 deletion core/route.php
View file
@@ -1,6 +1,6 @@
<?php

// Remove directory browsing elements
// Remove path traversal characters
$pageSlug = str_replace(
array(
"./",
Expand Down
18 changes: 16 additions & 2 deletions include/apps/xhr/index.php
View file
Expand Up @@ -12,9 +12,23 @@
*/

if(isset($_GET['module'])) {

$module = $_GET['module'];

// Remove directory browsing elements
$module = str_replace(
array(
"./",
"../",
".",
".."
),
"",
$module
);

// Biuld the page location
$ajaxModulePage = DIR_MODULE . $_GET['module'] . "/ajax.php";
// Build the page location
$ajaxModulePage = DIR_MODULE . $module . "/ajax.php";

// Check if the ajax page is exists
if(file_exists($ajaxModulePage)) {
Expand Down
16 changes: 15 additions & 1 deletion include/apps/xhr/info.php
View file
Expand Up @@ -12,9 +12,23 @@


if(isset($_GET['module'])) {

$module = $_GET['module'];

// Remove directory browsing elements
$module = str_replace(
array(
"./",
"../",
".",
".."
),
"",
$module
);

// Biuld the page location
$ajaxModulePage = DIR_BASE . "core/ajax/ajax_" . $_GET['module'] . ".php";
$ajaxModulePage = DIR_BASE . "core/ajax/ajax_" . $module . ".php";

// Check if the ajax page is exists
if(file_exists($ajaxModulePage)) {
Expand Down

0 comments on commit 1b426f5

Please sign in to comment.