Skip to content

Commit

Permalink
Security Update
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmkalam24
kmkalam24 committed Nov 1, 2022
1 parent 8a0fce7 commit 4760bda
Show file tree
Hide file tree
Showing 22 changed files with 213 additions and 137 deletions.
83 changes: 51 additions & 32 deletions core/functions.php
View file
Expand Up @@ -18,6 +18,16 @@ function safe_input($data, $encoding = true) {
return $data;
}

/**
* Convert all applicable characters to HTML entities
*
* From PHP 8.1.0 the default flag is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401
* So, we make this for all version
*/
function safe_entities($data) {
return htmlentities($data, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
}

/**
* Determine the http or https and append with the domain.
*
Expand Down Expand Up @@ -2374,10 +2384,11 @@ function send_sms($number, $msg) {

global $table_prefeix;

$url = "http://example.com/api.php";
//$url = "http://66.45.237.70/maskingapi.php";
$url = "http://66.45.237.70/api.php";
$data= array(
'username'=>"username",
'password'=>"password",
'username'=>"Royal",
'password'=>"CZXAPHK8",
//'senderid'=> "The Royal",
'number'=>$number,
'message'=>$msg
Expand Down Expand Up @@ -2777,40 +2788,48 @@ function near_unit_qty($product_id, $qty, $unit) {
)
));


if($getData !== false) {

$totalBaseQty = $qty;
$remainQty = 0;
$finalUnitName = "";
$finalQtyBasedOnUnit = 0;

// Generate the base qty based on unit
foreach($getData["data"] as $pKey => $pVal ) {

if( $pVal["product_unit"] === $unit) {

$totalBaseQty *= $pVal["base_qnt"];
break;

}

$totalBaseQty = $qty;
$remainQty = 0;
$finalUnitName = "";
$finalQtyBasedOnUnit = 0;

// Generate the base qty based on unit
foreach($getData["data"] as $pKey => $pVal ) {

if( $pVal["product_unit"] === $unit) {

$totalBaseQty *= $pVal["base_qnt"];
break;

}

}

// Now get the unit which base_qnt is grater then or equal to unitDevider
foreach($getData["data"] as $pKey => $pVal ) {

if( $pVal["base_qnt"] <= $totalBaseQty) {

$finalUnitName = $pVal["product_unit"];
$remainQty = ($totalBaseQty % $pVal["base_qnt"]);
$finalQtyBasedOnUnit = ($totalBaseQty - $remainQty) / $pVal["base_qnt"];
break;

// Now get the unit which base_qnt is grater then or equal to unitDevider
foreach($getData["data"] as $pKey => $pVal ) {
if( $pVal["base_qnt"] <= $totalBaseQty) {
$finalUnitName = $pVal["product_unit"];
$remainQty = ($totalBaseQty % $pVal["base_qnt"]);
$finalQtyBasedOnUnit = ($totalBaseQty - $remainQty) / $pVal["base_qnt"];
break;

}
}

}


return $finalQtyBasedOnUnit . " " . $finalUnitName . ( $remainQty > 0 ? ", " . near_unit_qty($product_id, $remainQty, $unit) : "");
return $finalQtyBasedOnUnit . " " . $finalUnitName . ( $remainQty > 0 ? ", " . near_unit_qty($product_id, $remainQty, $unit) : "");

} else {

return $qty . " " . $unit;

}


}
Expand Down
6 changes: 3 additions & 3 deletions module/accounts/ajax.php
View file
Expand Up @@ -333,7 +333,7 @@
<label for="negativeValueIsAllowed"><?= __("Negative value is allowed"); ?></label>
</div>

<input type="hidden" name="accounts_id" value="<?php echo htmlentities($_GET['id']); ?>">
<input type="hidden" name="accounts_id" value="<?php echo safe_entities($_GET['id']); ?>">

</div>
<!-- /Box body-->
Expand Down Expand Up @@ -692,7 +692,7 @@
<label for="transferDescription"><?= __("Description:");?></label>
<textarea name="transferDescription" id="transferDescription" rows="3" class="form-control"><?php echo $selectTransfer["transfer_money_description"]; ?></textarea>
</div>
<input type="hidden" name="transfer_money_id" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="transfer_money_id" value="<?php echo safe_entities($_GET["id"]); ?>">

</div>
<!-- /Box body-->
Expand Down Expand Up @@ -1242,7 +1242,7 @@
<label for="closingDate"><?= __("Closing Date:"); ?></label>
<input type="text" name="closingDate" id="closingDate" value="<?php echo $closings["closings_date"]; ?>" class="form-control datePicker" required>
</div>
<input type="hidden" name="closingsId" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="closingsId" value="<?php echo safe_entities($_GET["id"]); ?>">

</div>
<!-- /Box body-->
Expand Down
4 changes: 2 additions & 2 deletions module/expenses/ajax.php
View file
Expand Up @@ -232,7 +232,7 @@
<div class="form-group">
<label for="categoryName">Category Name</label>
<input type="text" name="categoryName" id="categoryName" value="<?php echo $selectPaymentCategory["payment_category_name"]; ?>" class="form-control">
<input type="hidden" name="categoryNameID" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="categoryNameID" value="<?php echo safe_entities($_GET["id"]); ?>">
</div>
<div class="form-group">
<label for="categoryShopId"><?= __("Shop:"); ?> </label>
Expand Down Expand Up @@ -1867,7 +1867,7 @@ function (data, status) {
<label for="salaryDescription"><?= __("Description"); ?></label>
<textarea name="salaryDescription" id="salaryDescription" rows="3" class="form-control"> <?php echo $selectSalary["salary_description"]; ?> </textarea>
</div>
<input type="hidden" name="salaryId" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="salaryId" value="<?php echo safe_entities($_GET["id"]); ?>">
<input type="hidden" name="employeeId" value="<?php echo $selectSalary["salary_emp_id"]; ?>">
<div id="ajaxSubmitMsg"></div>

Expand Down
2 changes: 1 addition & 1 deletion module/incomes/ajax.php
View file
Expand Up @@ -1464,7 +1464,7 @@ function(data, status) {
<label for="incomeDescription"><?= __("Description:"); ?></label>
<textarea name="incomeDescription" id="incomeDescription" rows="3" class="form-control"><?php echo $income["incomes_description"]; ?></textarea>
</div>
<input type="hidden" name="income_id" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="income_id" value="<?php echo safe_entities($_GET["id"]); ?>">

</div>
<!-- /Box body-->
Expand Down
36 changes: 18 additions & 18 deletions module/ledgers/ajax.php
View file
Expand Up @@ -44,7 +44,7 @@
sum(payment_items_amount) as total_salary_paid_before_filtered_date
from {$table_prefeix}payment_items where is_trash = 0 and payment_items_type != 'Bill' and payment_items_date < '{$dateRange[0]}' group by payment_items_employee
) as payments on payment_items_employee = emp_id
where emp_id = {$emp_id}
where emp_id = '{$emp_id}'
");


Expand All @@ -53,7 +53,7 @@
(
select
1 as sortby,
{$emp_id} as empl_id,
'{$emp_id}' as empl_id,
'' as ledger_date,
'Opening/Previous Balance' as description,
0 as debit,
Expand Down Expand Up @@ -89,7 +89,7 @@
from {$table_prefeix}payment_items
where is_trash = 0 and payment_items_type != 'Bill' and payment_items_date between '{$dateRange[0]}' and '{$dateRange[1]}' group by payment_items_id
) as get_data
where empl_id = {$emp_id}
where empl_id = '{$emp_id}'
order by ledger_date, sortby
");

Expand Down Expand Up @@ -253,15 +253,15 @@
WHERE is_trash = 0 and capital_received_date < '{$dateRange[0]}'
group by capital_accounts
) as capital on capital.capital_accounts = accounts.accounts_id
where accounts_id = {$account_id}
where accounts_id = '{$account_id}'
");


$getData = easySelectD("
SELECT account_id, ledger_date_time, sql_join_id, sql_join_id_two, description, debit, credit, @balance := ( @balance + debit ) - credit as balance from
(
SELECT
{$account_id} as account_id,
'{$account_id}' as account_id,
'' as ledger_date_time,
'' as sql_join_id,
'' as sql_join_id_two,
Expand Down Expand Up @@ -429,7 +429,7 @@
from {$table_prefeix}capital as capital
where capital.is_trash = 0 and capital_received_date between '{$dateRange[0]}' and '{$dateRange[1]}'
) as getData
where account_id = {$account_id}
where account_id = '{$account_id}'
order by ledger_date_time ASC
");

Expand Down Expand Up @@ -508,7 +508,7 @@
sum(journal_records_payment_amount) as journal_records_incoming_payment_amount_before_filtered_date
from {$table_prefeix}journal_records where is_trash = 0 and journal_records_payments_type = 'Incoming' and date(journal_records_datetime) < '{$dateRange[0]}' group by journal_records_journal_id
) as journal_records_Incoming on journal_records_Incoming.journal_records_journal_id = journals_id
where journals_id = {$journal_id}
where journals_id = '{$journal_id}'
");


Expand All @@ -517,7 +517,7 @@
(
select
1 as sortby,
{$journal_id} as journals_id,
'{$journal_id}' as journals_id,
'' as ledger_date,
'Opening/Previous Balance' as description,
0 as debit,
Expand All @@ -543,7 +543,7 @@
from {$table_prefeix}journal_records as journal_records_outgoing
where journal_records_outgoing.is_trash = 0 and journal_records_outgoing.journal_records_payments_type = 'Outgoing' and date(journal_records_outgoing.journal_records_datetime) between '{$dateRange[0]}' and '{$dateRange[1]}' group by journal_records_outgoing.journal_records_id
) as get_data
where journals_id = {$journal_id}
where journals_id = '{$journal_id}'
order by ledger_date, sortby
");

Expand Down Expand Up @@ -631,15 +631,15 @@
sum(payments_return_amount) as total_payment_return_before_filtered_date
from {$table_prefeix}payments_return where is_trash = 0 and payments_return_type = 'Outgoing' and date(payments_return_date) < '{$dateRange[0]}' group by payments_return_customer_id
) as payment_return on payments_return_customer_id = customer_id
where customer_id = {$customer_id}
where customer_id = '{$customer_id}'
");

$getData = easySelectD("
SELECT customer_id, ledger_date, description, debit, credit, @balance := ( @balance + credit ) - debit as balance from
(
select
1 as sortby,
{$customer_id} as customer_id,
'{$customer_id}' as customer_id,
'' as ledger_date,
'Opening/Previous Balance' as description,
0 as debit,
Expand Down Expand Up @@ -713,7 +713,7 @@
incomes_amount as credit
from {$table_prefeix}incomes where is_trash = 0 and incomes_date between '{$dateRange[0]}' and '{$dateRange[1]}' group by incomes_id
) as get_data
where customer_id = {$customer_id}
where customer_id = '{$customer_id}'
order by ledger_date, sortby
");

Expand Down Expand Up @@ -803,7 +803,7 @@
sum(payments_return_amount) as total_payment_return_before_filtered_date
from {$table_prefeix}payments_return where is_trash = 0 and payments_return_type = 'Incoming' and date(payments_return_date) < '{$dateRange[0]}' group by payments_return_company_id
) as payment_return on payments_return_company_id = company_id
where company_id = {$company_id}
where company_id = '{$company_id}'
");

//var_dump($previous_balance);
Expand All @@ -813,7 +813,7 @@
(
select
1 as sortby,
{$company_id} as company_id,
'{$company_id}' as company_id,
'' as ledger_date,
'Opening/Previous Balance' as description,
0 as debit,
Expand Down Expand Up @@ -901,7 +901,7 @@
payments_return_amount as credit
from {$table_prefeix}payments_return where is_trash = 0 and payments_return_type = 'Incoming' and date(payments_return_date) between '{$dateRange[0]}' and '{$dateRange[1]}' group by company_id
) as get_data
where company_id = {$company_id}
where company_id = '{$company_id}'
order by ledger_date, sortby
");

Expand Down Expand Up @@ -982,7 +982,7 @@
sum(payments_return_amount) as total_return_before_filtered_date
from {$table_prefeix}payments_return where is_trash = 0 and date(payments_return_date) < '{$dateRange[0]}' group by payments_return_emp_id
) as payment_return on payments_return_emp_id = emp_id
where emp_id = {$emp_id}
where emp_id = '{$emp_id}'
");


Expand All @@ -991,7 +991,7 @@
(
select
1 as sortby,
{$emp_id} as empl_id,
'{$emp_id}' as empl_id,
'' as ledger_date,
'Opening/Previous Balance' as description,
0 as debit,
Expand Down Expand Up @@ -1036,7 +1036,7 @@
from {$table_prefeix}payments_return
where is_trash = 0 and date(payments_return_date) between '{$dateRange[0]}' and '{$dateRange[1]}' group by payments_return_id
) as get_data
where empl_id = {$emp_id}
where empl_id = '{$emp_id}'
order by ledger_date, sortby
");

Expand Down
2 changes: 1 addition & 1 deletion module/loan-management/ajax.php
View file
Expand Up @@ -300,7 +300,7 @@
<label for="loanDetails"><?= __("Loan Details"); ?></label>
<textarea name="loanDetails" id="loanDetails" rows="3" class="form-control"><?php echo $selectLoan["loan_details"]; ?></textarea>
</div>
<input type="hidden" name="loan_id" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="loan_id" value="<?php echo safe_entities($_GET["id"]); ?>">

<div id="ajaxSubmitMsg"></div>

Expand Down
8 changes: 4 additions & 4 deletions module/my-shop/ajax.php
View file
Expand Up @@ -301,8 +301,8 @@
<label for="addSalesPaymentsDescription"><?= __("Description:"); ?></label>
<textarea name="addSalesPaymentsDescription" id="addSalesPaymentsDescription" rows="3" class="form-control"></textarea>
</div>
<input type="hidden" name="addSalesPaymentsCustomerId" value="<?php echo htmlentities($_GET["cid"]); ?>">
<input type="hidden" name="addSalesPaymentsSalesId" value="<?php echo htmlentities($_GET["sales_id"]); ?>">
<input type="hidden" name="addSalesPaymentsCustomerId" value="<?php echo safe_entities($_GET["cid"]); ?>">
<input type="hidden" name="addSalesPaymentsSalesId" value="<?php echo safe_entities($_GET["sales_id"]); ?>">

<div id="ajaxSubmitMsg"></div>

Expand Down Expand Up @@ -1210,7 +1210,7 @@
<input type="text" name="advancePaymentReference" id="advancePaymentReference" value="<?php echo $ac["received_payments_reference"]; ?>" class="form-control">
</div>
</div>
<input type="hidden" name="shopAdvanceCollectionId" value ="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="shopAdvanceCollectionId" value ="<?php echo safe_entities($_GET["id"]); ?>">

<div id="ajaxSubmitMsg"></div>

Expand Down Expand Up @@ -2193,7 +2193,7 @@ function(data, status) {
<label for="discountDescription"><?= __("Description:"); ?></label>
<textarea name="discountDescription" id="discountDescription" rows="3" class="form-control"><?php echo $selectDiscount["received_payments_details"]; ?></textarea>
</div>
<input type="hidden" name="discountId" value="<?php echo htmlentities($_GET["id"]); ?>">
<input type="hidden" name="discountId" value="<?php echo safe_entities($_GET["id"]); ?>">

<div id="ajaxSubmitMsg"></div>

Expand Down

0 comments on commit 4760bda

Please sign in to comment.