|
42 | 42 | } |
43 | 43 | ?> |
44 | 44 | <tr> |
45 | | - <td><?= $code['code'] ?></td> |
46 | | - <td><?= $code['type'] == 'float' ? '-' . $code['amount'] : '-' . $code['amount'] . '%' ?></td> |
| 45 | + <td><?= htmlspecialchars($code['code']) ?></td> |
| 46 | + <td><?= $code['type'] == 'float' ? '-' . htmlspecialchars($code['amount']) : '-' . htmlspecialchars($code['amount']) . '%' ?></td> |
47 | 47 | <td><?= date('d.m.Y', $code['valid_from_date']) ?></td> |
48 | 48 | <td <?= time() > $code['valid_to_date'] ? 'class="text-danger"' : '' ?>><?= date('d.m.Y', $code['valid_to_date']) ?></td> |
49 | 49 | <td class="text-center"> |
50 | | - <a href="<?= base_url('admin/discounts?codeid=' . $code['id'] . '&tostatus=' . $tostatus) ?>"> |
51 | | - <?= $code['status'] == 1 ? '<span class="label label-success">Enabled</span>' : '<span class="label label-danger">Disabled</span>' ?> |
| 50 | + <a href="<?= base_url('admin/discounts?codeid=' . (int)$code['id'] . '&tostatus=' . (int)$tostatus) ?>"> |
| 51 | + <?= (int)$code['status'] == 1 ? '<span class="label label-success">Enabled</span>' : '<span class="label label-danger">Disabled</span>' ?> |
52 | 52 | </a> |
53 | 53 | </td> |
54 | 54 | <td class="text-center"> |
55 | | - <a href="<?= base_url('admin/discounts?edit=' . $code['id']) ?>" class="btn btn-primary btn-xs">Edit</a> |
| 55 | + <a href="<?= base_url('admin/discounts?edit=' . (int)$code['id']) ?>" class="btn btn-primary btn-xs">Edit</a> |
56 | 56 | </td> |
57 | 57 | </tr> |
58 | 58 | <?php |
|
72 | 72 | <div class="modal-dialog" role="document"> |
73 | 73 | <div class="modal-content"> |
74 | 74 | <form action="" method="POST"> |
75 | | - <input type="hidden" name="update" value="<?= isset($_POST['update']) ? $_POST['update'] : '0' ?>"> |
| 75 | + <input type="hidden" name="update" value="<?= isset($_POST['update']) ? (int)$_POST['update'] : '0' ?>"> |
76 | 76 | <div class="modal-header"> |
77 | 77 | <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button> |
78 | 78 | <h4 class="modal-title" id="myModalLabel">Add discount code</h4> |
|
90 | 90 | </div> |
91 | 91 | <div class="form-group"> |
92 | 92 | <label>Discount value</label> |
93 | | - <input class="form-control" name="amount" value="<?= isset($_POST['amount']) ? $_POST['amount'] : '' ?>" type="text"> |
| 93 | + <input class="form-control" name="amount" value="<?= isset($_POST['amount']) ? htmlspecialchars($_POST['amount']) : '' ?>" type="text"> |
94 | 94 | </div> |
95 | 95 | <div class="form-group" style="position: relative;"> |
96 | 96 | <label>Discount code</label> |
97 | | - <input class="form-control" name="code" value="<?= isset($_POST['code']) ? $_POST['code'] : '' ?>" type="text"> |
| 97 | + <input class="form-control" name="code" value="<?= isset($_POST['code']) ? htmlspecialchars($_POST['code']) : '' ?>" type="text"> |
98 | 98 | <div style="position: absolute; right:5px; top:30px;"> |
99 | 99 | <input type="text" data-toggle="tooltip" title="Set length of code" data-placement="top" class="codeLength" value="6" style="border: 1px solid #dadada;float: left;height: 20px; margin-right: 4px; text-align: center; margin-top: 1px; width: 20px;"> |
100 | 100 | <a href="javascript:void(0);" onclick="generateDiscountCode()" class="btn btn-xs btn-default">Generate</a> |
101 | 101 | </div> |
102 | 102 | </div> |
103 | 103 | <div class="form-group"> |
104 | 104 | <label>Valid from date</label> |
105 | | - <input class="form-control datepicker" name="valid_from_date" value="<?= isset($_POST['valid_from_date']) ? $_POST['valid_from_date'] : '' ?>" type="text"> |
| 105 | + <input class="form-control datepicker" name="valid_from_date" value="<?= isset($_POST['valid_from_date']) ? htmlspecialchars($_POST['valid_from_date']) : '' ?>" type="text"> |
106 | 106 | </div> |
107 | 107 | <div class="form-group"> |
108 | 108 | <label>Valid to date</label> |
109 | | - <input class="form-control datepicker" name="valid_to_date" value="<?= isset($_POST['valid_to_date']) ? $_POST['valid_to_date'] : '' ?>" type="text"> |
| 109 | + <input class="form-control datepicker" name="valid_to_date" value="<?= isset($_POST['valid_to_date']) ? htmlspecialchars($_POST['valid_to_date']) : '' ?>" type="text"> |
110 | 110 | </div> |
111 | 111 | </div> |
112 | 112 | <div class="modal-footer"> |
|
0 commit comments