Skip to content
Permalink
Browse files Browse the repository at this point in the history
Improvements to PDF ticket printing and security issues fix/mitigation (
#297)

* Improved notification and ticket printing features

* minor template fixes

* fixed redirection on checklogin

* addressed some security issues
  • Loading branch information
filippolauria committed Nov 28, 2022
1 parent eb3dd13 commit ec3b4a4
Show file tree
Hide file tree
Showing 60 changed files with 6,081 additions and 1,863 deletions.
30 changes: 9 additions & 21 deletions bill-payments-list.php
Expand Up @@ -252,26 +252,14 @@
}

include('library/closedb.php');
?>

</div><!-- #contentnorightbar -->

<div id="footer">
<?php
include('include/config/logging.php');
include('page-footer.php');

$inline_extra_js = "
var tooltipObj = new DHTMLgoodies_formTooltip();
tooltipObj.setTooltipPosition('right');
tooltipObj.setPageBgColor('#EEEEEE');
tooltipObj.setTooltipCornerSize(15);
tooltipObj.initFormFieldTooltip()";

print_footer_and_html_epilogue($inline_extra_js);
?>
</div><!-- #footer -->
</div>
</div>

<script>
var tooltipObj = new DHTMLgoodies_formTooltip();
tooltipObj.setTooltipPosition('right');
tooltipObj.setPageBgColor('#EEEEEE');
tooltipObj.setTooltipCornerSize(15);
tooltipObj.initFormFieldTooltip();
</script>

</body>
</html>
2 changes: 2 additions & 0 deletions bill-pos-list.php
Expand Up @@ -245,6 +245,8 @@
?>
</table>

<input type="hidden" name="csrf_token" value="<?= dalo_csrf_token() ?>">

</form>

<?php
Expand Down
5 changes: 3 additions & 2 deletions bill-pos-new.php
Expand Up @@ -43,13 +43,14 @@
strtolower($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) !== 'cleartext') {
$valid_passwordTypes = array_diff($valid_passwordTypes, array("Cleartext-Password"));
}
$passwordType = (array_key_exists('passwordType', $_POST) && isset($_POST['passwordType']) &&
in_array($_POST['passwordType'], $valid_passwordTypes)) ? $_POST['passwordType'] : "";


isset($_POST['username']) ? $username = $_POST['username'] : $username = "";
isset($_POST['password']) ? $password = $_POST['password'] : $password = "";
isset($_POST['planName']) ? $planName = $_POST['planName'] : $planName = "";
isset($_POST['profiles']) ? $profiles = $_POST['profiles'] : $profiles = "";
$passwordType = (array_key_exists('passwordType', $_POST) && isset($_POST['passwordType']) &&
in_array($_POST['passwordType'], $valid_passwordTypes)) ? $_POST['passwordType'] : "";
isset($_POST['notificationWelcome']) ? $notificationWelcome = $_POST['notificationWelcome'] : $notificationWelcome = "";


Expand Down

0 comments on commit ec3b4a4

Please sign in to comment.