Context Navigation

invoices_statushistory.php

Revision 704, 7.3 KB (checked in by brieb, 2 years ago)
Fixed several SQL injection vulnerabilities Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI Fixed severa path disclosure errors

Line
1	<?php
2	/*
3	+-------------------------------------------------------------------------+
4	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
5	\| All rights reserved. \|
6	+-------------------------------------------------------------------------+
7	\| \|
8	\| Redistribution and use in source and binary forms, with or without \|
9	\| modification, are permitted provided that the following conditions are \|
10	\| met: \|
11	\| \|
12	\| - Redistributions of source code must retain the above copyright \|
13	\| notice, this list of conditions and the following disclaimer. \|
14	\| \|
15	\| - Redistributions in binary form must reproduce the above copyright \|
16	\| notice, this list of conditions and the following disclaimer in the \|
17	\| documentation and/or other materials provided with the distribution. \|
18	\| \|
19	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
20	\| be used to endorse or promote products derived from this software \|
21	\| without specific prior written permission. \|
22	\| \|
23	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
24	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
25	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
26	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
27	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
28	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
29	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
30	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
31	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
32	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
33	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
34	\| \|
35	+-------------------------------------------------------------------------+
36	*/
37	include("../../include/session.php");
38	include("../../include/fields.php");
39
40	if(isset($_GET["refid"])) $_GET["id"]=$_GET["refid"];
41	$refid=(integer) $_GET["id"];
42
43	$refquery = "
44	SELECT
45	`invoices`.`id`,
46	`invoices`.`uuid`,
47	IF(`clients`.`lastname`!='',concat(`clients`.`lastname`,', ',`clients`.`firstname`,IF(`clients`.`company`!='',concat(' (',`clients`.`company`,')'),'')),`clients`.`company`) AS `name`,
48	`invoices`.`type`
49	FROM
50	`invoices` INNER JOIN `clients` ON `invoices`.`clientid`=`clients`.`uuid`
51	WHERE
52	`invoices`.`id`='".$refid."'
53	";
54
55	$refquery = $db->query($refquery);
56	$refrecord = $db->fetchArray($refquery);
57
58	$pageTitle="Status History: ".$refrecord["id"].": ".$refrecord["name"];
59	//================================================================
60
61	if(isset($_POST["command"])){
62	foreach($_POST as $key=>$value){
63	if(strpos($key,"sh")===0){
64	$historyid=substr($key,2);
65	$assignedtoid=mysql_real_escape_string($_POST["as".$historyid]);
66	$querystatement = "
67	UPDATE
68	`invoicestatushistory`
69	SET
70	`statusdate`=";
71	if($value=="" \|\| $value=="0/0/0000") $tempdate="NULL";
72	else
73	$tempdate="'".sqlDateFromString($value)."'";
74	$querystatement.=$tempdate;
75	$querystatement.=",`assignedtoid`='".$assignedtoid."'";
76	$querystatement.=" WHERE `id`='".((int) $historyid)."'";
77	$queryresult=$db->query($querystatement);
78	}//end find if
79	}//end for each
80	$statusmessage="Statuses Updated";
81	}//end command if
82
83	//================================================================
84
85	$querystatement="SELECT uuid,name FROM invoicestatuses WHERE inactive='0' ORDER BY priority,name";
86	$statusresult=$db->query($querystatement);
87
88	$querystatement = "
89	SELECT
90	`invoicestatushistory`.`id`,
91	`invoicestatuses`.`name`,
92	`invoicestatushistory`.`invoicestatusid`,
93	`invoicestatushistory`.`assignedtoid`,
94	`invoicestatushistory`.`statusdate`
95	FROM
96	`invoicestatushistory` INNER JOIN `invoicestatuses` ON `invoicestatushistory`.`invoicestatusid` = `invoicestatuses`.`uuid`
97	WHERE
98	`invoicestatushistory`.`invoiceid` = '".$refrecord["uuid"]."'
99	";
100	$historyresult=$db->query($querystatement);
101
102	$history = array();
103	while($therecord=$db->fetchArray($historyresult))
104	$history[]=$therecord;
105
106	$phpbms->cssIncludes[] = "pages/invoicestatushistory.css";
107
108	//Form Elements
109	//==============================================================
110	$theform = new phpbmsForm();
111
112	foreach($history as $historyrecord){
113
114	$theinput = new inputSmartSearch($db, "as".$historyrecord["id"], "Pick Active User", $historyrecord["assignedtoid"], $historyrecord["name"]." assigned to", false, 36,255,false);
115	$theform->addField($theinput);
116
117	$theinput = new inputDatePicker("sh".$historyrecord["id"],$historyrecord["statusdate"], $historyrecord["name"]." status date" ,true, 11, 15, false);
118	$theform->addField($theinput);
119	}
120
121	$theform->jsMerge();
122	//==============================================================
123	//End Form Elements
124
125	include("header.php");
126
127	$phpbms->showTabs("invoices entry","tab:809d644e-fa40-5ad3-0426-3d84cf15b32e",$_GET["id"]);?><div class="bodyline">
128	<h1><span><?php echo $pageTitle ?></span></h1>
129	<form action="<?PHP echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" onsubmit="return validateForm(this);">
130	<p>
131	<input accesskey="s" title="(access key+s)" name="command" type="submit" value="update statuses" class="Buttons" <?php if($refrecord["type"]=="Invoice") echo "disabled=\"disabled\""?>/>
132	</p>
133	<div class="fauxP">
134	<table class="querytable">
135	<tr>
136	<th align="left">status</th>
137	<th align="left">date</th>
138	<th align="left">assigned to</th>
139	</tr>
140	<?php
141	$row=1;
142	while($therecord=$db->fetchArray($statusresult)){
143	$row==1? $row++ : $row--;
144	$historyid=false;
145	$historydate=false;
146
147	foreach($history as $historyrecord)
148	if($historyrecord["invoicestatusid"] == $therecord["uuid"]) {
149	$historyid=$historyrecord["id"];
150	$historydate=$historyrecord["statusdate"];
151	$assignedtoid=$historyrecord["assignedtoid"];
152	}
153	?>
154	<tr class="row<?php echo $row ?> <?php if(!$historyid){?>disabledstatus<?php }?>">
155	<td><?php if($historyid) echo "<strong>".$therecord["name"]."</strong>"; else echo $therecord["name"]?></td>
156	<td><?php if($historyid) {
157	$theform->showField("sh".$historyid);
158	} else {
159	echo " ";
160	}
161	?>
162	</td>
163	<td><?php if($historyid) {
164	$theform->showField("as".$historyid);
165	} else {
166	echo " ";
167	}
168	?>
169	</td>
170	</tr>
171	<?php }//end while ?>
172	<tr><td colspan="3" class="queryfooter"> </td></tr>
173	</table>
174	</div>
175	<p>
176	<input name="command" type="submit" value="update statuses" class="Buttons" <?php if($refrecord["type"]=="Invoice") echo "disabled=\"disabled\""?>/>
177	</p>
178
179	</form>
180	</div><?php include("footer.php")?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/modules/bms/invoices_statushistory.php

Download in other formats: