Merge Develop to Stable Master Branch to prepare for release #1195
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…part of metric reporting and also as part of SLAs in the future
Add database field for ticket_first_response_at.
Add work/time by technician report
…ence to Invoice Items
…ert referencing recurring Invoice ID into the invoice
…moved user_role_id from user_settings directly to users table, rename table user_permissions to user_client_permissions, removed unused Sessions vars in login. This upedate will require to update using update_cli.php --db_update
…erence tables as we are not using cascade delete yet
…ct if a user account exists
…ts, Fixed Legacy Check User Role Functions
…de, and updated many other fields to reflect recurring_invoice and not just recurring
…recurring invoice vars
…ded cascading deletion to the multi to multi tables
…cense export report
…ys (blanket, not just for LE)
Certificates page and sidebar - colours/badges
…s set in some of the create modals, replaced old url_query_strings_sb var to the correct new var url_query_strings_sort.
…in the past - it needs to be manually adjusted for cron to pick it up again. Also, bugfix bulk recurring ticket delete.
Recurring items with next-run dates in the past
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+189
to
+196
| $sql_tags_filter = mysqli_query($mysqli, " | ||
| SELECT tags.tag_id, tags.tag_name | ||
| FROM tags | ||
| LEFT JOIN client_tags ON client_tags.tag_id = tags.tag_id | ||
| WHERE tag_type = 1 | ||
| GROUP BY tags.tag_id | ||
| HAVING COUNT(client_tags.client_id) > 0 OR tags.tag_id IN ($tag_filter) | ||
| "); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
Comment on lines
+117
to
+126
| $sql_tags_filter = mysqli_query($mysqli, " | ||
| SELECT tags.tag_id, tags.tag_name | ||
| FROM tags | ||
| LEFT JOIN contact_tags ON contact_tags.tag_id = tags.tag_id | ||
| LEFT JOIN contacts ON contact_tags.contact_id = contacts.contact_id | ||
| WHERE tag_type = 3 | ||
| $client_query OR tags.tag_id IN ($tag_filter) | ||
| GROUP BY tags.tag_id | ||
| HAVING COUNT(contact_tags.contact_id) > 0 OR tags.tag_id IN ($tag_filter) | ||
| "); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
Comment on lines
+131
to
+140
| $sql_tags_filter = mysqli_query($mysqli, " | ||
| SELECT tags.tag_id, tags.tag_name | ||
| FROM tags | ||
| LEFT JOIN credential_tags ON credential_tags.tag_id = tags.tag_id | ||
| LEFT JOIN credentials ON credential_tags.credential_id = credentials.credential_id | ||
| WHERE tag_type = 4 | ||
| $client_query OR tags.tag_id IN ($tag_filter) | ||
| GROUP BY tags.tag_id | ||
| HAVING COUNT(credential_tags.credential_id) > 0 OR tags.tag_id IN ($tag_filter) | ||
| "); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
Comment on lines
+105
to
+114
| $sql_tags_filter = mysqli_query($mysqli, " | ||
| SELECT tags.tag_id, tags.tag_name, tag_type | ||
| FROM tags | ||
| LEFT JOIN location_tags ON location_tags.tag_id = tags.tag_id | ||
| LEFT JOIN locations ON location_tags.location_id = locations.location_id | ||
| WHERE tag_type = 2 | ||
| $client_query OR tags.tag_id IN ($tag_filter) | ||
| GROUP BY tags.tag_id | ||
| HAVING COUNT(location_tags.location_id) > 0 OR tags.tag_id IN ($tag_filter) | ||
| "); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
| @@ -2026,12 +2043,20 @@ | |||
|
|
|||
| $start_date = sanitizeInput($_POST['start_date']); | |||
|
|
|||
| mysqli_query($mysqli, "INSERT INTO scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_billable = $billable, scheduled_ticket_start_date = '$start_date', scheduled_ticket_next_run = '$start_date', scheduled_ticket_assigned_to = $assigned_to, scheduled_ticket_created_by = $session_user_id, scheduled_ticket_client_id = $client_id, scheduled_ticket_contact_id = $contact_id, scheduled_ticket_asset_id = $asset_id"); | |||
| mysqli_query($mysqli, "INSERT INTO recurring_tickets SET recurring_ticket_subject = '$subject', recurring_ticket_details = '$details', recurring_ticket_priority = '$priority', recurring_ticket_frequency = '$frequency', recurring_ticket_billable = $billable, recurring_ticket_start_date = '$start_date', recurring_ticket_next_run = '$start_date', recurring_ticket_assigned_to = $assigned_to, recurring_ticket_created_by = $session_user_id, recurring_ticket_client_id = $client_id, recurring_ticket_contact_id = $contact_id, recurring_ticket_asset_id = $asset_id"); | |||
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
| $next_run_date = sanitizeInput($_POST['next_date']); | ||
|
|
||
| mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_billable = $billable, scheduled_ticket_next_run = '$next_run_date', scheduled_ticket_assigned_to = $assigned_to, scheduled_ticket_asset_id = $asset_id, scheduled_ticket_contact_id = $contact_id WHERE scheduled_ticket_id = $scheduled_ticket_id"); | ||
| mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_subject = '$subject', recurring_ticket_details = '$details', recurring_ticket_priority = '$priority', recurring_ticket_frequency = '$frequency', recurring_ticket_billable = $billable, recurring_ticket_next_run = '$next_run_date', recurring_ticket_assigned_to = $assigned_to, recurring_ticket_asset_id = $asset_id, recurring_ticket_contact_id = $contact_id WHERE recurring_ticket_id = $recurring_ticket_id"); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge Develop to Stable Master Branch to prepare for release