wrongecho
commented
8 months ago Test these changes at: https://v015866.pr-review.itflow.org
(automatic message)
Closed o-psi closed 7 months ago
wrongecho
commented
8 months ago Test these changes at: https://v015866.pr-review.itflow.org
(automatic message)
wrongecho
commented
8 months ago Test these changes at: https://v015866.pr-review.itflow.org
(automatic message)
sonarcloud[bot]
commented
7 months ago 
Quality Gate passedThe SonarCloud Quality Gate passed, but some issues were introduced.
2 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
johnnyq
commented
7 months ago @o-psi Today Im going to go through the mails codes and make sure all the mail vars are escaped before it passes to the mail function. therefore the mail function should not escape passed vars, as this can lead to double escaping which can lead to further security issues and data corruption. ill update this thread when completed and tested
johnnyq
commented
7 months ago @o-psi, I've completed reviewing the entire mail code. It's important to ensure that POST variables are properly sanitized. Notably, the Body and Subject are no longer sanitized before being sent to the mail function, as the POST variables that are included in the Body and Subject are already sanitized.
However, there are still some scenarios where you may need to manually escape certain characters in the body or subject, especially if you encounter a single quotation mark ('), which should be escaped as \'
This should resolve any issues related to mixed variables that are unsanitized and sanitized, making it much easier to diagnose and read the mail queue.
johnnyq
commented
7 months ago We implemented some of these changes manually and did some things a little differently to make use of the configurable stripe fees and stripe account expense if client pays is off. This can be closed
Small changes for unbilled tickets report, and clean up for passing stripe fees.