Skip to content

Commit 5f4c8fd

Browse files
nielsdrost7Copilot
nielsdrost7
and
Copilot
authored
Update application/modules/clients/controllers/Clients.php
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent b83aac6 commit 5f4c8fd

1 file changed

Lines changed: 30 additions & 12 deletions

File tree

application/modules/clients/controllers/Clients.php

Lines changed: 30 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -344,41 +344,59 @@ private function get_client_title_choices(): array
344344
);
345345
}
346346

347+
/**
348+
* Sanitize a value for safe inclusion in log messages.
349+
*
350+
* Removes newline and carriage-return characters and casts to string
351+
* to prevent log injection.
352+
*/
353+
private function sanitize_for_log($value): string
354+
{
355+
$sanitized = (string) $value;
356+
$sanitized = str_replace(array("\r", "\n"), ' ', $sanitized);
357+
358+
return $sanitized;
359+
}
360+
347361
private function check_client_einvoice_active($client, $req_einvoicing) {
348362
// Update active eInvoicing client
349363
// Check if database has been migrated to 1.6.3+ (where einvoicing fields were added)
350-
364+
365+
$clientIdForLog = $this->sanitize_for_log($client->client_id);
366+
351367
if (!property_exists($client, 'client_einvoicing_active') || !property_exists($client, 'client_einvoicing_version')) {
352368
// Fields don't exist - database hasn't been migrated to 1.6.3+
353369
$this->load->model('settings/mdl_versions');
354370
$current_version = $this->mdl_versions->get_current_version();
355371
$current_version = $current_version ?: 'unknown';
356-
357-
log_message('warning', '[eInvoicing] Database version mismatch detected in check_client_einvoice_active: Running source code 1.6.3+ with database version ' . $current_version);
358-
log_message('warning', '[eInvoicing] Missing fields: client_einvoicing_active and client_einvoicing_version not found in client object (client_id=' . $client->client_id . ')');
372+
$currentVersionForLog = $this->sanitize_for_log($current_version);
373+
374+
log_message('warning', '[eInvoicing] Database version mismatch detected in check_client_einvoice_active: Running source code 1.6.3+ with database version ' . $currentVersionForLog);
375+
log_message('warning', '[eInvoicing] Missing fields: client_einvoicing_active and client_einvoicing_version not found in client object (client_id=' . $clientIdForLog . ')');
359376
log_message('warning', '[eInvoicing] Please run database migration 039_1.6.3.sql to add these fields');
360-
377+
361378
// Set default values on the client object to prevent further errors
362379
$client->client_einvoicing_active = 0;
363380
$client->client_einvoicing_version = '';
364-
381+
365382
return $client;
366383
}
367-
384+
368385
$o = $client->client_einvoicing_active;
369-
log_message('debug', '[eInvoicing] check_client_einvoice_active: client_id=' . $client->client_id . ', current_active=' . $o . ', version=' . $client->client_einvoicing_version);
370-
386+
$clientEinvoicingVersionForLog = $this->sanitize_for_log($client->client_einvoicing_version);
387+
log_message('debug', '[eInvoicing] check_client_einvoice_active: client_id=' . $clientIdForLog . ', current_active=' . $o . ', version=' . $clientEinvoicingVersionForLog);
388+
371389
if ( ! empty($client->client_einvoicing_version) && $req_einvoicing->clients[$client->client_id]->einvoicing_empty_fields == 0) {
372390
$client->client_einvoicing_active = 1; // update view
373-
log_message('debug', '[eInvoicing] Setting client_einvoicing_active=1 for client_id=' . $client->client_id);
391+
log_message('debug', '[eInvoicing] Setting client_einvoicing_active=1 for client_id=' . $clientIdForLog);
374392
} else {
375393
$client->client_einvoicing_active = 0; // update view
376-
log_message('debug', '[eInvoicing] Setting client_einvoicing_active=0 for client_id=' . $client->client_id);
394+
log_message('debug', '[eInvoicing] Setting client_einvoicing_active=0 for client_id=' . $clientIdForLog);
377395
}
378396

379397
// Update db if need
380398
if ($o != $client->client_einvoicing_active) {
381-
log_message('info', '[eInvoicing] Updating database: client_id=' . $client->client_id . ', client_einvoicing_active changed from ' . $o . ' to ' . $client->client_einvoicing_active);
399+
log_message('info', '[eInvoicing] Updating database: client_id=' . $clientIdForLog . ', client_einvoicing_active changed from ' . $o . ' to ' . $client->client_einvoicing_active);
382400
$this->db->where('client_id', $client->client_id);
383401
$this->db->set('client_einvoicing_active', $client->client_einvoicing_active);
384402
$this->db->update('ip_clients');

0 commit comments

Comments
 (0)