Sultan
/
invoiceninja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10551 from turbo124/v5-develop 

Prevent destructive commands in production
This commit is contained in:
David Bomba 2025-01-20 09:44:45 +11:00 committed by GitHub
parent 72c35b9031 bfb771f6aa
commit 18d20c3d3e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 162 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/phpunit.yml vendored
View File

@ -120,7 +120,7 @@ jobs:
- name: Migrate Database - name: Migrate Database
run: | run: |
php artisan migrate:fresh --seed --force && php artisan db:seed --force php artisan migrate && php artisan db:seed
- name: Run Testsuite - name: Run Testsuite
run: | run: |

2
app/Console/Commands/DemoMode.php
View File

@ -78,7 +78,7 @@ class DemoMode extends Command
{ {
set_time_limit(0); set_time_limit(0);
if (config('ninja.is_docker')) { if (config('ninja.is_docker') || Ninja::isHosted()) {
return; return;
} }

10
app/Livewire/DocumentsTable.php
View File

@ -118,12 +118,14 @@ class DocumentsTable extends Component
protected function documents() protected function documents()
{ {
return $this->client()->documents() $client = $this->client();
return $client->documents()
->where('is_public', true) ->where('is_public', true)
->orWhere(function ($query){ ->orWhere(function ($query) use ($client) {
$query->whereHasMorph('documentable', [Company::class], function ($q) { $query->whereHasMorph('documentable', [Company::class], function ($q) use ($client) {
$q->where('is_public', true); $q->where('is_public', true)->where('company_id', $client->company_id);
}); });
}); });

5
app/Providers/AppServiceProvider.php
View File

@ -145,6 +145,11 @@ class AppServiceProvider extends ServiceProvider
return $this; return $this;
}); });
//Prevents destructive commands from being run in hosted environments
\DB::prohibitDestructiveCommands(Ninja::isHosted());
} }
public function register(): void public function register(): void

23
app/Services/Pdf/Purify.php
View File

@ -301,10 +301,25 @@ class Purify
} else { } else {
// First, remove ALL attributes from the node // First, remove ALL attributes from the node
while ($node->attributes->length > 0) { // while ($node->attributes->length > 0) {
$attr = $node->attributes->item(0); // $attr = $node->attributes->item(0);
$node->removeAttribute($attr->nodeName); // $node->removeAttribute($attr->nodeName);
} // }
if ($node instanceof \DOMElement) {
// Create a list of attributes to remove
$attributes_to_remove = [];
foreach ($node->attributes as $attr) {
$attributes_to_remove[] = $attr->nodeName;
}
// Remove the attributes
foreach ($attributes_to_remove as $attr_name) {
$node->removeAttribute($attr_name);
}
}
} }
// Then add back only the allowed attributes // Then add back only the allowed attributes

70
resources/views/pdf-designs/bold.html
View File

@ -13,6 +13,9 @@
font-family: $font_name, Helvetica, sans-serif; font-family: $font_name, Helvetica, sans-serif;
font-size: $font_size !important; font-size: $font_size !important;
zoom: 80%; zoom: 80%;
margin: 0;
padding: 0;
} }
table tr td, table tr, th { table tr td, table tr, th {
@ -20,7 +23,9 @@
} }
body, html { html {
width: 210mm;
height: 200mm;
margin: 0; margin: 0;
padding: 0; padding: 0;
} }
@ -163,11 +168,11 @@
padding: 1.5rem; padding: 1.5rem;
} }
[data-ref="table"] > tbody > tr > td:last-child { td.right-radius {
text-align: right; text-align: right !important;
} }
[data-ref="table"] > tbody > tr > td:first-child { td.left-radius{
font-weight: bold; font-weight: bold;
} }
@ -299,61 +304,10 @@
margin-top: 1rem; margin-top: 1rem;
} }
[data-ref='product_table-product.item-td']{ [data-ref='product_table-product.description-th'] {
font-weight: bold; width:30%;
overflow-wrap: break-word;
} }
[data-ref='product_table-product.item-th']{
width: 10%;
}
[data-ref='product_table-product.unit_cost-th'],
[data-ref='product_table-product.quantity-th']{
width: 12%;
}
[data-ref='product_table-product.product1-th'],
[data-ref='product_table-product.product2-th'],
[data-ref='product_table-product.product3-th'],
[data-ref='product_table-product.product4-th'],
[data-ref='product_table-product.tax1-th'] {
width: 10%;
}
[data-ref='product_table-product.line_total-th'],
[data-ref='product_table-product.line_total-td'],
[data-ref='task_table-task.line_total-th'],
[data-ref='task_table-task.line_total-td'] {
width: 12%;
text-align: right !important;
padding-right: 1rem !important;
}
[data-ref='product_table-product.description-th'],
[data-ref='task_table-task.description-th'] {
overflow-wrap: break-word;
min-width: 150px !important;
}
[data-ref='task_table-task.hours-th'],
[data-ref='task_table-task.discount-th'],
[data-ref='task_table-task.cost-th'],
[data-ref='task_table-task.quantity-th'],
[data-ref='task_table-task.task1-th'],
[data-ref='task_table-task.task2-th'],
[data-ref='task_table-task.task3-th'],
[data-ref='task_table-task.task4-th'] {
width: 12%;
}
[data-ref='task_table-task.service-th']{
width: 10%;
}
[data-ref='task_table-task.tax1-th'] {
width: 10%;
}
.left-radius { .left-radius {
padding-left: 1rem; padding-left: 1rem;

18
resources/views/pdf-designs/calm.html
View File

@ -158,17 +158,17 @@
background-color: #f5f5f5; background-color: #f5f5f5;
} }
[data-ref="table"]>thead>tr>th:last-child {
text-align: right;
}
[data-ref="table"]>tbody>tr>td { [data-ref="table"]>tbody>tr>td {
border-bottom: 1px solid #e6e6e6; border-bottom: 1px solid #e6e6e6;
padding: 0.75rem; padding: 0.75rem;
} }
[data-ref="table"]>tbody>tr>td:last-child { th.right-radius {
text-align: right; text-align: right !important;
}
td.right-radius {
text-align: right !important;
} }
[data-ref="table"]>tbody>tr:nth-child(even) { [data-ref="table"]>tbody>tr:nth-child(even) {
@ -285,10 +285,8 @@
margin-top: 40px; margin-top: 40px;
} }
[data-element='product_table-product.description-td'], [data-ref='product_table-product.description-th'] {
td { width: 35%;
min-width: 100%;
max-width: 300px;
overflow-wrap: break-word; overflow-wrap: break-word;
} }

237
resources/views/pdf-designs/clean.html
View File

@ -8,7 +8,8 @@
} }
html { html {
width: 210mm;
height: 200mm;
} }
body { body {
@ -19,7 +20,9 @@
zoom: 80%; zoom: 80%;
} }
table tr td, table tr, th { table tr td,
table tr,
th {
font-size: $font_size !important; font-size: $font_size !important;
} }
@ -36,7 +39,11 @@
margin: 0; margin: 0;
padding: 0; padding: 0;
} }
#qr-bill{
width:100% !important;
}
.header-container { .header-container {
display: grid; display: grid;
grid-template-columns: repeat(3, 1fr); grid-template-columns: repeat(3, 1fr);
@ -58,7 +65,7 @@
line-height: var(--line-height); line-height: var(--line-height);
} }
#company-details > p:first-child { #company-details>p:first-child {
color: var(--primary-color); color: var(--primary-color);
} }
@ -74,27 +81,25 @@
padding-left: 1rem; padding-left: 1rem;
margin-bottom: 1rem; margin-bottom: 1rem;
font-weight: bold; font-weight: bold;
font-size:120%;
color: var(--primary-color); color: var(--primary-color);
} }
.client-and-entity-wrapper { .client-and-entity-wrapper {
padding: 1rem; padding: 1rem;
display: grid; display: grid;
grid-template-columns: repeat(3, 1fr); grid-template-columns: 1fr 1fr 1fr;
border-top: 1px solid #d8d8d8; border-top: 1px solid #d8d8d8;
border-bottom: 1px solid #d8d8d8; border-bottom: 1px solid #d8d8d8;
width:100%;
} }
#entity-details { #entity-details {
display:flex; display: flex;
text-align: left; text-align: left;
margin-right: 20px; margin-right: 20px;
line-height: var(--line-height) !important; line-height: var(--line-height) !important;
} }
#entity-details > tr, #entity-details>tr,
#entity-details th { #entity-details th {
font-weight: normal; font-weight: normal;
padding-right: 15px; padding-right: 15px;
@ -105,9 +110,10 @@
display: flex; display: flex;
flex-direction: column; flex-direction: column;
line-height: var(--line-height); line-height: var(--line-height);
padding-right: 30px;
} }
#client-details > :first-child { #client-details> :first-child {
font-weight: bold; font-weight: bold;
} }
@ -116,11 +122,11 @@
flex-direction: column; flex-direction: column;
line-height: var(--line-height); line-height: var(--line-height);
} }
[data-ref="table"] { [data-ref="table"] {
margin-top: 1rem; margin-top: 1rem;
margin-bottom: 5px; margin-bottom: 5px;
width: 100%; min-width: 100%;
table-layout: fixed; table-layout: fixed;
overflow-wrap: break-word; overflow-wrap: break-word;
} }
@ -131,23 +137,23 @@
color: grey; color: grey;
} }
[data-ref="table"] > thead { [data-ref="table"]>thead {
text-align: left; text-align: left;
} }
[data-ref="table"] > thead > tr > th { [data-ref="table"]>thead>tr>th {
font-size: 1.1rem; font-size: 1.1rem;
padding-bottom: 1rem; padding-bottom: 1.5rem;
padding-left: 1rem; padding-left: 1rem;
} }
[data-ref="table"] > tbody > tr > td { [data-ref="table"]>tbody>tr>td {
border-top: 1px solid #d8d8d8; border-top: 1px solid #d8d8d8;
border-bottom: 1px solid #d8d8d8; border-bottom: 1px solid #d8d8d8;
padding: 1rem 1rem; padding: 1rem 1rem;
} }
th.right-radius { th.right-radius {
padding-right: 1rem; padding-right: 1rem;
text-align: right; text-align: right;
} }
@ -156,7 +162,11 @@
text-align: right; text-align: right;
} }
[data-ref="table"] > tbody > tr:nth-child(odd) { [data-ref='product_table-product.item-td']{
color: var(--primary-color);
}
[data-ref="table"]>tbody>tr:nth-child(odd) {
background-color: #f5f5f5; background-color: #f5f5f5;
} }
@ -168,11 +178,11 @@
padding-right: 1rem; padding-right: 1rem;
padding-left: 1rem; padding-left: 1rem;
gap: 80px; gap: 80px;
page-break-inside:avoid; page-break-inside: avoid;
overflow: visible !important; overflow: visible !important;
} }
#table-totals .totals-table-right-side > * { #table-totals .totals-table-right-side>* {
display: grid; display: grid;
grid-template-columns: 1fr 1fr; grid-template-columns: 1fr 1fr;
} }
@ -186,28 +196,22 @@
text-align: right; text-align: right;
} }
#table-totals>.totals-table-right-side> * > :not([hidden]) ~ :not([hidden]) { #table-totals>.totals-table-right-side>*> :not([hidden])~ :not([hidden]) {
--tw-space-y-reverse: 0; --tw-space-y-reverse: 0;
margin-top: calc(.75rem * calc(1 - var(--tw-space-y-reverse))); margin-top: calc(.75rem * calc(1 - var(--tw-space-y-reverse)));
margin-bottom: calc(.75rem * var(--tw-space-y-reverse)); margin-bottom: calc(.75rem * var(--tw-space-y-reverse));
} }
#table-totals #table-totals>* [data-element='product-table-balance-due-label'],
> * #table-totals>* [data-element='product-table-balance-due'] {
[data-element='product-table-balance-due-label'],
#table-totals
> *
[data-element='product-table-balance-due'] {
font-weight: bold; font-weight: bold;
} }
#table-totals #table-totals>* [data-element='product-table-balance-due'] {
> *
[data-element='product-table-balance-due'] {
color: var(--primary-color); color: var(--primary-color);
} }
#table-totals > * > :last-child { #table-totals>*> :last-child {
text-align: right; text-align: right;
padding-right: 0.5rem; padding-right: 0.5rem;
} }
@ -234,7 +238,7 @@
text-align: right; text-align: right;
margin-right: .75rem; margin-right: .75rem;
} }
[data-ref*=".line_total-td"] { [data-ref*=".line_total-td"] {
white-space: nowrap; white-space: nowrap;
} }
@ -245,53 +249,25 @@
.repeating-footer-space { .repeating-footer-space {
height: 10px; height: 10px;
} }
.repeating-header { .repeating-header {
position: fixed; position: fixed;
top: 0; top: 0;
} }
.repeating-footer { .repeating-footer {
position: fixed; position: fixed;
bottom: 0; bottom: 0;
} }
[data-ref='task_table-task.description-th'], [data-ref='product_table-product.description-td'], td {
[data-ref='task_table-task.description-td'], min-width: 100%;
[data-ref='product_table-product.description-th'], max-width: 300px;
[data-ref='product_table-product.description-td'] {
min-width: 150px !important;
overflow-wrap: break-word; overflow-wrap: break-word;
} }
[data-ref='product_table-product.item-td']{
color: var(--primary-color);
}
[data-ref='product_table-product.item-th'],
[data-ref='product_table-product.unit_cost-th'],
[data-ref='product_table-product.quantity-th'],
[data-ref='product_table-product.line_total-th'] {
width: 12%;
}
[data-ref='product_table-product.tax1-th'] {
width: 10%;
}
[data-ref='task_table-task.hours-th'],
[data-ref='task_table-task.service-th'],
[data-ref='task_table-task.discount-th'],
[data-ref='task_table-task.cost-th'],
[data-ref='task_table-task.quantity-th'],
[data-ref='task_table-task.line_total-th'] {
width: 12%;
}
[data-ref='task_table-task.tax1-th'] {
width: 10%;
}
.stamp { .stamp {
transform: rotate(12deg); transform: rotate(12deg);
color: #555; color: #555;
font-size: 3rem; font-size: 3rem;
font-weight: 700; font-weight: 700;
@ -302,26 +278,26 @@
border-radius: 1rem; border-radius: 1rem;
font-family: 'Courier'; font-family: 'Courier';
mix-blend-mode: multiply; mix-blend-mode: multiply;
z-index:200 !important; z-index: 200 !important;
position: fixed; position: fixed;
text-align: center; text-align: center;
float:right; float: right;
} }
.is-paid { .is-paid {
color: #D23; color: #D23;
border: 1rem double #D23; border: 1rem double #D23;
transform: rotate(-5deg); transform: rotate(-5deg);
font-size: 6rem; font-size: 6rem;
font-family: "Open sans", Helvetica, Arial, sans-serif; font-family: "Open sans", Helvetica, Arial, sans-serif;
border-radius: 0; border-radius: 0;
padding: 0.5rem; padding: 0.5rem;
opacity: 0.2; opacity: 0.2;
z-index:200 !important; z-index: 200 !important;
position: fixed; position: fixed;
display: $show_paid_stamp; display: $show_paid_stamp;
} }
.project-header { .project-header {
font-size: 1.2em; font-size: 1.2em;
@ -332,15 +308,9 @@
margin-right: 0; margin-right: 0;
font-weight: bold; font-weight: bold;
color: #505050; color: #505050;
} }
.pqrcode { .pqrcode {}
}
#qr-bill{
width:100% !important;
}
/** Useful snippets, uncomment to enable. **/ /** Useful snippets, uncomment to enable. **/
@ -373,56 +343,56 @@
</style> </style>
<table style="min-width: 100%"> <table style="min-width: 100%">
<thead> <thead>
<tr> <tr>
<td> <td>
<div class="repeating-header-space">&nbsp;</div> <div class="repeating-header-space">&nbsp;</div>
</td> </td>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td> <td>
<div id="body"> <div id="body">
<div class="header-container"> <div class="header-container">
<div class="company-logo-container"> <div class="company-logo-container">
<img class="company-logo" src="$company.logo" alt="$company.name logo"> <img class="company-logo" src="$company.logo" alt="$company.name logo">
</div> </div>
<div id="company-details"></div> <div id="company-details"></div>
<div id="company-address"></div> <div id="company-address"></div>
</div> </div>
<p class="entity-label">$entity_label</p> <p class="entity-label">$entity_label</p>
<div class="client-and-entity-wrapper"> <div class="client-and-entity-wrapper">
<div> <div>
<table id="entity-details" cellspacing="0" cellpadding="0" dir="$dir"></table> <table id="entity-details" cellspacing="0" cellpadding="0" dir="$dir"></table>
</div> </div>
<div id="client-details"></div> <div id="client-details"></div>
<div id="vendor-details"></div> <div id="vendor-details"></div>
<div id="shipping-details"></div> <div id="shipping-details"></div>
</div> </div>
<table id="product-table" cellspacing="0" data-ref="table"></table> <table id="product-table" cellspacing="0" data-ref="table"></table>
<table id="task-table" cellspacing="0" data-ref="table"></table> <table id="task-table" cellspacing="0" data-ref="table"></table>
<table id="delivery-note-table" cellspacing="0" data-ref="table"></table> <table id="delivery-note-table" cellspacing="0" data-ref="table"></table>
<table id="statement-invoice-table" cellspacing="0" data-ref="table"></table> <table id="statement-invoice-table" cellspacing="0" data-ref="table"></table>
<div id="statement-invoice-table-totals" data-ref="statement-totals"></div> <div id="statement-invoice-table-totals" data-ref="statement-totals"></div>
<table id="statement-payment-table" cellspacing="0" data-ref="table"></table> <table id="statement-payment-table" cellspacing="0" data-ref="table"></table>
<div id="statement-payment-table-totals" data-ref="statement-totals"></div> <div id="statement-payment-table-totals" data-ref="statement-totals"></div>
<table id="statement-credit-table" cellspacing="0" data-ref="table"></table> <table id="statement-credit-table" cellspacing="0" data-ref="table"></table>
<div id="statement-credit-table-totals" data-ref="statement-totals"></div> <div id="statement-credit-table-totals" data-ref="statement-totals"></div>
<table id="statement-aging-table" cellspacing="0" data-ref="table"></table> <table id="statement-aging-table" cellspacing="0" data-ref="table"></table>
<div id="statement-aging-table-totals" data-ref="statement-totals"></div> <div id="statement-aging-table-totals" data-ref="statement-totals"></div>
<div id="table-totals" cellspacing="0">$status_logo</div> <div id="table-totals" cellspacing="0">$status_logo</div>
</div> </div>
</td> </td>
</tr> </tr>
</tbody> </tbody>
<tfoot> <tfoot>
<tr> <tr>
<td> <td>
<div class="repeating-footer-space">&nbsp;</div> <div class="repeating-footer-space">&nbsp;</div>
</td> </td>
</tr> </tr>
</tfoot> </tfoot>
</table> </table>
<div class="repeating-header" id="header"></div> <div class="repeating-header" id="header"></div>
@ -430,6 +400,5 @@
$entity_images $entity_images
<div class="repeating-footerx" id="footer"> <div class="repeating-footerx" id="footer">
<p data-ref="total_table-footer">$entity_footer</p> <p data-ref="total_table-footer">$entity_footer</p>
</div> </div>

50
resources/views/pdf-designs/creative.html
View File

@ -146,9 +146,9 @@
} }
[data-ref='product_table-product.description-th'], [data-ref='product_table-product.description-th'],
[data-ref='product_table-product.description-td'] { [data-ref='task_table-task.description-th'] {
min-width: 150px !important; width: 35% !important;
overflow-wrap: break-word; overflow-wrap: break-word;
} }
@ -156,42 +156,6 @@
color: var(--primary-color); color: var(--primary-color);
} }
[data-ref='product_table-product.item-th'],
[data-ref='product_table-product.unit_cost-th'],
[data-ref='product_table-product.quantity-th'] {
width: 12%;
}
[data-ref='product_table-product.tax1-th'] {
width: 6%;
}
[data-ref='product_table-product.line_total-th'] {
width: 10%;
}
[data-ref='task_table-task.description-th'],
[data-ref='task_table-task.description-td'] {
min-width: 100px !important;
overflow-wrap: break-word;
}
[data-ref='task_table-task.hours-th'],
[data-ref='task_table-task.service-th'],
[data-ref='task_table-task.discount-th'],
[data-ref='task_table-task.cost-th'],
[data-ref='task_table-task.quantity-th'] {
width: 12%;
}
[data-ref='task_table-task.tax1-th'] {
width: 6%;
}
[data-ref='task_table-task.line_total-th'] {
width: 10%;
}
[data-ref="table"] > thead { [data-ref="table"] > thead {
text-align: left; text-align: left;
} }
@ -201,12 +165,12 @@
padding: 1rem; padding: 1rem;
} }
[data-ref="table"] > thead > tr > th:last-child { th.right-radius {
text-align: right; text-align: right !important;
} }
[data-ref="table"] > tbody > tr > td:last-child { td.right-radius {
text-align: right; text-align: right !important;
} }
[data-ref="table"] > tbody > tr > td { [data-ref="table"] > tbody > tr > td {