--- app/code/DCKAP/Checkout/Controller/Index/Index.php 2025-06-18 15:33:59.746699000 +0530
+++ app/code/DCKAP/Checkout/Controller/Index/Indexp.php 2025-06-18 15:34:59.320296630 +0530
@@ -6,6 +6,8 @@
use Magento\Framework\Controller\ResultFactory;
use Magento\Framework\Registry;
use Magento\Framework\Controller\Result\JsonFactory;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
class Index extends \Magento\Framework\App\Action\Action
{
@@ -14,6 +16,14 @@
protected $_coreRegistry;
protected $resultPageFactory;
protected $resultJsonFactory;
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
const DEFAULT_TRANSACTION_STATUS='pending';
const APPROVED_TRANSACTION_STATUS='approved';
const DECLINED_TRANSACTION_STATUS='declined';
@@ -34,7 +44,9 @@
\DCKAP\Checkout\Model\PayinvoiceTransactionLogFactory $payinvoice_transaction_log,
\DCKAP\Extension\Helper\Data $extensionHelper,
Registry $coreRegistry,
- JsonFactory $resultJsonFactory
+ JsonFactory $resultJsonFactory,
+ ForwardFactory $resultForwardFactory,
+ StripTags $stripTags
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -43,6 +55,8 @@
$this->_coreRegistry = $coreRegistry;
$this->resultJsonFactory = $resultJsonFactory;
$this->extensionHelper = $extensionHelper;
+ $this->resultForwardFactory = $resultForwardFactory;
+ $this->stripTags = $stripTags;
}
public function execute()
@@ -55,6 +69,12 @@
}
/* code to maintain invoice transaction log*/
$data=$this->getRequest()->getParam('data');
+ if ( $data && !preg_match('/^[0-9_-]+$/', $data)) {
+ // Show error and redirect
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
$invoices=rtrim(str_replace("__", ",", $data), ",");
$invoice_array = explode(',', $invoices);
$customer_id=$this->customerSession->getCustomerId();
--- app/code/DCKAP/OrderApproval/view/frontend/templates/MyAccount/preview_order_details.phtml 2025-06-18 15:39:17.341177000 +0530
+++ app/code/DCKAP/OrderApproval/view/frontend/templates/MyAccount/preview_order_detailsp.phtml 2025-06-18 15:38:59.641171748 +0530
@@ -210,9 +210,6 @@
-
-
-
+
+
+
\ No newline at end of file
--- app/code/DCKAP/QuickRFQ/Controller/Customer/Index.php 2025-06-18 15:44:38.166132000 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Customer/Indexp.php 2025-06-18 15:44:31.153336156 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Customer;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class Index
* @package DCKAP\QuickRFQ\Controller\Customer
@@ -39,7 +41,14 @@
protected $scopeConfig;
protected $_checkoutSession;
protected $_QuickRFQHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* Index constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -61,7 +70,9 @@
\DCKAP\Extension\Helper\Data $extensionHelper,
\Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig,
\Magento\Checkout\Model\Session $checkoutSession,
- \DCKAP\QuickRFQ\Helper\Data $QuickRFQHelper
+ \DCKAP\QuickRFQ\Helper\Data $QuickRFQHelper,
+ ForwardFactory $resultForwardFactory,
+ StripTags $stripTags
)
{
parent::__construct($context);
@@ -74,6 +85,8 @@
$this->scopeConfig = $scopeConfig;
$this->_checkoutSession = $checkoutSession;
$this->_QuickRFQHelper = $QuickRFQHelper;
+ $this->resultForwardFactory = $resultForwardFactory;
+ $this->stripTags = $stripTags;
}
/**
@@ -171,6 +184,13 @@
protected function getFormatedReportData($data, $pagination)
{
$params = $this->getRequest()->getParams();
+ $sfield = isset($params['sfield']) ? $this->stripTags->filter($params['sfield']) : '';
+ if ( $sfield && !preg_match('/^[a-zA-Z]+$/', $sfield)) {
+ // Show error and redirect
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
$shipto = (!empty($params['shipto'])) ? $params['shipto'] : null;
if (!empty($params['limit'])) {
--- app/code/DCKAP/QuickRFQ/Controller/Invoice/History.php 2025-06-18 15:47:34.509861741 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Invoice/Historyp.php 2025-06-18 15:46:53.450721997 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Invoice;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class History
* @package DCKAP\QuickRFQ\Controller\Invoice
@@ -33,7 +35,14 @@
* @var \DCKAP\Extension\Helper\Data
*/
protected $extensionHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* History constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -51,7 +60,9 @@
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
- \DCKAP\Extension\Helper\Data $extensionHelper
+ \DCKAP\Extension\Helper\Data $extensionHelper,
+ ForwardFactory $resultForwardFactory,
+ StripTags $stripTags
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -60,6 +71,8 @@
$this->clorasHelper = $clorasHelper;
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
+ $this->resultForwardFactory = $resultForwardFactory;
+ $this->stripTags = $stripTags;
}
/**
@@ -115,7 +128,14 @@
protected function getFormatedReportData($data, $pagination)
{
$params = $this->getRequest()->getParams();
-
+
+ $sfield = isset($params['sfield']) ? $this->stripTags->filter($params['sfield']) : '';
+ if ($sfield && !preg_match('/^[a-zA-Z]+$/', $sfield)) {
+ // Show error and redirect
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
if (!empty($params['limit'])) {
$limit = abs((int)$params['limit']);
} elseif ($pagination && $pagination != '') {
@@ -160,7 +180,6 @@
$start = abs($limit * ($page - 1));
$sortField = (isset($params['sfield']) && !empty($params['sfield'])) ? $params['sfield'] : 'invoiceNumber';
-
$handleSorder = 0;
if (isset($params['sorder']) && !empty($params['sorder'])) {
$sortOrder = ($params['sorder'] == 1) ? SORT_ASC : SORT_DESC;
--- app/code/DCKAP/QuickRFQ/Controller/Invoice/View.php 2025-06-18 15:47:46.900616230 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Invoice/Viewp.php 2025-06-18 15:46:45.832889814 +0530
@@ -3,6 +3,8 @@
namespace DCKAP\QuickRFQ\Controller\Invoice;
use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class View
@@ -39,7 +41,14 @@
* @var \Magento\Framework\Filesystem
*/
protected $filesystem;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* View constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -50,6 +59,8 @@
* @param \Cloras\DDI\Helper\Data $clorasDDIHelper
* @param \DCKAP\Extension\Helper\Data $extensionHelper
* @param \Magento\Framework\Filesystem $filesystem
+ * @param \Magento\Framework\Filter\StripTags $stripTags
+ * @param \Magento\Framework\Controller\Result\ForwardFactory $resultForwardFactory
*/
public function __construct(
\Magento\Framework\App\Action\Context $context,
@@ -59,7 +70,9 @@
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
\DCKAP\Extension\Helper\Data $extensionHelper,
- \Magento\Framework\Filesystem $filesystem
+ \Magento\Framework\Filesystem $filesystem,
+ StripTags $stripTags,
+ ForwardFactory $resultForwardFactory
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -69,6 +82,8 @@
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
$this->filesystem = $filesystem;
+ $this->stripTags = $stripTags;
+ $this->resultForwardFactory = $resultForwardFactory;
}
/**
@@ -83,8 +98,16 @@
$loginUrl = $this->_url->getUrl('customer/account/login');
return $resultRedirect->setPath($loginUrl);
}
+ // Sanitize input (basic tag stripping)
$params = $this->getRequest()->getParams();
- $invoiceData = $this->getInvoiceData($params['id'], true);
+ $id = isset($params['id']) ? $this->stripTags->filter($params['id']) : '';
+ // Validate the ID (e.g., numeric)
+ if (!preg_match('/^[a-zA-Z0-9\-]+$/', $id)) {
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
+ $invoiceData = $this->getInvoiceData($id, true);
/**
* Check whether invoice pdf is available or not
--- app/code/DCKAP/QuickRFQ/Controller/Order/History.php 2025-06-18 15:50:04.911272546 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Order/Historyp.php 2025-06-18 15:49:34.038739236 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Order;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class History
* @package DCKAP\QuickRFQ\Controller\Order
@@ -33,7 +35,14 @@
* @var \DCKAP\Extension\Helper\Data
*/
protected $extensionHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* History constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -51,7 +60,9 @@
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
- \DCKAP\Extension\Helper\Data $extensionHelper
+ \DCKAP\Extension\Helper\Data $extensionHelper,
+ ForwardFactory $resultForwardFactory,
+ StripTags $stripTags
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -60,6 +71,8 @@
$this->clorasHelper = $clorasHelper;
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
+ $this->resultForwardFactory = $resultForwardFactory;
+ $this->stripTags = $stripTags;
}
/**
@@ -109,6 +122,14 @@
protected function getFormatedReportData($data, $pagination)
{
$params = $this->getRequest()->getParams();
+ $sfield = isset($params['sfield']) ? $this->stripTags->filter($params['sfield']) : '';
+ // Validate the ID (e.g., numeric)
+ if ( $sfield && !preg_match('/^[a-zA-Z]+$/', $sfield)) {
+ // Show error and redirect
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
if (!empty($params['limit'])) {
$limit = abs((int)$params['limit']);
--- app/code/DCKAP/QuickRFQ/Controller/Order/View.php 2025-06-18 15:50:14.373135547 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Order/Viewp.php 2025-06-18 15:49:32.871757484 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Order;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class View
* @package DCKAP\QuickRFQ\Controller\Order
@@ -33,7 +35,14 @@
* @var \DCKAP\Extension\Helper\Data
*/
protected $extensionHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* View constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -43,6 +52,8 @@
* @param \Cloras\Base\Helper\Data $clorasHelper
* @param \Cloras\DDI\Helper\Data $clorasDDIHelper
* @param \DCKAP\Extension\Helper\Data $extensionHelper
+ * @param \Magento\Framework\Filter\StripTags $stripTags
+ * @param \Magento\Framework\Controller\Result\ForwardFactory $resultForwardFactory
*/
public function __construct(
\Magento\Framework\App\Action\Context $context,
@@ -51,7 +62,9 @@
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
- \DCKAP\Extension\Helper\Data $extensionHelper
+ \DCKAP\Extension\Helper\Data $extensionHelper,
+ StripTags $stripTags,
+ ForwardFactory $resultForwardFactory
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -60,6 +73,8 @@
$this->clorasHelper = $clorasHelper;
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
+ $this->stripTags = $stripTags;
+ $this->resultForwardFactory = $resultForwardFactory;
}
/**
@@ -74,7 +89,14 @@
return $resultRedirect->setPath($loginUrl);
}
$params = $this->getRequest()->getParams();
- $orderData = $this->getOrderData($params['id']);
+ $id = isset($params['id']) ? $this->stripTags->filter($params['id']) : '';
+ // Validate the ID (e.g., numeric)
+ if (!preg_match('/^[a-zA-Z0-9]+$/', $id)) {
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
+ $orderData = $this->getOrderData($id);
$this->_registry->register('ddi_order', $orderData);
$resultPage = $this->resultPageFactory->create();
--- app/code/DCKAP/QuickRFQ/Controller/Quote/Index.php 2025-06-18 15:51:32.173108000 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Quote/Indexp.php 2025-06-18 15:51:21.925234002 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Quote;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class Index
* @package DCKAP\QuickRFQ\Controller\Quote
@@ -33,7 +35,14 @@
* @var \DCKAP\Extension\Helper\Data
*/
protected $extensionHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* Index constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -51,7 +60,9 @@
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
- \DCKAP\Extension\Helper\Data $extensionHelper
+ \DCKAP\Extension\Helper\Data $extensionHelper,
+ ForwardFactory $resultForwardFactory,
+ StripTags $stripTags
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -60,6 +71,8 @@
$this->clorasHelper = $clorasHelper;
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
+ $this->resultForwardFactory = $resultForwardFactory;
+ $this->stripTags = $stripTags;
}
/**
@@ -112,7 +125,13 @@
protected function getFormatedReportData($data, $pagination)
{
$params = $this->getRequest()->getParams();
-
+ $sfield = isset($params['sfield']) ? $this->stripTags->filter($params['sfield']) : '';
+ if ( $sfield && !preg_match('/^[a-zA-Z]+$/', $sfield)) {
+ // Show error and redirect
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
if (!empty($params['limit'])) {
$limit = abs((int)$params['limit']);
} elseif ($pagination && $pagination != '') {
@@ -141,7 +160,6 @@
$start = abs($limit * ($page - 1));
$sortField = (isset($params['sfield']) && !empty($params['sfield'])) ? $params['sfield'] : 'orderNumber';
-
$handleSorder = 0;
if (isset($params['sorder']) && !empty($params['sorder'])) {
$sortOrder = ($params['sorder'] == 1) ? SORT_ASC : SORT_DESC;
--- app/code/DCKAP/QuickRFQ/Controller/Quote/View.php 2025-06-19 11:51:46.508623000 +0530
+++ app/code/DCKAP/QuickRFQ/Controller/Quote/Viewp.php 2025-06-19 11:55:19.820124147 +0530
@@ -2,6 +2,8 @@
namespace DCKAP\QuickRFQ\Controller\Quote;
+use Magento\Framework\Filter\StripTags;
+use Magento\Framework\Controller\Result\ForwardFactory;
/**
* Class View
* @package DCKAP\QuickRFQ\Controller\Quote
@@ -33,7 +35,14 @@
* @var \DCKAP\Extension\Helper\Data
*/
protected $extensionHelper;
-
+ /**
+ * @var \Magento\Framework\Filter\StripTags
+ */
+ protected $stripTags;
+ /**
+ * @var ForwardFactory
+ */
+ protected $resultForwardFactory;
/**
* View constructor.
* @param \Magento\Framework\App\Action\Context $context
@@ -43,6 +52,8 @@
* @param \Cloras\Base\Helper\Data $clorasHelper
* @param \Cloras\DDI\Helper\Data $clorasDDIHelper
* @param \DCKAP\Extension\Helper\Data $extensionHelper
+ * @param \Magento\Framework\Filter\StripTags $stripTags
+ * @param \Magento\Framework\Controller\Result\ForwardFactory $resultForwardFactory
*/
public function __construct(
\Magento\Framework\App\Action\Context $context,
@@ -51,7 +62,9 @@
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
\Cloras\Base\Helper\Data $clorasHelper,
\Cloras\DDI\Helper\Data $clorasDDIHelper,
- \DCKAP\Extension\Helper\Data $extensionHelper
+ \DCKAP\Extension\Helper\Data $extensionHelper,
+ StripTags $stripTags,
+ ForwardFactory $resultForwardFactory
) {
parent::__construct($context);
$this->customerSession = $customerSession;
@@ -60,6 +73,8 @@
$this->clorasHelper = $clorasHelper;
$this->clorasDDIHelper = $clorasDDIHelper;
$this->extensionHelper = $extensionHelper;
+ $this->stripTags = $stripTags;
+ $this->resultForwardFactory = $resultForwardFactory;
}
/**
@@ -74,7 +89,14 @@
return $resultRedirect->setPath($loginUrl);
}
$params = $this->getRequest()->getParams();
- $orderData = $this->getOrderData($params['id']);
+ $id = isset($params['id']) ? $this->stripTags->filter($params['id']) : '';
+ // Validate the ID (e.g., numeric)
+ if (!preg_match('/^[a-zA-Z0-9]+$/', $id)) {
+ /** @var \Magento\Framework\Controller\Result\Forward $resultForward */
+ $resultForward = $this->resultForwardFactory->create();
+ return $resultForward->forward('noroute');
+ }
+ $orderData = $this->getOrderData($id);
$this->_registry->register('ddi_quote', $orderData);
$resultPage = $this->resultPageFactory->create();
--- app/code/Cloras/DDI/Plugin/LoginPost.php 2025-06-18 14:52:58.596668000 +0530
+++ app/code/Cloras/DDI/Plugin/LoginPostp.php 2025-06-18 15:06:40.002434311 +0530
@@ -148,10 +148,7 @@
}
} else {
if ($this->session->getIsEcommUservalid() == 'no' || $this->session->getIsEcommUservalid() == '') {
- if (empty($this->session->getEcommUserErrorMessage())) {
return $proceed();
- }
- $this->messageManager->addWarningMessage($this->session->getEcommUserErrorMessage());
} else {
$callUs = $this->dckapHelper->getCallUs();
$storeName = $this->dckapHelper->getStoreName();
--- app/code/DCKAP/QuickRFQ/view/frontend/templates/order/printview.phtml 2025-06-19 12:25:19.692911000 +0530
+++ app/code/DCKAP/QuickRFQ/view/frontend/templates/order/printviewp.phtml 2025-06-19 12:27:23.869115902 +0530
@@ -273,7 +273,7 @@
-