mirror of
				https://github.com/invoiceninja/invoiceninja.git
				synced 2025-10-26 02:22:53 -04:00 
			
		
		
		
	Merge pull request #8137 from turbo124/v5-develop
Fix for data leak on products route when using the ?with filter
This commit is contained in:
		
						commit
						c4058c502e
					
				| @ -1 +1 @@ | ||||
| 5.5.53 | ||||
| 5.5.54 | ||||
| @ -306,7 +306,7 @@ class CreateSingleAccount extends Command | ||||
| 
 | ||||
|         $webhook_config = [ | ||||
|             'post_purchase_url' => 'http://ninja.test:8000/api/admin/plan', | ||||
|             'post_purchase_rest_method' => 'POST', | ||||
|             'post_purchase_rest_method' => 'post', | ||||
|             'post_purchase_headers' => [config('ninja.ninja_hosted_header') => config('ninja.ninja_hosted_secret')], | ||||
|         ]; | ||||
| 
 | ||||
|  | ||||
| @ -251,6 +251,7 @@ abstract class QueryFilters | ||||
|     { | ||||
|         return $this->builder | ||||
|             ->orWhere($this->with_property, $value) | ||||
|             ->orderByRaw("{$this->with_property} = ? DESC", [$value]); | ||||
|             ->orderByRaw("{$this->with_property} = ? DESC", [$value]) | ||||
|             ->company(); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -239,11 +239,6 @@ class SubscriptionService | ||||
|                                 ->where('status_id', Invoice::STATUS_PAID) | ||||
|                                 ->first(); | ||||
| 
 | ||||
| if($last_invoice) | ||||
|     nlog($last_invoice->toArray()); | ||||
| else | ||||
|     nlog("no invoice found"); | ||||
| 
 | ||||
|         $refund = $this->calculateProRataRefundForSubscription($last_invoice); | ||||
| 
 | ||||
|         if($use_credit_setting != 'off') | ||||
| @ -340,7 +335,7 @@ else | ||||
|      */ | ||||
|     private function calculateProRataRefundForSubscription($invoice) :float | ||||
|     { | ||||
|         if(!$invoice || !$invoice->date) | ||||
|         if(!$invoice || !$invoice->date || $invoice->status_id != Invoice::STATUS_PAID) | ||||
|             return 0; | ||||
| 
 | ||||
|         $start_date = Carbon::parse($invoice->date); | ||||
| @ -486,7 +481,7 @@ else | ||||
|                                          ->where('client_id', $recurring_invoice->client_id) | ||||
|                                          ->where('is_proforma',0) | ||||
|                                          ->where('is_deleted', 0) | ||||
|                                          ->where('status_id', Invoice::STATUS_PAID) | ||||
|                                          ->whereIn('status_id', [Invoice::STATUS_SENT, Invoice::STATUS_PARTIAL, Invoice::STATUS_PAID]) | ||||
|                                          ->withTrashed() | ||||
|                                          ->orderBy('id', 'desc') | ||||
|                                          ->first(); | ||||
| @ -626,6 +621,7 @@ else | ||||
| 
 | ||||
|         $last_invoice = Invoice::where('subscription_id', $recurring_invoice->subscription_id) | ||||
|                                          ->where('client_id', $recurring_invoice->client_id) | ||||
|                                          ->where('is_proforma',0) | ||||
|                                          ->where('is_deleted', 0) | ||||
|                                          ->withTrashed() | ||||
|                                          ->orderBy('id', 'desc') | ||||
| @ -673,6 +669,7 @@ else | ||||
|         $last_invoice = Invoice::where('subscription_id', $recurring_invoice->subscription_id) | ||||
|                                          ->where('client_id', $recurring_invoice->client_id) | ||||
|                                          ->where('is_deleted', 0) | ||||
|                                          ->where('is_proforma',0) | ||||
|                                          ->withTrashed() | ||||
|                                          ->orderBy('id', 'desc') | ||||
|                                          ->first(); | ||||
|  | ||||
| @ -14,8 +14,8 @@ return [ | ||||
|     'require_https' => env('REQUIRE_HTTPS', true), | ||||
|     'app_url' => rtrim(env('APP_URL', ''), '/'), | ||||
|     'app_domain' => env('APP_DOMAIN', 'invoicing.co'), | ||||
|     'app_version' => '5.5.53', | ||||
|     'app_tag' => '5.5.53', | ||||
|     'app_version' => '5.5.54', | ||||
|     'app_tag' => '5.5.54', | ||||
|     'minimum_client_version' => '5.0.16', | ||||
|     'terms_version' => '1.0.1', | ||||
|     'api_secret' => env('API_SECRET', ''), | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user