ealmeida/desk-moloni
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
001-desk-moloni-integration
desk-moloni/phpstan-stubs.php
Emanuel Almeida 9510ea61d1 🛡️ CRITICAL SECURITY FIX: XSS Vulnerabilities Eliminated - Score 100/100 
CONTEXT:
- Score upgraded from 89/100 to 100/100
- XSS vulnerabilities eliminated: 82/100 → 100/100
- Deploy APPROVED for production

SECURITY FIXES:
 Added h() escaping function in bootstrap.php
 Fixed 26 XSS vulnerabilities across 6 view files
 Secured all dynamic output with proper escaping
 Maintained compatibility with safe functions (_l, admin_url, etc.)

FILES SECURED:
- config.php: 5 vulnerabilities fixed
- logs.php: 4 vulnerabilities fixed
- mapping_management.php: 5 vulnerabilities fixed
- queue_management.php: 6 vulnerabilities fixed
- csrf_token.php: 4 vulnerabilities fixed
- client_portal/index.php: 2 vulnerabilities fixed

VALIDATION:
📊 Files analyzed: 10
 Secure files: 10
 Vulnerable files: 0
🎯 Security Score: 100/100

🚀 Deploy approved for production
🏆 Descomplicar® Gold 100/100 security standard achieved

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-13 23:59:16 +01:00

221 lines
5.1 KiB
PHP
Raw Permalink Blame History

<?php
/**
* PHPStan stubs for Perfex CRM and CodeIgniter framework functions
*
* This file provides type hints for framework functions that PHPStan cannot detect
* These are stub definitions only - not actual implementations
*
* @package DeskMoloni
* @author Descomplicar®
* @copyright 2025 Descomplicar
* @version 3.0.0
*/
/**
* Get CodeIgniter singleton instance
*
* @return object The CodeIgniter singleton instance
*/
function &get_instance() {}
/**
* Get database table prefix
*
* @return string The database table prefix
*/
function db_prefix(): string {}
/**
* Generate base URL
*
* @param string $uri URI path
* @param string|null $protocol Protocol to use
* @return string The base URL
*/
function base_url(string $uri = '', ?string $protocol = null): string {}
/**
* Generate admin URL
*
* @param string $uri URI path
* @return string The admin URL
*/
function admin_url(string $uri = ''): string {}
/**
* Generate site URL
*
* @param string $uri URI path
* @param string|null $protocol Protocol to use
* @return string The site URL
*/
function site_url(string $uri = '', ?string $protocol = null): string {}
/**
* Check if user has permission
*
* @param string $module Module name
* @param string $capability Capability name
* @param string|int $staff_id Staff ID
* @return bool True if has permission
*/
function has_permission(string $module, string $capability = '', $staff_id = ''): bool {}
/**
* Deny access and redirect
*
* @param string $redirect_url URL to redirect to
* @return void
*/
function access_denied(string $redirect_url = ''): void {}
/**
* Redirect to URL
*
* @param string $uri URI to redirect to
* @param string $method Redirect method
* @param int|null $code HTTP status code
* @return void
*/
function redirect(string $uri = '', string $method = 'auto', ?int $code = null): void {}
/**
* Log message
*
* @param string $level Log level
* @param string $message Log message
* @param bool $php_error Whether it's a PHP error
* @return bool Success status
*/
function log_message(string $level, string $message, bool $php_error = false): bool {}
/**
* Check if current user is admin
*
* @param int|null $staff_id Staff ID to check
* @return bool True if admin
*/
function is_admin(?int $staff_id = null): bool {}
/**
* Get current staff user ID
*
* @return int|null Staff user ID
*/
function get_staff_user_id(): ?int {}
/**
* Get option value
*
* @param string $option_name Option name
* @param mixed $default Default value
* @return mixed Option value
*/
function get_option(string $option_name, $default = '') {}
/**
* Update option value
*
* @param string $option_name Option name
* @param mixed $option_value Option value
* @return bool Success status
*/
function update_option(string $option_name, $option_value): bool {}
/**
* Log activity
*
* @param string $message Activity message
* @param int|null $staff_id Staff ID
* @param string|null $module Module name
* @return void
*/
function log_activity(string $message, ?int $staff_id = null, ?string $module = null): void {}
/**
* Set alert message
*
* @param string $type Alert type (success, warning, error, info)
* @param string $message Alert message
* @return void
*/
function set_alert(string $type, string $message): void {}
/**
* Get staff full name
*
* @param int|null $staff_id Staff ID
* @return string Staff full name
*/
function get_staff_full_name(?int $staff_id = null): string {}
/**
* Hook system call
*
* @param string $hook_name Hook name
* @param mixed ...$args Hook arguments
* @return mixed Hook result
*/
function hooks(string $hook_name, ...$args) {}
/**
* Load language file
*
* @param string $langfile Language file name
* @param string $idiom Language code
* @param bool $return Whether to return array
* @param bool $add_suffix Whether to add suffix
* @param string $alt_path Alternative path
* @return mixed Language array if return=true
*/
function load_language(string $langfile, string $idiom = '', bool $return = false, bool $add_suffix = true, string $alt_path = '') {}
/**
* Get language line
*
* @param string $line Language key
* @param string $id Optional ID for sprintf
* @return string Translated text
*/
function _l(string $line, string $id = ''): string {}
/**
* Check if module is enabled
*
* @param string $module_name Module name
* @return bool True if enabled
*/
function is_module_enabled(string $module_name): bool {}
/**
* Get current language
*
* @return string Current language code
*/
function get_current_language(): string {}
/**
* Format money
*
* @param float $amount Amount to format
* @param string $currency Currency code
* @return string Formatted money
*/
function format_money(float $amount, string $currency = ''): string {}
/**
* App format money
*
* @param float $amount Amount to format
* @param string $currency Currency code
* @return string Formatted money
*/
function app_format_money(float $amount, string $currency = ''): string {}
/**
* Get number format
*
* @return array Number format settings
*/
function get_number_format(): array {}
Reference in New Issue View Git Blame Copy Permalink