QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-07 05:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,716 Commits 96 Branches 16 Tags
fix/clone-cross-company-idor
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Darko Gjorgjijoski 3a1bfd3824 Add company ownership check to clone endpoints 
Verify the source record belongs to the current company before cloning.
Previously, users could clone invoices/estimates from other companies,
leaking sensitive data (amounts, customer details, items, taxes, notes).

The view policy already includes hasCompany() check, so authorizing
view on the source record gates both ability and company ownership.

Ref #574
2026-04-03 14:25:43 +02:00
.cursor
Update IDE helpers, Tailwind skill to v4, and refresh dependencies
2026-04-02 21:03:55 +02:00
.github
Standardize Node.js version to 24 (#599)
2026-04-02 17:08:39 +02:00
app
Add company ownership check to clone endpoints
2026-04-03 14:25:43 +02:00
bootstrap
Laravel 13 upgrade, updates and fixes
2026-03-21 18:53:33 +01:00
config
PHP8.4 requirement
2026-03-24 07:07:41 +01:00
database
Installer reliability improvements (#593)
2026-04-02 14:48:08 +02:00
docker
Standardize Node.js version to 24 (#599)
2026-04-02 17:08:39 +02:00
lang
Update source file en.json
2026-03-24 09:30:45 +01:00
public
feat(infrastructure): improve htaccess configuration. (#214)
2024-11-17 00:18:35 +01:00
resources
Upgrade ChartJS from v2 to v4 (#603)
2026-04-02 20:02:49 +02:00
routes
fix(csrf-token): add leading dot to session domain cookie. (#224)
2025-08-28 09:44:34 +02:00
storage
Refactor Custom Invoice/Estimate PDF Templates (#277)
2025-01-13 01:20:13 +01:00
tests
Fix CustomerPolicy missing hasCompany() check (IDOR) (#604)
2026-04-03 13:56:34 +02:00
_ide_helper_models.php
Regenerate IDE Helper Assets (#274)
2025-01-12 20:48:06 +01:00
_ide_helper.php
Update IDE helpers, Tailwind skill to v4, and refresh dependencies
2026-04-02 21:03:55 +02:00
.dockerignore
Devenv subcommands for test / format (#462)
2025-09-02 03:32:21 +02:00
.editorconfig
.env.example
Addresses SSRF risk
2026-03-21 19:14:51 +01:00
.env.testing
Upgrade mail configuration (#455)
2025-08-31 03:04:31 +02:00
.gitattributes
Update file line ending format
2024-07-28 17:44:22 -07:00
.gitignore
Devenv subcommands for test / format (#462)
2025-09-02 03:32:21 +02:00
.node-version
Standardize Node.js version to 24 (#599)
2026-04-02 17:08:39 +02:00
.phpstorm.meta.php
Update IDE helpers, Tailwind skill to v4, and refresh dependencies
2026-04-02 21:03:55 +02:00
.prettierrc.json
AGENTS.md
Laravel 13 upgrade, updates and fixes
2026-03-21 18:53:33 +01:00
artisan
Make artisan file executable
2024-07-28 17:24:57 +02:00
boost.json
Laravel 13 upgrade, updates and fixes
2026-03-21 18:53:33 +01:00
CLAUDE.md
Installer reliability improvements (#593)
2026-04-02 14:48:08 +02:00
CODE_OF_CONDUCT.md
Update CODE_OF_CONDUCT.md
2024-01-28 19:47:46 +01:00
composer.json
Update IDE helpers, Tailwind skill to v4, and refresh dependencies
2026-04-02 21:03:55 +02:00
composer.lock
Update IDE helpers, Tailwind skill to v4, and refresh dependencies
2026-04-02 21:03:55 +02:00
crowdin.yml
Fix locales issue #43 (#46)
2024-03-27 11:00:36 +01:00
devenv
Devenv subcommands for test / format (#462)
2025-09-02 03:32:21 +02:00
eslint.config.mjs
Upgrade eslint tooling to v10 and fix linting bugs (#601)
2026-04-02 17:33:18 +02:00
invoiceshelf.code-workspace
Rename code-workspace config file
2024-02-04 23:38:41 +01:00
LICENSE
Makefile
Add app version
2024-07-12 03:08:07 +02:00
package.json
Upgrade ChartJS from v2 to v4 (#603)
2026-04-02 20:02:49 +02:00
phpunit.xml
Laravel 11 (#84)
2024-06-05 11:33:52 +02:00
readme.md
PHP8.4 requirement
2026-03-24 07:07:41 +01:00
SECURITY.md
docs(SECURITY.md): revise security vulnerability reporting instructions
2026-02-27 16:35:06 +00:00
server.php
Setup pint & run code style fix
2024-01-29 04:46:01 -06:00
tsconfig.json
version.md
Hot fix #280
2026-03-24 12:13:40 +01:00
vite.config.js
Upgrade to Vite 8 and Tailwind CSS 4 (#595)
2026-04-02 15:59:15 +02:00
yarn.lock
Upgrade ChartJS from v2 to v4 (#603)
2026-04-02 20:02:49 +02:00

readme.md

Introduction

InvoiceShelf is an open-source web & mobile app that helps you track expenses, payments & create professional invoices & estimates.

The Web Application is made using Laravel & VueJS while the Mobile Apps are built using React Native.

To get started with InvoiceShelf using Docker Compose, check out the Installation docs.

Table of Contents

  1. Documentation
  2. Download
  3. Mobile Apps
  4. Discord - NEW 🔥
  5. Roadmap
  6. Credits
  7. Help us translate
  8. License

Documentation

System Requirements

  • Starting from v2.2.0 (Laravel 13 upgrade), InvoiceShelf requires PHP 8.4+.
  • Before updating from the app settings, verify your server PHP version and required extensions.
  • The in-app updater checks requirements and blocks the update if they are not met.

Download

Mobile Apps

  • Andorid - Coming Soon
  • IOS - Coming Soon
  • Source

Discord

Join the InvoiceShelf discord server to discuss: Invite Link

Roadmap

~~Here's a rough roadmap of things to come (not in any specific order):

  • Automatic Update
  • Email Configuration
  • Installation Wizard
  • Address Customisation & Default notes
  • Edit Email before Sending Invoice
  • Available as a docker image
  • Performance Improvements
  • Customer View page
  • Add and Use Custom Fields on Invoices & Estimates.
  • Multiple Companies
  • Recurring Invoices
  • Customer Portal
  • Accept Payments (Stripe Integration)
  • Improved template system (invoices and estimate)
  • Modules and templates marketplace

Credits

InvoiceShelf is made possible thanks to the contributions and support from many people and projects:

  • Crater (project inspiration and code base)
  • All contributors who have provided code, translations, reported issues, or supported the project in any way.

Translate

Help us translate on https://crowdin.com/project/invoiceshelf

License

InvoiceShelf is released under the GNU AFFERO GENERAL PUBLIC LICENSE Version 3. See LICENSE for details.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme AGPL-3.0 68 MiB
Languages
PHP 59.9%
Vue 36.1%
Blade 3.2%
Shell 0.6%
Dockerfile 0.1%