diff --git a/packages/server/src/api/controllers/Accounts.ts b/packages/server/src/api/controllers/Accounts.ts index 9c1b12e9f..bcc7b651f 100644 --- a/packages/server/src/api/controllers/Accounts.ts +++ b/packages/server/src/api/controllers/Accounts.ts @@ -103,24 +103,20 @@ export default class AccountsController extends BaseController { check('name') .exists() .isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) - .trim() - .escape(), + .trim(), check('code') .optional({ nullable: true }) .isLength({ min: 3, max: 6 }) - .trim() - .escape(), + .trim(), check('currency_code').optional(), check('account_type') .exists() .isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) - .trim() - .escape(), + .trim(), check('description') .optional({ nullable: true }) .isLength({ max: DATATYPES_LENGTH.TEXT }) - .trim() - .escape(), + .trim(), check('parent_account_id') .optional({ nullable: true }) .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 }) @@ -136,23 +132,19 @@ export default class AccountsController extends BaseController { check('name') .exists() .isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) - .trim() - .escape(), + .trim(), check('code') .optional({ nullable: true }) .isLength({ min: 3, max: 6 }) - .trim() - .escape(), + .trim(), check('account_type') .exists() .isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) - .trim() - .escape(), + .trim(), check('description') .optional({ nullable: true }) .isLength({ max: DATATYPES_LENGTH.TEXT }) - .trim() - .escape(), + .trim(), check('parent_account_id') .optional({ nullable: true }) .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 }) diff --git a/packages/server/src/api/controllers/Authentication.ts b/packages/server/src/api/controllers/Authentication.ts index ff6576bec..052454350 100644 --- a/packages/server/src/api/controllers/Authentication.ts +++ b/packages/server/src/api/controllers/Authentication.ts @@ -90,27 +90,23 @@ export default class AuthenticationController extends BaseController { .exists() .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('last_name') .exists() .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('email') .exists() .isString() .isEmail() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('password') .exists() .isString() .isLength({ min: 6 }) .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), ]; } @@ -150,7 +146,7 @@ export default class AuthenticationController extends BaseController { * @returns {ValidationChain[]} */ private get sendResetPasswordSchema(): ValidationChain[] { - return [check('email').exists().isEmail().trim().escape()]; + return [check('email').exists().isEmail().trim()]; } /** @@ -158,7 +154,11 @@ export default class AuthenticationController extends BaseController { * @param {Request} req * @param {Response} res */ - private async login(req: Request, res: Response, next: Function): Response { + private async login( + req: Request, + res: Response, + next: Function + ): Promise { const userDTO: ILoginDTO = this.matchedBodyData(req); try { diff --git a/packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts b/packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts index 5e204ca12..fea9b84c9 100644 --- a/packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts +++ b/packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts @@ -112,12 +112,11 @@ export default class NewCashflowTransactionController extends BaseController { public get newTransactionValidationSchema() { return [ check('date').exists().isISO8601().toDate(), - check('reference_no').optional({ nullable: true }).trim().escape(), + check('reference_no').optional({ nullable: true }).trim(), check('description') .optional({ nullable: true }) .isLength({ min: 3 }) - .trim() - .escape(), + .trim(), check('transaction_type').exists(), check('amount').exists().isFloat().toFloat(), diff --git a/packages/server/src/api/controllers/Contacts/Contacts.ts b/packages/server/src/api/controllers/Contacts/Contacts.ts index 24b99e09f..6d5bf19ec 100644 --- a/packages/server/src/api/controllers/Contacts/Contacts.ts +++ b/packages/server/src/api/controllers/Contacts/Contacts.ts @@ -56,7 +56,7 @@ export default class ContactsController extends BaseController { */ get autocompleteQuerySchema() { return [ - query('column_sort_by').optional().trim().escape(), + query('column_sort_by').optional().trim(), query('sort_order').optional().isIn(['desc', 'asc']), query('stringified_filter_roles').optional().isJSON(), @@ -122,32 +122,27 @@ export default class ContactsController extends BaseController { .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('first_name') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('last_name') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('company_name') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('display_name') .exists() .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('email') @@ -165,120 +160,101 @@ export default class ContactsController extends BaseController { .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('personal_phone') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_1') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_2') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_city') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_country') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_email') .optional({ nullable: true }) .isString() .isEmail() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_postcode') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_phone') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('billing_address_state') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_1') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_2') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_city') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_country') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_email') .optional({ nullable: true }) .isString() .isEmail() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_postcode') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_phone') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('shipping_address_state') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('note') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('active').optional().isBoolean().toBoolean(), ]; diff --git a/packages/server/src/api/controllers/Contacts/Customers.ts b/packages/server/src/api/controllers/Contacts/Customers.ts index 41fafdd67..19edc3817 100644 --- a/packages/server/src/api/controllers/Contacts/Customers.ts +++ b/packages/server/src/api/controllers/Contacts/Customers.ts @@ -106,11 +106,7 @@ export default class CustomersController extends ContactsController { */ get customerDTOSchema() { return [ - check('customer_type') - .exists() - .isIn(['business', 'individual']) - .trim() - .escape(), + check('customer_type').exists().isIn(['business', 'individual']).trim(), ]; } @@ -123,7 +119,6 @@ export default class CustomersController extends ContactsController { .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: 3 }), ]; } @@ -133,7 +128,7 @@ export default class CustomersController extends ContactsController { */ get validateListQuerySchema() { return [ - query('column_sort_by').optional().trim().escape(), + query('column_sort_by').optional().trim(), query('sort_order').optional().isIn(['desc', 'asc']), query('page').optional().isNumeric().toInt(), diff --git a/packages/server/src/api/controllers/Contacts/Vendors.ts b/packages/server/src/api/controllers/Contacts/Vendors.ts index 8ed06d703..78c5c6fb4 100644 --- a/packages/server/src/api/controllers/Contacts/Vendors.ts +++ b/packages/server/src/api/controllers/Contacts/Vendors.ts @@ -106,7 +106,6 @@ export default class VendorsController extends ContactsController { .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ min: 3, max: 3 }), ]; } diff --git a/packages/server/src/api/controllers/Currencies.ts b/packages/server/src/api/controllers/Currencies.ts index ba328a78a..e73a09572 100644 --- a/packages/server/src/api/controllers/Currencies.ts +++ b/packages/server/src/api/controllers/Currencies.ts @@ -67,7 +67,7 @@ export default class CurrenciesController extends BaseController { } get currencyParamSchema(): ValidationChain[] { - return [param('currency_code').exists().trim().escape()]; + return [param('currency_code').exists().trim()]; } get listSchema(): ValidationChain[] { @@ -187,11 +187,13 @@ export default class CurrenciesController extends BaseController { } if (error.errorType === 'currency_code_exists') { return res.boom.badRequest(null, { - errors: [{ - type: 'CURRENCY_CODE_EXISTS', - message: 'The given currency code is already exists.', - code: 200, - }], + errors: [ + { + type: 'CURRENCY_CODE_EXISTS', + message: 'The given currency code is already exists.', + code: 200, + }, + ], }); } if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') { diff --git a/packages/server/src/api/controllers/Expenses/Expenses.ts b/packages/server/src/api/controllers/Expenses/Expenses.ts index b9257a6bd..29a633096 100644 --- a/packages/server/src/api/controllers/Expenses/Expenses.ts +++ b/packages/server/src/api/controllers/Expenses/Expenses.ts @@ -89,7 +89,6 @@ export class ExpensesController extends BaseController { check('reference_no') .optional({ nullable: true }) .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('payment_date').exists().isISO8601().toDate(), check('payment_account_id') @@ -123,7 +122,6 @@ export class ExpensesController extends BaseController { check('categories.*.description') .optional() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('categories.*.landed_cost').optional().isBoolean().toBoolean(), check('categories.*.project_id') @@ -144,7 +142,6 @@ export class ExpensesController extends BaseController { check('reference_no') .optional({ nullable: true }) .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('payment_date').exists().isISO8601().toDate(), check('payment_account_id') @@ -179,7 +176,6 @@ export class ExpensesController extends BaseController { check('categories.*.description') .optional() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('categories.*.landed_cost').optional().isBoolean().toBoolean(), check('categories.*.project_id') diff --git a/packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts b/packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts index 7fccd76f1..4437c4bf3 100644 --- a/packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts +++ b/packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts @@ -1,9 +1,7 @@ import { query } from 'express-validator'; -import BaseController from "../BaseController"; +import BaseController from '../BaseController'; export default class BaseFinancialReportController extends BaseController { - - get sheetNumberFormatValidationSchema() { return [ query('number_format.precision') @@ -19,8 +17,7 @@ export default class BaseFinancialReportController extends BaseController { query('number_format.negative_format') .optional() .isIn(['parentheses', 'mines']) - .trim() - .escape(), + .trim(), ]; } -} \ No newline at end of file +} diff --git a/packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts b/packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts index 3288ee847..580be59b1 100644 --- a/packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts +++ b/packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts @@ -51,8 +51,7 @@ export default class InventoryDetailsController extends BaseController { query('number_format.negative_format') .optional() .isIn(['parentheses', 'mines']) - .trim() - .escape(), + .trim(), query('from_date').optional(), query('to_date').optional(), diff --git a/packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts b/packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts index 561f69329..b06d37449 100644 --- a/packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts +++ b/packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts @@ -36,7 +36,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle return [ query('from_date').optional().isISO8601(), query('to_date').optional().isISO8601(), - query('transaction_type').optional().trim().escape(), + query('transaction_type').optional().trim(), query('transaction_id').optional().isInt().toInt(), oneOf( [ diff --git a/packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts b/packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts index d11c6004c..db679253c 100644 --- a/packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts +++ b/packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts @@ -40,8 +40,7 @@ export default class TransactionsByReferenceController extends BaseController { query('number_format.negative_format') .optional() .isIn(['parentheses', 'mines']) - .trim() - .escape(), + .trim(), ]; } diff --git a/packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts b/packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts index 40b1744ff..8fc41cada 100644 --- a/packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts +++ b/packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts @@ -86,7 +86,7 @@ export default class InventoryAdjustmentsController extends BaseController { */ get validateListQuerySchema() { return [ - query('column_sort_by').optional().trim().escape(), + query('column_sort_by').optional().trim(), query('sort_order').optional().isIn(['desc', 'asc']), query('page').optional().isNumeric().toInt(), diff --git a/packages/server/src/api/controllers/InviteUsers.ts b/packages/server/src/api/controllers/InviteUsers.ts index a594cdb97..b17e1ec02 100644 --- a/packages/server/src/api/controllers/InviteUsers.ts +++ b/packages/server/src/api/controllers/InviteUsers.ts @@ -25,7 +25,7 @@ export default class InviteUsersController extends BaseController { router.post( '/send', [ - body('email').exists().trim().escape(), + body('email').exists().trim(), body('role_id').exists().isNumeric().toInt(), ], this.validationResult, @@ -57,7 +57,7 @@ export default class InviteUsersController extends BaseController { ); router.get( '/invited/:token', - [param('token').exists().trim().escape()], + [param('token').exists().trim()], this.validationResult, asyncMiddleware(this.invited.bind(this)), this.handleServicesError @@ -72,10 +72,10 @@ export default class InviteUsersController extends BaseController { */ private get inviteUserDTO() { return [ - check('first_name').exists().trim().escape(), - check('last_name').exists().trim().escape(), - check('password').exists().trim().escape().isLength({ min: 5 }), - param('token').exists().trim().escape(), + check('first_name').exists().trim(), + check('last_name').exists().trim(), + check('password').exists().trim().isLength({ min: 5 }), + param('token').exists().trim(), ]; } diff --git a/packages/server/src/api/controllers/ItemCategories.ts b/packages/server/src/api/controllers/ItemCategories.ts index 9310ebc02..0e1349d86 100644 --- a/packages/server/src/api/controllers/ItemCategories.ts +++ b/packages/server/src/api/controllers/ItemCategories.ts @@ -73,13 +73,11 @@ export default class ItemsCategoriesController extends BaseController { check('name') .exists() .trim() - .escape() .isLength({ min: 0, max: DATATYPES_LENGTH.STRING }), check('description') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('sell_account_id') .optional({ nullable: true }) @@ -101,9 +99,8 @@ export default class ItemsCategoriesController extends BaseController { */ get categoriesListValidationSchema() { return [ - query('column_sort_by').optional().trim().escape(), - query('sort_order').optional().trim().escape().isIn(['desc', 'asc']), - + query('column_sort_by').optional().trim(), + query('sort_order').optional().trim().isIn(['desc', 'asc']), query('stringified_filter_roles').optional().isJSON(), ]; } @@ -207,14 +204,12 @@ export default class ItemsCategoriesController extends BaseController { }; try { - const { - itemCategories, - filterMeta, - } = await this.itemCategoriesService.getItemCategoriesList( - tenantId, - itemCategoriesFilter, - user - ); + const { itemCategories, filterMeta } = + await this.itemCategoriesService.getItemCategoriesList( + tenantId, + itemCategoriesFilter, + user + ); return res.status(200).send({ item_categories: itemCategories, filter_meta: this.transfromToResponse(filterMeta), diff --git a/packages/server/src/api/controllers/Items/Items.ts b/packages/server/src/api/controllers/Items/Items.ts index a77f991e9..814358fd2 100644 --- a/packages/server/src/api/controllers/Items/Items.ts +++ b/packages/server/src/api/controllers/Items/Items.ts @@ -96,13 +96,11 @@ export default class ItemsController extends BaseController { .exists() .isString() .trim() - .escape() .isIn(['service', 'non-inventory', 'inventory']), check('code') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), // Purchase attributes. check('purchasable').optional().isBoolean().toBoolean(), @@ -141,13 +139,11 @@ export default class ItemsController extends BaseController { .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('purchase_description') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(), check('purchase_tax_rate_id') @@ -162,7 +158,6 @@ export default class ItemsController extends BaseController { .optional() .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('active').optional().isBoolean().toBoolean(), @@ -184,7 +179,7 @@ export default class ItemsController extends BaseController { */ private get validateListQuerySchema() { return [ - query('column_sort_by').optional().trim().escape(), + query('column_sort_by').optional().trim(), query('sort_order').optional().isIn(['desc', 'asc']), query('page').optional().isNumeric().toInt(), diff --git a/packages/server/src/api/controllers/ManualJournals.ts b/packages/server/src/api/controllers/ManualJournals.ts index 5ebc57176..c04a85821 100644 --- a/packages/server/src/api/controllers/ManualJournals.ts +++ b/packages/server/src/api/controllers/ManualJournals.ts @@ -94,25 +94,21 @@ export default class ManualJournalsController extends BaseController { .optional() .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('journal_type') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('reference') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.STRING }), check('description') .optional({ nullable: true }) .isString() .trim() - .escape() .isLength({ max: DATATYPES_LENGTH.TEXT }), check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('publish').optional().isBoolean().toBoolean(), @@ -163,7 +159,7 @@ export default class ManualJournalsController extends BaseController { query('page_size').optional().isNumeric().toInt(), query('custom_view_id').optional().isNumeric().toInt(), - query('column_sort_by').optional().trim().escape(), + query('column_sort_by').optional().trim(), query('sort_order').optional().isIn(['desc', 'asc']), query('stringified_filter_roles').optional().isJSON(), diff --git a/packages/server/src/api/controllers/Media.ts b/packages/server/src/api/controllers/Media.ts index 70fbc0347..16b578c0d 100644 --- a/packages/server/src/api/controllers/Media.ts +++ b/packages/server/src/api/controllers/Media.ts @@ -61,15 +61,14 @@ export default class MediaController extends BaseController { get uploadValidationSchema() { return [ - // check('attachment'), - check('model_name').optional().trim().escape(), - check('model_id').optional().isNumeric().toInt(), + check('model_name').optional().trim(), + check('model_id').optional().isNumeric(), ]; } get linkValidationSchema() { return [ - check('model_name').exists().trim().escape(), + check('model_name').exists().trim(), check('model_id').exists().isNumeric().toInt(), ] } diff --git a/packages/server/src/api/controllers/Organization.ts b/packages/server/src/api/controllers/Organization.ts index c50f10fef..9d041f9d1 100644 --- a/packages/server/src/api/controllers/Organization.ts +++ b/packages/server/src/api/controllers/Organization.ts @@ -62,7 +62,7 @@ export default class OrganizationController extends BaseController { private get commonOrganizationValidationSchema(): ValidationChain[] { return [ check('name').exists().trim(), - check('industry').optional({ nullable: true }).isString().trim().escape(), + check('industry').optional({ nullable: true }).isString().trim(), check('location').exists().isString().isISO31661Alpha2(), check('base_currency').exists().isISO4217(), check('timezone').exists().isIn(moment.tz.names()), @@ -87,11 +87,7 @@ export default class OrganizationController extends BaseController { private get updateOrganizationValidationSchema(): ValidationChain[] { return [ ...this.commonOrganizationValidationSchema, - check('tax_number') - .optional({ nullable: true }) - .isString() - .trim() - .escape(), + check('tax_number').optional({ nullable: true }).isString().trim(), ]; } diff --git a/packages/server/src/api/controllers/Purchases/Bills.ts b/packages/server/src/api/controllers/Purchases/Bills.ts index 7a013f5cc..7248c97df 100644 --- a/packages/server/src/api/controllers/Purchases/Bills.ts +++ b/packages/server/src/api/controllers/Purchases/Bills.ts @@ -100,8 +100,8 @@ export default class BillsController extends BaseController { */ private get billValidationSchema() { return [ - check('bill_number').exists().trim().escape(), - check('reference_no').optional().trim().escape(), + check('bill_number').exists().trim(), + check('reference_no').optional().trim(), check('bill_date').exists().isISO8601(), check('due_date').optional().isISO8601(), @@ -112,7 +112,7 @@ export default class BillsController extends BaseController { check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('project_id').optional({ nullable: true }).isNumeric().toInt(), - check('note').optional().trim().escape(), + check('note').optional().trim(), check('open').default(false).isBoolean().toBoolean(), check('is_inclusive_tax').default(false).isBoolean().toBoolean(), @@ -126,10 +126,7 @@ export default class BillsController extends BaseController { .optional({ nullable: true }) .isNumeric() .toFloat(), - check('entries.*.description') - .optional({ nullable: true }) - .trim() - .escape(), + check('entries.*.description').optional({ nullable: true }).trim(), check('entries.*.landed_cost') .optional({ nullable: true }) .isBoolean() @@ -141,7 +138,6 @@ export default class BillsController extends BaseController { check('entries.*.tax_code') .optional({ nullable: true }) .trim() - .escape() .isString(), check('entries.*.tax_rate_id') .optional({ nullable: true }) @@ -158,8 +154,8 @@ export default class BillsController extends BaseController { */ private get billEditValidationSchema() { return [ - check('bill_number').optional().trim().escape(), - check('reference_no').optional().trim().escape(), + check('bill_number').optional().trim(), + check('reference_no').optional().trim(), check('bill_date').exists().isISO8601(), check('due_date').optional().isISO8601(), @@ -170,7 +166,7 @@ export default class BillsController extends BaseController { check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('project_id').optional({ nullable: true }).isNumeric().toInt(), - check('note').optional().trim().escape(), + check('note').optional().trim(), check('open').default(false).isBoolean().toBoolean(), check('entries').isArray({ min: 1 }), @@ -184,10 +180,7 @@ export default class BillsController extends BaseController { .optional({ nullable: true }) .isNumeric() .toFloat(), - check('entries.*.description') - .optional({ nullable: true }) - .trim() - .escape(), + check('entries.*.description').optional({ nullable: true }).trim(), check('entries.*.landed_cost') .optional({ nullable: true }) .isBoolean() @@ -222,8 +215,8 @@ export default class BillsController extends BaseController { private get dueBillsListingValidationSchema() { return [ - query('vendor_id').optional().trim().escape(), - query('payment_made_id').optional().trim().escape(), + query('vendor_id').optional().trim(), + query('payment_made_id').optional().trim(), ]; } diff --git a/packages/server/src/api/controllers/Purchases/BillsPayments.ts b/packages/server/src/api/controllers/Purchases/BillsPayments.ts index 56804b513..b02f3d530 100644 --- a/packages/server/src/api/controllers/Purchases/BillsPayments.ts +++ b/packages/server/src/api/controllers/Purchases/BillsPayments.ts @@ -113,10 +113,10 @@ export default class BillsPayments extends BaseController { check('amount').exists().isNumeric().toFloat(), check('payment_account_id').exists().isNumeric().toInt(), - check('payment_number').optional({ nullable: true }).trim().escape(), + check('payment_number').optional({ nullable: true }).trim(), check('payment_date').exists(), - check('statement').optional().trim().escape(), - check('reference').optional().trim().escape(), + check('statement').optional().trim(), + check('reference').optional().trim(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('entries').exists().isArray(), diff --git a/packages/server/src/api/controllers/Purchases/VendorCredit.ts b/packages/server/src/api/controllers/Purchases/VendorCredit.ts index 9b3869302..26e3f85b9 100644 --- a/packages/server/src/api/controllers/Purchases/VendorCredit.ts +++ b/packages/server/src/api/controllers/Purchases/VendorCredit.ts @@ -156,13 +156,10 @@ export default class VendorCreditController extends BaseController { check('vendor_id').exists().isNumeric().toInt(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), - check('vendor_credit_number') - .optional({ nullable: true }) - .trim() - .escape(), - check('reference_no').optional().trim().escape(), + check('vendor_credit_number').optional({ nullable: true }).trim(), + check('reference_no').optional().trim(), check('vendor_credit_date').exists().isISO8601().toDate(), - check('note').optional().trim().escape(), + check('note').optional().trim(), check('open').default(false).isBoolean().toBoolean(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), @@ -178,10 +175,7 @@ export default class VendorCreditController extends BaseController { .optional({ nullable: true }) .isNumeric() .toFloat(), - check('entries.*.description') - .optional({ nullable: true }) - .trim() - .escape(), + check('entries.*.description').optional({ nullable: true }).trim(), check('entries.*.warehouse_id') .optional({ nullable: true }) .isNumeric() @@ -202,13 +196,10 @@ export default class VendorCreditController extends BaseController { check('vendor_id').exists().isNumeric().toInt(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), - check('vendor_credit_number') - .optional({ nullable: true }) - .trim() - .escape(), - check('reference_no').optional().trim().escape(), + check('vendor_credit_number').optional({ nullable: true }).trim(), + check('reference_no').optional().trim(), check('vendor_credit_date').exists().isISO8601().toDate(), - check('note').optional().trim().escape(), + check('note').optional().trim(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(), @@ -223,10 +214,7 @@ export default class VendorCreditController extends BaseController { .optional({ nullable: true }) .isNumeric() .toFloat(), - check('entries.*.description') - .optional({ nullable: true }) - .trim() - .escape(), + check('entries.*.description').optional({ nullable: true }).trim(), check('entries.*.warehouse_id') .optional({ nullable: true }) .isNumeric() diff --git a/packages/server/src/api/controllers/Resources.ts b/packages/server/src/api/controllers/Resources.ts index 9013a9a45..c22038087 100644 --- a/packages/server/src/api/controllers/Resources.ts +++ b/packages/server/src/api/controllers/Resources.ts @@ -18,9 +18,7 @@ export default class ResourceController extends BaseController { router.get( '/:resource_model/meta', - [ - param('resource_model').exists().trim().escape() - ], + [param('resource_model').exists().trim()], this.asyncMiddleware(this.resourceMeta.bind(this)), this.handleServiceErrors ); @@ -48,9 +46,7 @@ export default class ResourceController extends BaseController { resourceModel ); return res.status(200).send({ - resource_meta: this.transfromToResponse( - resourceMeta, - ), + resource_meta: this.transfromToResponse(resourceMeta), }); } catch (error) { next(error); diff --git a/packages/server/src/api/controllers/Sales/CreditNotes.ts b/packages/server/src/api/controllers/Sales/CreditNotes.ts index 9b9553323..95d18b553 100644 --- a/packages/server/src/api/controllers/Sales/CreditNotes.ts +++ b/packages/server/src/api/controllers/Sales/CreditNotes.ts @@ -210,9 +210,9 @@ export default class PaymentReceivesController extends BaseController { check('credit_note_date').exists().isISO8601().toDate(), check('reference_no').optional(), - check('credit_note_number').optional({ nullable: true }).trim().escape(), - check('note').optional().trim().escape(), - check('terms_conditions').optional().trim().escape(), + check('credit_note_number').optional({ nullable: true }).trim(), + check('note').optional().trim(), + check('terms_conditions').optional().trim(), check('open').default(false).isBoolean().toBoolean(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), @@ -228,10 +228,7 @@ export default class PaymentReceivesController extends BaseController { .optional({ nullable: true }) .isNumeric() .toFloat(), - check('entries.*.description') - .optional({ nullable: true }) - .trim() - .escape(), + check('entries.*.description').optional({ nullable: true }).trim(), check('entries.*.warehouse_id') .optional({ nullable: true }) .isNumeric() diff --git a/packages/server/src/api/controllers/Sales/PaymentReceives.ts b/packages/server/src/api/controllers/Sales/PaymentReceives.ts index bdb71ce14..b1a40dd7b 100644 --- a/packages/server/src/api/controllers/Sales/PaymentReceives.ts +++ b/packages/server/src/api/controllers/Sales/PaymentReceives.ts @@ -154,8 +154,8 @@ export default class PaymentReceivesController extends BaseController { check('payment_date').exists(), check('reference_no').optional(), check('deposit_account_id').exists().isNumeric().toInt(), - check('payment_receive_no').optional({ nullable: true }).trim().escape(), - check('statement').optional().trim().escape(), + check('payment_receive_no').optional({ nullable: true }).trim(), + check('statement').optional().trim(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(), @@ -176,7 +176,6 @@ export default class PaymentReceivesController extends BaseController { private get validatePaymentReceiveList(): ValidationChain[] { return [ query('stringified_filter_roles').optional().isJSON(), - query('view_slug').optional({ nullable: true }).isString().trim(), query('column_sort_by').optional(), diff --git a/packages/server/src/api/controllers/Sales/SalesEstimates.ts b/packages/server/src/api/controllers/Sales/SalesEstimates.ts index 4bbcee9bb..b1808006f 100644 --- a/packages/server/src/api/controllers/Sales/SalesEstimates.ts +++ b/packages/server/src/api/controllers/Sales/SalesEstimates.ts @@ -155,7 +155,7 @@ export default class SalesEstimatesController extends BaseController { check('estimate_date').exists().isISO8601().toDate(), check('expiration_date').exists().isISO8601().toDate(), check('reference').optional(), - check('estimate_number').optional().trim().escape(), + check('estimate_number').optional().trim(), check('delivered').default(false).isBoolean().toBoolean(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), @@ -170,8 +170,7 @@ export default class SalesEstimatesController extends BaseController { check('entries.*.rate').exists().isNumeric().toFloat(), check('entries.*.description') .optional({ nullable: true }) - .trim() - .escape(), + .trim(), check('entries.*.discount') .optional({ nullable: true }) .isNumeric() @@ -181,9 +180,9 @@ export default class SalesEstimatesController extends BaseController { .isNumeric() .toInt(), - check('note').optional().trim().escape(), - check('terms_conditions').optional().trim().escape(), - check('send_to_email').optional().trim().escape(), + check('note').optional().trim(), + check('terms_conditions').optional().trim(), + check('send_to_email').optional().trim(), check('attachments').isArray().optional(), check('attachments.*.key').exists().isString(), diff --git a/packages/server/src/api/controllers/Sales/SalesInvoices.ts b/packages/server/src/api/controllers/Sales/SalesInvoices.ts index 70fbdae6b..0b2bc948f 100644 --- a/packages/server/src/api/controllers/Sales/SalesInvoices.ts +++ b/packages/server/src/api/controllers/Sales/SalesInvoices.ts @@ -200,12 +200,12 @@ export default class SaleInvoicesController extends BaseController { check('customer_id').exists().isNumeric().toInt(), check('invoice_date').exists().isISO8601().toDate(), check('due_date').exists().isISO8601().toDate(), - check('invoice_no').optional().trim().escape(), - check('reference_no').optional().trim().escape(), + check('invoice_no').optional().trim(), + check('reference_no').optional().trim(), check('delivered').default(false).isBoolean().toBoolean(), - check('invoice_message').optional().trim().escape(), - check('terms_conditions').optional().trim().escape(), + check('invoice_message').optional().trim(), + check('terms_conditions').optional().trim(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), @@ -226,12 +226,10 @@ export default class SaleInvoicesController extends BaseController { .toFloat(), check('entries.*.description') .optional({ nullable: true }) - .trim() - .escape(), + .trim(), check('entries.*.tax_code') .optional({ nullable: true }) .trim() - .escape() .isString(), check('entries.*.tax_rate_id') .optional({ nullable: true }) diff --git a/packages/server/src/api/controllers/Sales/SalesReceipts.ts b/packages/server/src/api/controllers/Sales/SalesReceipts.ts index ceeea9fe7..ba2376568 100644 --- a/packages/server/src/api/controllers/Sales/SalesReceipts.ts +++ b/packages/server/src/api/controllers/Sales/SalesReceipts.ts @@ -130,8 +130,8 @@ export default class SalesReceiptsController extends BaseController { check('deposit_account_id').exists().isNumeric().toInt(), check('receipt_date').exists().isISO8601(), - check('receipt_number').optional().trim().escape(), - check('reference_no').optional().trim().escape(), + check('receipt_number').optional().trim(), + check('reference_no').optional().trim(), check('closed').default(false).isBoolean().toBoolean(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), @@ -150,14 +150,13 @@ export default class SalesReceiptsController extends BaseController { .toInt(), check('entries.*.description') .optional({ nullable: true }) - .trim() - .escape(), + .trim(), check('entries.*.warehouse_id') .optional({ nullable: true }) .isNumeric() .toInt(), - check('receipt_message').optional().trim().escape(), - check('statement').optional().trim().escape(), + check('receipt_message').optional().trim(), + check('statement').optional().trim(), check('attachments').isArray().optional(), check('attachments.*.key').exists().isString(), ]; diff --git a/packages/server/src/api/controllers/Settings/Settings.ts b/packages/server/src/api/controllers/Settings/Settings.ts index 998257cf9..b776bdcf9 100644 --- a/packages/server/src/api/controllers/Settings/Settings.ts +++ b/packages/server/src/api/controllers/Settings/Settings.ts @@ -52,10 +52,7 @@ export default class SettingsController extends BaseController { * Retrieve the application options from the storage. */ private get getSettingsSchema() { - return [ - query('key').optional().trim().escape(), - query('group').optional().trim().escape(), - ]; + return [query('key').optional().trim(), query('group').optional().trim()]; } /** diff --git a/packages/server/src/api/controllers/Views.ts b/packages/server/src/api/controllers/Views.ts index 91c62e76a..b21b63751 100644 --- a/packages/server/src/api/controllers/Views.ts +++ b/packages/server/src/api/controllers/Views.ts @@ -32,7 +32,7 @@ export default class ViewsController extends BaseController { * Custom views list validation schema. */ get viewsListSchemaValidation() { - return [param('resource_model').exists().trim().escape()]; + return [param('resource_model').exists().trim()]; } /**