if (!isset($_GET['menu_no_top'])) {
if ($_SESSION['isAdmin'] == 'Yes') {
$_GET['menu_no_top'] = "hr";
} else {
if ($_SESSION['isSupervisor']) {
$_GET['menu_no_top'] = "ess";
} else {
$_GET['menu_no_top'] = "ess";
}
}
}
/** Clean Get variables that are used in URLs in page */
$varsToClean = array('uniqcode', 'isAdmin', 'pageNo', 'id', 'repcode', 'reqcode', 'menu_no_top');
foreach ($varsToClean as $var) {
if (isset($_GET[$var])) {
$_GET[$var] = CommonFunctions::cleanAlphaNumericIdField($_GET[$var]);
}
}
/* For checking TimesheetPeriodStartDaySet status : Begins */
//This should be change using $timesheetPeriodService->isTimesheetPeriodDefined() method to support symfony version of the timesheet period
if (Config::getTimePeriodSet()) {
$_SESSION['timePeriodSet'] = 'Yes';
} else {
$_SESSION['timePeriodSet'] = 'No';
}
/* For checking TimesheetPeriodStartDaySet status : Ends */
if ($_SESSION['isAdmin'] == 'Yes') {
$rights = new Rights();
foreach ($arrAllRights as $moduleCode => $currRights) {
$arrAllRights[$moduleCode] = $rights->getRights($_SESSION['userGroup'], $moduleCode);
}
public function testCleanAlphaNumericIdField()
{
$this->assertEquals('223E3Ciframe3E3Cscript3Ealert28123293Cscript3E', CommonFunctions::cleanAlphaNumericIdField('%22%3E%3C/iframe%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'));
$this->assertEquals('alert123', CommonFunctions::cleanAlphaNumericIdField('"></iframe><script>alert(123);</script>'));
$this->assertEquals('1', CommonFunctions::cleanAlphaNumericIdField('1'));
$this->assertEquals('0721', CommonFunctions::cleanAlphaNumericIdField('0721'));
$this->assertEquals('EAC', CommonFunctions::cleanAlphaNumericIdField('EAC'));
$this->assertEquals('0', CommonFunctions::cleanAlphaNumericIdField('0'));
$this->assertEquals('X_1', CommonFunctions::cleanAlphaNumericIdField('X_1'));
$this->assertEquals('abc', CommonFunctions::cleanAlphaNumericIdField('abc'));
$this->assertEquals('aZ_920diz1', CommonFunctions::cleanAlphaNumericIdField('aZ_920%$@diz 1!'));
}
