[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-8570":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":34,"discoverSource":35},8570,"InvoicePlane","InvoicePlane\u002FInvoicePlane","A self-hosted open source application for managing your invoices, clients and payments.","https:\u002F\u002Fwww.invoiceplane.com",null,"PHP",3063,864,134,54,0,2,22,30.81,"Other",false,"develop",[23,24,25,26,27,28,29,30],"billing","codeigniter","crm","invoiceplane","invoices","invoicing","open-source","php","2026-06-12 02:01:55","\u003Cimg align=\"right\" alt=\"InvoicePlane logo\" src=\"\u002Fassets\u002Fcore\u002Fimg\u002Ffavicon.png\">\n\n# _InvoicePlane_\n\n\u003Cdiv align=\"center\">\n\n_A libre self-hosted web application designed to help you manage invoices, clients, and payments efficiently._\n\n\u003Cbr>\n\n[![Curent version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fdynamic\u002Fjson.svg?label=Current%20Version&url=https%3A%2F%2Fapi.github.com%2Frepos%2FInvoicePlane%2FInvoicePlane%2Freleases%2Flatest&query=%24.name&colorB=%23429ae1)](https:\u002F\u002Fwww.invoiceplane.com\u002F)\n[![Downloads](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdownloads\u002Finvoiceplane\u002Finvoiceplane\u002Ftotal?colorB=%23429ae1)](https:\u002F\u002Fwww.invoiceplane.com\u002F)\n[![Translation](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTranslations-%40%20Crowdin-429ae1)](https:\u002F\u002Ftranslations.invoiceplane.com\u002Fproject\u002Ffusioninvoice)\n\n\u003Cbr>\n\n[![Wiki](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHelp%3A-Official%20Wiki-429ae1.svg)](https:\u002F\u002Fwiki.invoiceplane.com\u002F)\n[![Community Forums](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHelp%3A-Community%20Forums-429ae1.svg)](https:\u002F\u002Fcommunity.invoiceplane.com\u002F)\n[![Issue Tracker](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDevelopment%3A-Issue%20Tracker-429ae1.svg)](https:\u002F\u002Fgithub.com\u002Finvoiceplane\u002Finvoiceplane\u002Fissues\u002F)\n[![Contribution Guide](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDevelopment%3A-Contribution%20Guide-429ae1.svg)](CONTRIBUTING.md)\n\n\u003C\u002Fdiv>\n\n---\n\n## What's New in Version 1.7.0\n\n**InvoicePlane 1.7.0** brings PHP 8.2+ compatibility and critical security enhancements to keep your financial data safe.\n\n### Major Improvements\n\n- **PHP 8.2+ Compatibility:** Full support for modern PHP versions (8.1, 8.2, 8.3+)\n- **Enhanced Security:** Multiple security vulnerabilities have been addressed:\n  - Fixed Cross-Site Scripting (XSS) vulnerabilities across templates and user inputs\n  - Resolved Local File Inclusion (LFI) vulnerabilities in PDF generation\n  - Patched log poisoning vulnerability in file upload handling\n- **SVG Logo Protection:** SVG uploads are now blocked to prevent embedded script execution (see details below)\n- **Updated Dependencies:** All PHP packages updated for compatibility and security\n\n### Issues Fixed in Version 1.7.0\n\n**Security Fixes:**\n- #1433 - Local File Inclusion (LFI) vulnerabilities in PDF template handling (Post-v1.7.0 tag)\n- #1388, #1387 - Unsafe jQuery plugin vulnerabilities (Code scanning alerts)\n- #1383 - File access vulnerabilities across all controllers\n- Security fixes for XSS vulnerabilities (multiple fields sanitized - see CHANGELOG.md)\n- Security fix for log poisoning in file upload handling\n\n**Bug Fixes and Improvements:**\n- #1389 - Workflow permissions in GitHub Actions\n- #1381 - E-invoicing field migration and version checking\n- #1380 - Dependency update (qs package bump)\n- #1377 - QR code image width reduced to 100px\n- #1375 - Email address verification now supports comma and semicolon separators\n- #1373 - Removed deprecated library dependencies\n- #1367, #1368 - Various bug fixes\n\n### Fields Sanitized for Security\n\nThe following fields have been sanitized to prevent XSS attacks:\n- Quote and invoice number fields (all templates)\n- Tax rate names\n- Payment method names\n- Custom field labels\n- Client addresses\n- Sumex observations\n- Quote notes and passwords\n- Email template content\n- File names in upload logging (prevents log poisoning)\n\n### Upgrading from Version 1.6.x\n\nIf you're upgrading from InvoicePlane 1.6.x:\n\n1. **Backup your data** - Create a full backup of your database and files\n2. **Check PHP version** - Ensure your server runs PHP 8.1 or higher\n3. **Update files** - Replace all application files with the new version\n4. **Run migrations** - Visit `\u002Findex.php\u002Fsetup` to apply database updates\n5. **Review logo settings** - If using an SVG logo, convert it to PNG\u002FJPG (see SVG notice below)\n\nFor detailed upgrade instructions, visit the [InvoicePlane Wiki](https:\u002F\u002Fwiki.invoiceplane.com\u002F).\n\n> **Full Release Notes:** See [CHANGELOG.md](CHANGELOG.md) for a complete list of changes, security fixes, and improvements.\n\n---\n\n## Key Features\n\n- **Invoice & Quote Management:** Create, send, and manage professional invoices and quotes effortlessly.\n- **Client Management:** Maintain detailed client records, including contact information and transaction history.\n- **Payment Tracking:** Monitor payments, set up reminders, and integrate with multiple payment gateways.\n- **Customization:** Tailor templates, themes, and settings to match your brand preferences.\n- **Reporting:** Generate insightful reports to track your financial performance.\n\n---\n\n## Getting Started\n\nTo get started with InvoicePlane, you have several options depending on your needs:\n\n### Quick Start with Docker (Recommended for Development)\n\nThe easiest way to get InvoicePlane running locally is with Docker:\n\n```bash\n# Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002FInvoicePlane\u002FInvoicePlane.git\ncd InvoicePlane\n\n# Install dependencies\ncomposer install\nyarn install\nyarn build\n\n# Configure the application\ncp ipconfig.php.example ipconfig.php\n# Edit ipconfig.php to set your database connection (use settings from docker-compose.yml)\n\n# Start Docker containers (PHP 8.2, MariaDB, nginx, phpMyAdmin)\ndocker-compose up -d\n\n# Access the application\n# InvoicePlane: http:\u002F\u002Flocalhost\n# phpMyAdmin: http:\u002F\u002Flocalhost:8081\n```\n\n### Production Installation\n\nFor production deployments:\n\n1. **Download the Latest Version:**\n   - Visit the [InvoicePlane website](https:\u002F\u002Fwww.invoiceplane.com\u002F) to download the latest release.\n\n2. **Extract and Upload:**\n   - Extract the downloaded package and upload the files to your web server or hosting environment.\n\n3. **Configuration:**\n   - Duplicate `ipconfig.php.example` and rename it to `ipconfig.php`.\n   - Open `ipconfig.php` in a text editor and set your base URL and database credentials.\n\n4. **Run the Installer:**\n   - Navigate to `http:\u002F\u002Fyour-domain.com\u002Findex.php\u002Fsetup` in your browser and follow the on-screen instructions to complete the installation.\n\nFor a **detailed installation guide**, including prerequisites and troubleshooting tips, refer to [INSTALLATION.md](INSTALLATION.md).\n\n---\n\n## Removing `index.php` from URLs (Optional)\n\nTo remove `index.php` from your URLs:\n\n1. **Enable mod_rewrite:**\n   - Ensure the `mod_rewrite` module is enabled on your web server.\n\n2. **Update Configuration:**\n   - Set `REMOVE_INDEXPHP` to `true` in your `ipconfig.php` file.\n\n3. **Rename `.htaccess`:**\n   - Rename the `htaccess` file in the root directory to `.htaccess`.\n\n> **Note:** If you experience issues after making these changes, revert to the default settings by undoing the steps above.\n\n---\n\n## Container Deployment\n\n> [!WARNING]\n> The container always uses the new calculation.\n\nA pre-built container image is available. Configuration is provided entirely through environment variables — no `ipconfig.php` file is needed. The entrypoint generates the configuration and runs any pending database migrations automatically on startup.\n\n### Required environment variables\n\n| Variable | Description |\n|---|---|\n| `IP_URL` | Public base URL without trailing slash, e.g. `https:\u002F\u002Finvoices.example.com` |\n| `DB_HOSTNAME` | Database host |\n| `DB_USERNAME` | Database user |\n| `DB_PASSWORD` | Database password |\n| `DB_DATABASE` | Database name |\n| `ENCRYPTION_KEY` | Secret key for encrypted data — generate with `openssl rand -base64 32` |\n\n### Optional environment variables\n\n| Variable | Default | Description |\n|---|---|---|\n| `DB_PORT` | `3306` | Database port |\n| `CI_ENV` | `production` | Set to `development` to show all PHP errors |\n| `ENABLE_DEBUG` | `false` | Enable advanced debug logging |\n| `CUSTOM_TEMPLATES_FOLDER` | `\u002Fvar\u002Fwww\u002Fhtml\u002Ftemplates\u002F` | Absolute path to a directory of custom invoice\u002Fquote templates. Mount a volume at the chosen path and set this variable to point at it. The directory should mirror the built-in structure: `invoice_templates\u002Fpdf\u002F`, `invoice_templates\u002Fpublic\u002F`, `quote_templates\u002Fpdf\u002F`, `quote_templates\u002Fpublic\u002F`. Templates here are listed alongside the built-in ones and take precedence when they share a name. |\n| `SESS_EXPIRATION` | `864000` | Session lifetime in seconds (0 = expire on browser close) |\n| `SESS_MATCH_IP` | `true` | Tie sessions to the client IP address |\n| `SESS_REGENERATE_DESTROY` | `false` | Destroy the old session on regeneration |\n| `X_FRAME_OPTIONS` | `SAMEORIGIN` | Value for the `X-Frame-Options` response header |\n| `ENABLE_X_CONTENT_TYPE_OPTIONS` | `true` | Send the `X-Content-Type-Options: nosniff` header |\n| `LEGACY_CALCULATION` | `false` | Use the classic tax\u002Fdiscount calculation mode. Set to `false` for simple per-item tax calculation (required for valid e-invoice XML output) |\n| `ENABLE_INVOICE_DELETION` | `false` | Allow invoices to be deleted |\n| `DISABLE_READ_ONLY` | `false` | Disable the read-only mode for sent invoices |\n| `PASSWORD_RESET_IP_MAX_ATTEMPTS` | `5` | Max password reset attempts per IP within the time window |\n| `PASSWORD_RESET_IP_WINDOW_MINUTES` | `60` | Time window in minutes for IP-based reset rate limiting |\n| `PASSWORD_RESET_EMAIL_MAX_ATTEMPTS` | `3` | Max password reset attempts per email within the time window |\n| `PASSWORD_RESET_EMAIL_WINDOW_HOURS` | `1` | Time window in hours for email-based reset rate limiting |\n| `SUMEX_SETTINGS` | `false` | Enable Swiss medical invoice (Sumex) customizations |\n| `SUMEX_URL` | — | URL to post Sumex XML to in order to receive a generated PDF |\n| `ENCRYPTION_CIPHER` | `AES-256` | Cipher used for encrypted data |\n\n### Default admin user\n\nOn first startup, if no users exist in the database, the entrypoint automatically creates an admin account. The credentials can be set via environment variables; any omitted value falls back to a safe default.\n\n| Variable | Default | Description |\n|---|---|---|\n| `DEFAULT_LANGUAGE` | `english` | Default language for the application (e.g. `english`, `german`, `french`). Only applied on fresh installs; changing it after the first run has no effect. |\n| `DEFAULT_ADMIN_EMAIL` | `admin@localhost` | Email address for the default admin account |\n| `DEFAULT_ADMIN_PASSWORD` | *(random)* | Password for the default admin account. If unset, a random 24-character password is generated and printed to the container log on first startup. |\n| `DEFAULT_ADMIN_NAME` | `admin` | Display name for the default admin account |\n\n> **Note:** User creation is skipped on every subsequent startup once at least one user exists, so changing these variables after the initial run has no effect.\n\n### Persistent volumes\n\nMount volumes for any data that must survive container restarts:\n\n| Path | Contents |\n|---|---|\n| `\u002Fvar\u002Fwww\u002Fhtml\u002Fuploads` | Client files, logos, and imported documents |\n| `\u002Fvar\u002Fwww\u002Fhtml\u002Fstorage` | Framework cache and log files |\n\n---\n\n## Community and Support\n\nJoin our vibrant community for support, discussions, and contributions:\n\n- **Community Forums:** [InvoicePlane Forums](https:\u002F\u002Fcommunity.invoiceplane.com\u002F) - Ask questions, share knowledge, and get help from the community.\n- **Discord:** [Join our Discord](https:\u002F\u002Fdiscord.gg\u002FPPzD2hTrXt) - Chat with users, developers, and contributors in real time.\n- **Issue Tracker:** [GitHub Issues](https:\u002F\u002Fgithub.com\u002FInvoicePlane\u002FInvoicePlane\u002Fissues) - Report bugs and request features.\n- **Wiki & Documentation:** [InvoicePlane Wiki](https:\u002F\u002Fwiki.invoiceplane.com\u002F) - Find guides, FAQs, and detailed setup instructions.\n\n> *InvoicePlane is developed and maintained by a dedicated team of volunteers. Support is provided by the community on a best-effort basis.*\n\n---\n\n## Contributing\n\nWe welcome contributions from the community! To get involved:\n\n- **Report Issues:** Use the [Issue Tracker](https:\u002F\u002Fgithub.com\u002FInvoicePlane\u002FInvoicePlane\u002Fissues) to report bugs or request features.\n- **Submit Pull Requests:** Fork the repository, make your changes, and submit a pull request for review.\n\n- **Translate InvoicePlane:** Help translate the application into your language. Also see [Translations.md](TRANSLATIONS.md)\n\nFor detailed contribution guidelines, please see [CONTRIBUTING.md](CONTRIBUTING.md).\n\n### Developer Resources\n\n- **[Development Guidelines](.junie\u002Fguidelines.md)** - Comprehensive guide for developers\n- **[Copilot Instructions](.github\u002Fcopilot-instructions.md)** - GitHub Copilot context and patterns\n- **[Docker Setup](resources\u002Fdocker\u002FREADME.md)** - Docker configuration and usage guide\n\n---\n\n## Security Vulnerabilities\n\nIf you discover a security vulnerability, please email **[mail@invoiceplane.com](mailto:mail@invoiceplane.com)** before disclosing it publicly. We will address all security concerns promptly.\n\n### Important Security Notice: SVG Logo Files\n\n**As of this version, SVG (Scalable Vector Graphics) files are no longer supported for logo uploads due to security concerns.**\n\n#### Why were SVG files disabled?\n\nSVG files can contain embedded JavaScript code that could be exploited to perform Cross-Site Scripting (XSS) attacks. Since InvoicePlane handles sensitive financial data, we have taken a proactive security measure by blocking SVG uploads entirely.\n\n#### What file formats are supported?\n\nYou can upload logos in the following safe image formats:\n- **PNG** (recommended for logos with transparency)\n- **JPG\u002FJPEG** (recommended for photographs)\n- **GIF** (recommended for simple graphics)\n\n#### What happens to my existing SVG logo?\n\nIf you previously uploaded an SVG logo:\n- It will not display in the application (blocked for security)\n- A warning message will appear in the settings page\n- You can easily remove it and upload a replacement in a supported format\n\n#### How do I convert my SVG logo?\n\nYou can convert your SVG logo to PNG using free tools:\n\n1. **Online converters:**\n   - [CloudConvert](https:\u002F\u002Fcloudconvert.com\u002Fsvg-to-png)\n   - [Convertio](https:\u002F\u002Fconvertio.co\u002Fsvg-png\u002F)\n\n2. **Desktop software:**\n   - [Inkscape](https:\u002F\u002Finkscape.org\u002F) (free, open-source)\n   - Adobe Illustrator\n   - GIMP\n\n3. **Conversion steps in Inkscape:**\n   - Open your SVG file in Inkscape\n   - Go to File → Export PNG Image\n   - Set your desired resolution (300 DPI recommended)\n   - Click Export\n\n#### Need help?\n\nIf you have questions about logo formats or need assistance, please visit our [Community Forums](https:\u002F\u002Fcommunity.invoiceplane.com\u002F).\n\n---\n\n## License & Copyright\n\nInvoicePlane is licensed under the [MIT License](LICENSE.txt).\n\nThe **InvoicePlane name** and **logo** are copyrighted by [Kovah.de](https:\u002F\u002Fkovah.de\u002F) and [InvoicePlane.com](https:\u002F\u002Fwww.invoiceplane.com\u002F). Usage is restricted. For more information, visit [license & copyright](https:\u002F\u002Fwww.invoiceplane.com\u002Flicense-copyright).\n","InvoicePlane 是一个用于管理发票、客户和支付的自托管开源应用程序。它基于 PHP 开发，使用 CodeIgniter 框架构建，具备强大的账单管理、客户关系管理和在线支付处理功能。最新版本支持 PHP 8.2+，并进行了多项安全增强，包括修复了跨站脚本攻击（XSS）和本地文件包含（LFI）等漏洞，提升了系统的安全性与稳定性。适用于需要高效管理财务流程的小型企业或自由职业者，特别是那些偏好自托管解决方案以确保数据隐私和控制权的用户。","2026-06-11 03:18:40","top_language"]