projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed problem with too early SysPrefs reference.
[fa-stable.git]
/
includes
/
ui
/
ui_controls.inc
diff --git
a/includes/ui/ui_controls.inc
b/includes/ui/ui_controls.inc
index f2e76d1bd0928676d0a6aa18a96a0c20e3d0e286..e1c5ffccf2487d6ee1020c4be8b2ff4d4e216570 100644
(file)
--- a/
includes/ui/ui_controls.inc
+++ b/
includes/ui/ui_controls.inc
@@
-32,10
+32,15
@@
function get_post($name, $dflt='')
((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]);
}
//---------------------------------------------------------------------------------
((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]);
}
//---------------------------------------------------------------------------------
+$form_nested = -1;
function start_form($multi=false, $dummy=false, $action="", $name="")
{
// $dummy - leaved for compatibility with 2.0 API
function start_form($multi=false, $dummy=false, $action="", $name="")
{
// $dummy - leaved for compatibility with 2.0 API
+ global $form_nested;
+
+ if (++$form_nested) return;
+
if ($name != "")
$name = "name='$name'";
if ($name != "")
$name = "name='$name'";
@@
-53,11
+58,29
@@
function start_form($multi=false, $dummy=false, $action="", $name="")
function end_form($breaks=0)
{
function end_form($breaks=0)
{
+ global $Ajax, $form_nested;
+
+ if ($form_nested-- > 0) return;
+
+ $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true));
if ($breaks)
br($breaks);
if ($breaks)
br($breaks);
- echo "<input type=\"hidden\" name=\"_focus\" value=\"".get_post('_focus')."\">\n";
- echo "<input type=\"hidden\" name=\"_modified\" value=\"".get_post('_modified', 0)."\">\n";
+ hidden('_focus');
+ hidden('_modified', get_post('_modified', 0));
+ hidden('_token', $_SESSION['csrf_token']);
echo "</form>\n";
echo "</form>\n";
+ $Ajax->activate('_token');
+}
+
+function check_csrf_token()
+{
+ if ($_SESSION['csrf_token'] != @$_POST['_token'])
+ {
+ display_error(_("Request from outside of this page is forbidden."));
+ error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')');
+ return false;
+ }
+ return true;
}
function start_table($class=false, $extra="", $padding='2', $spacing='0')
}
function start_table($class=false, $extra="", $padding='2', $spacing='0')
@@
-150,7
+173,7
@@
function access_string($label, $clean=false)
return $clean ? $label : array($label, $access);
}
return $clean ? $label : array($label, $access);
}
-function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
+function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0
, $final=false
)
{
global $path_to_root;
{
global $path_to_root;
@@
-161,17
+184,17
@@
function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
{
include_once($path_to_root."/admin/db/attachments_db.inc");
$id = has_attachment($type_no, $trans_no);
{
include_once($path_to_root."/admin/db/attachments_db.inc");
$id = has_attachment($type_no, $trans_no);
- }
+ $attach = get_attachment_string($type_no, $trans_no);
+ echo $attach;
+ }
$width = ($id != 0 ? "30%" : "20%");
start_table(false, "width=$width");
start_row();
if ($no_menu)
{
$width = ($id != 0 ? "30%" : "20%");
start_table(false, "width=$width");
start_row();
if ($no_menu)
{
- if ($id != 0)
- echo "<td align=center><a href='$path_to_root/admin/attachments.php?vw=$id' target='blanc_'>"._("View Attachment")."</a></td>\n";
echo "<td align=center><a href='javascript:window.print();'>"._("Print")."</a></td>\n";
echo "<td align=center><a href='javascript:window.print();'>"._("Print")."</a></td>\n";
- }
- echo "<td align=center><a href='javascript:goBack();'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
+ }
+ echo "<td align=center><a href='javascript:goBack(
".($final ? '-2' : '')."
);'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
end_row();
end_table();
if ($center)
end_row();
end_table();
if ($center)
@@
-237,12
+260,12
@@
function submenu_option($title, $url, $id=null)
function submenu_view($title, $type, $number, $id=null)
{
function submenu_view($title, $type, $number, $id=null)
{
- display_note(get_trans_view_str($type, $number, $title, false, '
menu_option
', $id), 0, 1);
+ display_note(get_trans_view_str($type, $number, $title, false, '
viewlink
', $id), 0, 1);
}
function submenu_print($title, $type, $number, $id=null, $email=0, $extra=0)
{
}
function submenu_print($title, $type, $number, $id=null, $email=0, $extra=0)
{
- display_note(print_document_link($number, $title, true, $type, false, '
menu_option
', $id, $email, $extra), 0, 1);
+ display_note(print_document_link($number, $title, true, $type, false, '
printlink
', $id, $email, $extra), 0, 1);
}
//-----------------------------------------------------------------------------------
}
//-----------------------------------------------------------------------------------
@@
-290,18
+313,20
@@
function hyperlink_params_separate_td($target, $label, $params)
//--------------------------------------------------------------------------------------------------
//--------------------------------------------------------------------------------------------------
-function alt_table_row_color(&$k)
+function alt_table_row_color(&$k
, $extra_class=null
)
{
{
+ $classes = $extra_class ? array($extra_class) : array();
if ($k == 1)
{
if ($k == 1)
{
-
echo "<tr class='oddrow'>\n"
;
+
array_push($classes, 'oddrow')
;
$k = 0;
}
else
{
$k = 0;
}
else
{
-
echo "<tr class='evenrow'>\n"
;
+
array_push($classes, 'evenrow')
;
$k++;
}
$k++;
}
+ echo "<tr class='".implode(' ', $classes)."'>\n";
}
function table_section_title($msg, $colspan=2)
}
function table_section_title($msg, $colspan=2)
@@
-415,6
+440,15
@@
function tabbed_content_end() {
div_end(); // tabs widget
}
div_end(); // tabs widget
}
+function tab_changed($name)
+{
+ $to = find_submit("{$name}_", false);
+ if (!$to) return null;
+
+ return array('from' => $from = get_post("_{$name}_sel"),
+ 'to' => $to);
+}
+
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
@@
-422,13
+456,13
@@
function tabbed_content_end() {
*/
$popup_editors = array(
'customer' => array('/sales/manage/customers.php?debtor_no=',
*/
$popup_editors = array(
'customer' => array('/sales/manage/customers.php?debtor_no=',
- 113, _("Customers")),
+ 113, _("Customers")
, 900, 500
),
'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=',
'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=',
- 114, _("Branches")),
+ 114, _("Branches")
, 900, 700
),
'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=',
'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=',
- 113, _("Suppliers")),
+ 113, _("Suppliers")
, 900, 700
),
'item' => array('/inventory/manage/items.php?stock_id=',
'item' => array('/inventory/manage/items.php?stock_id=',
- 115, _("Items"))
+ 115, _("Items")
, 800, 600
)
);
/*
Bind editors for various selectors.
);
/*
Bind editors for various selectors.
@@
-443,8
+477,9
@@
function set_editor($type, $input, $caller=true)
$key = $caller===true ? $popup_editors[$type][1] : $caller;
$key = $caller===true ? $popup_editors[$type][1] : $caller;
- $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input);
-
+ $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input,
+ $popup_editors[$type][3], $popup_editors[$type][4]);
+
$help = 'F' . ($key - 111) . ' - ';
$help .= $popup_editors[$type][2];
$Pagehelp[] = $help;
$help = 'F' . ($key - 111) . ' - ';
$help .= $popup_editors[$type][2];
$Pagehelp[] = $help;
@@
-593,4
+628,3
@@
function page_modified($status = true)
add_js_source($js);
}
add_js_source($js);
}
-?>
\ No newline at end of file