}
+/*
+ Flush hidden fields buffer.
+*/
+function output_hidden()
+{
+ global $hidden_fields;
+
+ if (is_array($hidden_fields))
+ echo implode('', $hidden_fields);
+ $hidden_fields = array();
+}
//---------------------------------------------------------------------------------
function end_form($breaks=0)
{
+ global $Ajax, $hidden_fields;
+
+ $_SESSION['csrf_token'] = random_id();
if ($breaks)
br($breaks);
- echo "<input type=\"hidden\" name=\"_focus\" value=\"".get_post('_focus')."\">\n";
- echo "<input type=\"hidden\" name=\"_modified\" value=\"".get_post('_modified', 0)."\">\n";
+ hidden('_focus');
+ hidden('_modified', get_post('_modified', 0));
+ hidden('_token', $_SESSION['csrf_token']);
+
+ output_hidden();
echo "</form>\n";
+ $Ajax->activate('_token');
+}
+
+function check_csrf_token()
+{
+ if ($_SESSION['csrf_token'] != @$_POST['_token'])
+ {
+ display_error(_("Request from outside of this page is forbidden."));
+ error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')');
+ return false;
+ }
+ return true;
}
function start_table($class=false, $extra="", $padding='2', $spacing='0')
echo " class='tablestyle'";
if ($extra != "")
echo " $extra";
- echo " cellpadding=$padding cellspacing=$spacing>\n";
+ echo " cellpadding='$padding' cellspacing='$spacing'>\n";
}
function end_table($breaks=0)
{
echo "</table></center>\n";
+ output_hidden();
if ($breaks)
br($breaks);
}
if ($number > 1)
{
echo "</table>\n";
- $width = ($width ? "width=$width" : "");
+ output_hidden();
+ $width = ($width ? "width='$width'" : "");
//echo "</td><td class='tableseparator' $width>\n"; // outer table
echo "</td><td style='border-left:1px solid #cccccc;' $width>\n"; // outer table
}
function end_outer_table($breaks=0, $close_table=true)
{
if ($close_table)
+ {
echo "</table>\n";
+ output_hidden();
+ }
echo "</td></tr>\n";
end_table($breaks);
}
return $clean ? $label : array($label, $access);
}
-function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
+function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false)
{
global $path_to_root;
{
include_once($path_to_root."/admin/db/attachments_db.inc");
$id = has_attachment($type_no, $trans_no);
- }
+ $attach = get_attachment_string($type_no, $trans_no);
+ echo $attach;
+ }
$width = ($id != 0 ? "30%" : "20%");
- start_table(false, "width=$width");
+ start_table(false, "width='$width'");
start_row();
if ($no_menu)
{
- if ($id != 0)
- echo "<td align=center><a href='$path_to_root/admin/attachments.php?vw=$id' target='blanc_'>"._("View Attachment")."</a></td>\n";
echo "<td align=center><a href='javascript:window.print();'>"._("Print")."</a></td>\n";
- }
- echo "<td align=center><a href='javascript:goBack();'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
+ }
+ echo "<td align=center><a href='javascript:goBack(".($final ? '-2' : '').");'>".($no_menu ? _("Close") : _("Back"))."</a></td>\n";
end_row();
end_table();
if ($center)
//--------------------------------------------------------------------------------------------------
-function alt_table_row_color(&$k)
+function alt_table_row_color(&$k, $extra_class=null)
{
+ $classes = $extra_class ? array($extra_class) : array();
if ($k == 1)
{
- echo "<tr class='oddrow'>\n";
+ array_push($classes, 'oddrow');
$k = 0;
}
else
{
- echo "<tr class='evenrow'>\n";
+ array_push($classes, 'evenrow');
$k++;
}
+ echo "<tr class='".implode(' ', $classes)."'>\n";
}
function table_section_title($msg, $colspan=2)
{
global $ajax_divs, $Ajax;
+ output_hidden();
if (count($ajax_divs))
{
$div = array_pop($ajax_divs);
if ($div[1] !== null)
$Ajax->addUpdate($div[1], $div[0], ob_get_flush());
- echo "</div>";
}
+ echo "</div>";
}
//-----------------------------------------------------------------------------
}
function tabbed_content_end() {
+ output_hidden();
echo "</div>"; // content box (don't change to div_end() unless div_start() is used above)
div_end(); // tabs widget
}
+function tab_changed($name)
+{
+ $to = find_submit("{$name}_", false);
+ if (!$to) return null;
+
+ return array('from' => $from = get_post("_{$name}_sel"),
+ 'to' => $to);
+}
+
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
*/
$popup_editors = array(
'customer' => array('/sales/manage/customers.php?debtor_no=',
- 113, _("Customers")),
+ 113, _("Customers"), 900, 500),
'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=',
- 114, _("Branches")),
+ 114, _("Branches"), 900, 700),
'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=',
- 113, _("Suppliers")),
+ 113, _("Suppliers"), 900, 700),
'item' => array('/inventory/manage/items.php?stock_id=',
- 115, _("Items"))
+ 115, _("Items"), 800, 600)
);
/*
Bind editors for various selectors.
$key = $caller===true ? $popup_editors[$type][1] : $caller;
- $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input);
+ $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input,
+ $popup_editors[$type][3], $popup_editors[$type][4]);
$help = 'F' . ($key - 111) . ' - ';
$help .= $popup_editors[$type][2];
projects / fa-stable.git / blobdiff