Improved entropy for report file urls.

[fa-stable.git] / includes / ui / ui_controls.inc

diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc
index 3d542f12bd9b99f5f99d7ddda641080e28b65194..e575fd15d8a071382cafe07c12811b221084e1ec 100644 (file)
--- a/includes/ui/ui_controls.inc
+++ b/includes/ui/ui_controls.inc
@@ -60,7 +60,8 @@ function output_hidden()
 {
        global $hidden_fields;
 
-       echo implode('', $hidden_fields);
+       if (is_array($hidden_fields))
+               echo implode('', $hidden_fields);
        $hidden_fields = array();
 }
 //---------------------------------------------------------------------------------
@@ -71,7 +72,7 @@ function end_form($breaks=0)
 
        if ($form_nested-- > 0) return;
 
-       $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true));
+       $_SESSION['csrf_token'] = random_id();
        if ($breaks)
                br($breaks);
        hidden('_focus');
@@ -131,8 +132,8 @@ function table_section($number=1, $width=false)
        if ($number > 1)
        {
                echo "</table>\n";
+               output_hidden();
                $width = ($width ? "width='$width'" : "");
-               //echo "</td><td class='tableseparator' $width>\n"; // outer table
                echo "</td><td style='border-left:1px solid #cccccc;' $width>\n"; // outer table
        }
        echo "<table class='tablestyle_inner'>\n";
@@ -141,7 +142,10 @@ function table_section($number=1, $width=false)
 function end_outer_table($breaks=0, $close_table=true)
 {
        if ($close_table)
+       {
                echo "</table>\n";
+               output_hidden();
+       }
        echo "</td></tr>\n";
        end_table($breaks);
 }
@@ -260,8 +264,15 @@ function viewer_link($label, $url='', $class='', $id='',  $icon=null)
 
 function menu_link($url, $label, $id=null)
 {
+       global $path_to_root;
+
        $id = default_focus($id);
        $pars = access_string($label);
+
+       if ($url[0] != '/')
+               $url = '/'.$url;
+       $url = $path_to_root.$url;
+
        return "<a href='$url' class='menu_option' id='$id' $pars[1]>$pars[0]</a>";
 }
 
@@ -394,13 +405,14 @@ function div_end()
 {
     global $ajax_divs, $Ajax;
 
+       output_hidden();
     if (count($ajax_divs))
     {
                $div = array_pop($ajax_divs);
                if ($div[1] !== null)
                        $Ajax->addUpdate($div[1], $div[0], ob_get_flush());
-               echo "</div>";
     }
+       echo "</div>";
 }
 
 //-----------------------------------------------------------------------------
@@ -448,6 +460,7 @@ function tabbed_content_start($name, $tabs, $dft='') {
 }
 
 function tabbed_content_end() {
+       output_hidden();
        echo "</div>"; // content box (don't change to div_end() unless div_start() is used above)
        div_end(); // tabs widget
 }
@@ -496,6 +509,8 @@ $popup_editors = array(
        'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=', 
                113, _("Suppliers"), 900, 700),
        'item' => array('/inventory/manage/items.php?stock_id=', 
+               115, _("Items"), 800, 600),
+       'fa_item' => array('/inventory/manage/items.php?FixedAsset=1&stock_id=', 
                115, _("Items"), 800, 600)
 );
 /*
@@ -656,7 +671,7 @@ function page_processing($msg = false)
        global $Ajax;
 
        if ($msg === true)
-               $msg = _('Entered data has not been saved yet.\nDo you want to abandon changes?');
+               $msg = _("Entered data has not been saved yet.\nDo you want to abandon changes?");
 
        $js = "_validate._processing=" . (
                $msg ? '\''.strtr($msg, array("\n"=>'\\n')) . '\';' : 'null;');