X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_controls.inc;h=616d99b65502f2c130d3dba692b114b5107ab82f;hb=17b390efcf904072b02ec866b2a427490471a260;hp=6965b2167cf013b99c1f2b5f3ddff269ad54f198;hpb=76ca9fef9bb510236a6a7740fa0f60eb7db384c9;p=fa-stable.git
diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc
index 6965b216..616d99b6 100644
--- a/includes/ui/ui_controls.inc
+++ b/includes/ui/ui_controls.inc
@@ -32,10 +32,15 @@ function get_post($name, $dflt='')
((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]);
}
//---------------------------------------------------------------------------------
+$form_nested = -1;
function start_form($multi=false, $dummy=false, $action="", $name="")
{
// $dummy - leaved for compatibility with 2.0 API
+ global $form_nested;
+
+ if (++$form_nested) return;
+
if ($name != "")
$name = "name='$name'";
@@ -53,11 +58,30 @@ function start_form($multi=false, $dummy=false, $action="", $name="")
function end_form($breaks=0)
{
+ global $Ajax, $form_nested, $hidden_fields;
+
+ if ($form_nested-- > 0) return;
+
+ $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true));
if ($breaks)
br($breaks);
- echo "\n";
- echo "\n";
- echo "\n";
+ hidden('_focus');
+ hidden('_modified', get_post('_modified', 0));
+ hidden('_token', $_SESSION['csrf_token']);
+
+ echo implode('', $hidden_fields)."\n";
+ $Ajax->activate('_token');
+}
+
+function check_csrf_token()
+{
+ if ($_SESSION['csrf_token'] != @$_POST['_token'])
+ {
+ display_error(_("Request from outside of this page is forbidden."));
+ error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')');
+ return false;
+ }
+ return true;
}
function start_table($class=false, $extra="", $padding='2', $spacing='0')
@@ -71,7 +95,7 @@ function start_table($class=false, $extra="", $padding='2', $spacing='0')
echo " class='tablestyle'";
if ($extra != "")
echo " $extra";
- echo " cellpadding=$padding cellspacing=$spacing>\n";
+ echo " cellpadding='$padding' cellspacing='$spacing'>\n";
}
function end_table($breaks=0)
@@ -94,7 +118,7 @@ function table_section($number=1, $width=false)
if ($number > 1)
{
echo "\n";
- $width = ($width ? "width=$width" : "");
+ $width = ($width ? "width='$width'" : "");
//echo "
\n"; // outer table
echo " | \n"; // outer table
}
@@ -116,10 +140,10 @@ function vertical_space($params='')
echo " | ";
}
-function meta_forward($forward_to, $params="")
+function meta_forward($forward_to, $params="", $timeout=0)
{
global $Ajax;
- echo "\n";
+ echo "\n";
echo " " . _("You should automatically be forwarded.");
echo " " . _("If this does not happen") . " " . "" . _("click here") . " " . _("to continue") . ".
\n";
if ($params !='') $params = '?'.$params;
@@ -150,7 +174,7 @@ function access_string($label, $clean=false)
return $clean ? $label : array($label, $access);
}
-function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
+function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false)
{
global $path_to_root;
@@ -161,17 +185,17 @@ function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
{
include_once($path_to_root."/admin/db/attachments_db.inc");
$id = has_attachment($type_no, $trans_no);
- }
+ $attach = get_attachment_string($type_no, $trans_no);
+ echo $attach;
+ }
$width = ($id != 0 ? "30%" : "20%");
- start_table(false, "width=$width");
+ start_table(false, "width='$width'");
start_row();
if ($no_menu)
{
- if ($id != 0)
- echo " | "._("View Attachment")." | \n";
echo ""._("Print")." | \n";
- }
- echo "".($no_menu ? _("Close") : _("Back"))." | \n";
+ }
+ echo "".($no_menu ? _("Close") : _("Back"))." | \n";
end_row();
end_table();
if ($center)
@@ -290,18 +314,20 @@ function hyperlink_params_separate_td($target, $label, $params)
//--------------------------------------------------------------------------------------------------
-function alt_table_row_color(&$k)
+function alt_table_row_color(&$k, $extra_class=null)
{
+ $classes = $extra_class ? array($extra_class) : array();
if ($k == 1)
{
- echo "
\n";
+ array_push($classes, 'oddrow');
$k = 0;
}
else
{
- echo "
\n";
+ array_push($classes, 'evenrow');
$k++;
}
+ echo "
\n";
}
function table_section_title($msg, $colspan=2)
@@ -415,6 +441,15 @@ function tabbed_content_end() {
div_end(); // tabs widget
}
+function tab_changed($name)
+{
+ $to = find_submit("{$name}_", false);
+ if (!$to) return null;
+
+ return array('from' => $from = get_post("_{$name}_sel"),
+ 'to' => $to);
+}
+
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
@@ -594,4 +629,3 @@ function page_modified($status = true)
add_js_source($js);
}
-?>
\ No newline at end of file