X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_controls.inc;h=748889d6b8ba55b6ba62420e4561832041239b2a;hb=a9e7141956ef0a60b58e9a627beee93cd35ed43c;hp=d6533f901722f5999ef7d81386932fea61d954df;hpb=46c5f7a65a7659a44ae8254c63152074363d3987;p=fa-stable.git
diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc
index d6533f90..748889d6 100644
--- a/includes/ui/ui_controls.inc
+++ b/includes/ui/ui_controls.inc
@@ -22,20 +22,24 @@ function get_post($name, $dflt='')
$ret = array();
foreach($name as $key => $dflt)
if (!is_numeric($key)) {
- $ret[$key] = is_float($dflt) ? input_num($key, $dflt) : get_post($key, $dflt);
+ $ret[$key] = is_numeric($dflt) ? input_num($key, $dflt) : get_post($key, $dflt);
} else {
$ret[$dflt] = get_post($dflt, null);
}
return $ret;
} else
- return is_float($dflt) ? input_num($name, $dflt) :
- ((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]);
+ return is_float($dflt) ? input_num($name, $dflt) :
+ ((!isset($_POST[$name]) /*|| $_POST[$name] === ''*/) ? $dflt : $_POST[$name]);
}
//---------------------------------------------------------------------------------
+$form_nested = -1;
function start_form($multi=false, $dummy=false, $action="", $name="")
{
// $dummy - leaved for compatibility with 2.0 API
+ global $form_nested;
+
+ if (++$form_nested) return;
if ($name != "")
$name = "name='$name'";
@@ -49,15 +53,48 @@ function start_form($multi=false, $dummy=false, $action="", $name="")
}
+/*
+ Flush hidden fields buffer.
+*/
+function output_hidden()
+{
+ global $hidden_fields;
+
+ if (is_array($hidden_fields))
+ echo implode('', $hidden_fields);
+ $hidden_fields = array();
+}
//---------------------------------------------------------------------------------
function end_form($breaks=0)
{
+ global $Ajax, $form_nested, $hidden_fields;
+
+ if ($form_nested-- > 0) return;
+
+ $_SESSION['csrf_token'] = random_id();
if ($breaks)
br($breaks);
- echo "\n";
- echo "\n";
+ hidden('_focus');
+ hidden('_modified', get_post('_modified', 0));
+ hidden('_confirmed'); // helper for final form confirmation
+ hidden('_token', $_SESSION['csrf_token']);
+
+ output_hidden();
echo "\n";
+ $Ajax->activate('_token');
+ $Ajax->activate('_confirmed');
+}
+
+function check_csrf_token()
+{
+ if ($_SESSION['csrf_token'] != @$_POST['_token'])
+ {
+ display_error(_("Request from outside of this page is forbidden."));
+ error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')');
+ return false;
+ }
+ return true;
}
function start_table($class=false, $extra="", $padding='2', $spacing='0')
@@ -71,12 +108,13 @@ function start_table($class=false, $extra="", $padding='2', $spacing='0')
echo " class='tablestyle'";
if ($extra != "")
echo " $extra";
- echo " cellpadding=$padding cellspacing=$spacing>\n";
+ echo " cellpadding='$padding' cellspacing='$spacing'>\n";
}
function end_table($breaks=0)
{
echo "\n";
+ output_hidden();
if ($breaks)
br($breaks);
}
@@ -94,8 +132,8 @@ function table_section($number=1, $width=false)
if ($number > 1)
{
echo "\n";
- $width = ($width ? "width=$width" : "");
- //echo "| \n"; // outer table
+ output_hidden();
+ $width = ($width ? "width='$width'" : "");
echo " | \n"; // outer table
}
echo "\n";
@@ -104,7 +142,10 @@ function table_section($number=1, $width=false)
function end_outer_table($breaks=0, $close_table=true)
{
if ($close_table)
+ {
echo " \n";
+ output_hidden();
+ }
echo " | \n";
end_table($breaks);
}
@@ -116,15 +157,15 @@ function vertical_space($params='')
echo "";
}
-function meta_forward($forward_to, $params="")
+function meta_forward($forward_to, $params="", $timeout=0, $return=false)
{
global $Ajax;
- echo "\n";
+ echo "\n";
echo "
" . _("You should automatically be forwarded.");
echo " " . _("If this does not happen") . " " . "" . _("click here") . " " . _("to continue") . ".
\n";
if ($params !='') $params = '?'.$params;
$Ajax->redirect($forward_to.$params);
- exit;
+ if (!$return) exit;
}
//-----------------------------------------------------------------------------------
@@ -150,7 +191,7 @@ function access_string($label, $clean=false)
return $clean ? $label : array($label, $access);
}
-function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
+function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false)
{
global $path_to_root;
@@ -161,17 +202,17 @@ function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0)
{
include_once($path_to_root."/admin/db/attachments_db.inc");
$id = has_attachment($type_no, $trans_no);
+ $attach = get_attachment_string($type_no, $trans_no);
+ echo $attach;
}
$width = ($id != 0 ? "30%" : "20%");
- start_table(false, "width=$width");
+ start_table(false, "width='$width'");
start_row();
if ($no_menu)
{
- if ($id != 0)
- echo " | "._("View Attachment")." | \n";
echo ""._("Print")." | \n";
}
- echo "".($no_menu ? _("Close") : _("Back"))." | \n";
+ echo "".($no_menu ? _("Close") : _("Back"))." | \n";
end_row();
end_table();
if ($center)
@@ -223,16 +264,21 @@ function viewer_link($label, $url='', $class='', $id='', $icon=null)
function menu_link($url, $label, $id=null)
{
+ global $path_to_root;
$id = default_focus($id);
$pars = access_string($label);
+
+ if ($url[0] != '/')
+ $url = '/'.$url;
+ $url = $path_to_root.$url;
+
return "";
}
function submenu_option($title, $url, $id=null)
{
- global $path_to_root;
- display_note(menu_link($path_to_root . $url, $title, $id), 0, 1);
+ display_note( menu_link($url, $title, $id), 0, 1);
}
function submenu_view($title, $type, $number, $id=null)
@@ -290,18 +336,20 @@ function hyperlink_params_separate_td($target, $label, $params)
//--------------------------------------------------------------------------------------------------
-function alt_table_row_color(&$k)
+function alt_table_row_color(&$k, $extra_class=null)
{
+ $classes = $extra_class ? array($extra_class) : array();
if ($k == 1)
{
- echo "
\n";
+ array_push($classes, 'oddrow');
$k = 0;
}
else
{
- echo "
\n";
+ array_push($classes, 'evenrow');
$k++;
}
+ echo "
\n";
}
function table_section_title($msg, $colspan=2)
@@ -357,13 +405,14 @@ function div_end()
{
global $ajax_divs, $Ajax;
+ output_hidden();
if (count($ajax_divs))
{
$div = array_pop($ajax_divs);
if ($div[1] !== null)
$Ajax->addUpdate($div[1], $div[0], ob_get_flush());
- echo "";
}
+ echo "";
}
//-----------------------------------------------------------------------------
@@ -411,10 +460,42 @@ function tabbed_content_start($name, $tabs, $dft='') {
}
function tabbed_content_end() {
+ output_hidden();
echo ""; // content box (don't change to div_end() unless div_start() is used above)
div_end(); // tabs widget
}
+function tab_changed($name)
+{
+ $to = find_submit("{$name}_", false);
+ if (!$to) return null;
+
+ return array('from' => $from = get_post("_{$name}_sel"),
+ 'to' => $to);
+}
+/*
+ Check whether tab has been just switched on
+*/
+function tab_opened($name, $tab)
+{
+ return (get_post('_'.$name.'_sel') != $tab) && (find_submit($name.'_', false) == $tab);
+}
+/*
+ Check whether tab has been just switched off
+*/
+function tab_closed($name, $tab)
+{
+ return (get_post('_'.$name.'_sel') == $tab) && (find_submit($name.'_', false) != $tab);
+}
+/*
+ Check whether tab is visible on current page
+*/
+function tab_visible($name, $tab)
+{
+ $new = find_submit($name.'_', false);
+ return (get_post('_'.$name.'_sel') == $tab && !$new) || $new==$tab;
+}
+
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
@@ -422,13 +503,15 @@ function tabbed_content_end() {
*/
$popup_editors = array(
'customer' => array('/sales/manage/customers.php?debtor_no=',
- 113, _("Customers")),
+ 113, _("Customers"), 900, 550),
'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=',
- 114, _("Branches")),
+ 114, _("Branches"), 900, 650),
'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=',
- 113, _("Suppliers")),
+ 113, _("Suppliers"), 1150, 550),
'item' => array('/inventory/manage/items.php?stock_id=',
- 115, _("Items"))
+ 115, _("Items"), 1000, 500),
+ 'fa_item' => array('/inventory/manage/items.php?FixedAsset=1&stock_id=',
+ 115, _("Items"), 1000, 500)
);
/*
Bind editors for various selectors.
@@ -443,7 +526,8 @@ function set_editor($type, $input, $caller=true)
$key = $caller===true ? $popup_editors[$type][1] : $caller;
- $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input);
+ $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input,
+ $popup_editors[$type][3], $popup_editors[$type][4]);
$help = 'F' . ($key - 111) . ' - ';
$help .= $popup_editors[$type][2];
@@ -563,7 +647,22 @@ function confirm_dialog($submit, $msg) {
} else
return get_post('DialogConfirm', 0);
}
+/*
+ Confirm dialog to be used optionally in final form checking routine.
+ Displays warning conditionally unless it was displayed
+*/
+function display_confirmation($msg)
+{
+ global $Ajax;
+ if (!get_post('_confirmed'))
+ {
+ $_POST['_confirmed'] = 1;
+ display_warning($msg);
+ return false;
+ } else
+ return true;
+}
/*
Block menu/shortcut links during transaction procesing.
*/
@@ -572,7 +671,7 @@ function page_processing($msg = false)
global $Ajax;
if ($msg === true)
- $msg = _('Entered data has not been saved yet.\nDo you want to abandon changes?');
+ $msg = _("Entered data has not been saved yet.\nDo you want to abandon changes?");
$js = "_validate._processing=" . (
$msg ? '\''.strtr($msg, array("\n"=>'\\n')) . '\';' : 'null;');
@@ -592,5 +691,3 @@ function page_modified($status = true)
} else
add_js_source($js);
}
-
-?>
\ No newline at end of file