X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_controls.inc;h=89decab4d1e928062794204f74ce9afe989e4caa;hb=c640dae024fb9554d476bd863a68ef82ada8822d;hp=6d0ccf99b3ab0018a9a358bf7a336475e6873de7;hpb=a4a97ed8c4aa263e985680dea7dd82163bd98519;p=fa-stable.git diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc index 6d0ccf99..89decab4 100644 --- a/includes/ui/ui_controls.inc +++ b/includes/ui/ui_controls.inc @@ -28,14 +28,18 @@ function get_post($name, $dflt='') } return $ret; } else - return is_float($dflt) ? input_num($name, $dflt) : - ((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]); + return is_float($dflt) ? input_num($name, $dflt) : + ((!isset($_POST[$name]) /*|| $_POST[$name] === ''*/) ? $dflt : $_POST[$name]); } //--------------------------------------------------------------------------------- +$form_nested = -1; function start_form($multi=false, $dummy=false, $action="", $name="") { // $dummy - leaved for compatibility with 2.0 API + global $form_nested; + + if (++$form_nested) return; if ($name != "") $name = "name='$name'"; @@ -53,11 +57,32 @@ function start_form($multi=false, $dummy=false, $action="", $name="") function end_form($breaks=0) { + global $Ajax, $form_nested, $hidden_fields; + + if ($form_nested-- > 0) return; + + $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true)); if ($breaks) br($breaks); - echo "\n"; - echo "\n"; - echo "\n"; + hidden('_focus'); + hidden('_modified', get_post('_modified', 0)); + hidden('_confirmed'); // helper for final form confirmation + hidden('_token', $_SESSION['csrf_token']); + + echo implode('', $hidden_fields)."\n"; + $Ajax->activate('_token'); + $Ajax->activate('_confirmed'); +} + +function check_csrf_token() +{ + if ($_SESSION['csrf_token'] != @$_POST['_token']) + { + display_error(_("Request from outside of this page is forbidden.")); + error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')'); + return false; + } + return true; } function start_table($class=false, $extra="", $padding='2', $spacing='0') @@ -71,7 +96,7 @@ function start_table($class=false, $extra="", $padding='2', $spacing='0') echo " class='tablestyle'"; if ($extra != "") echo " $extra"; - echo " cellpadding=$padding cellspacing=$spacing>\n"; + echo " cellpadding='$padding' cellspacing='$spacing'>\n"; } function end_table($breaks=0) @@ -94,7 +119,7 @@ function table_section($number=1, $width=false) if ($number > 1) { echo "\n"; - $width = ($width ? "width=$width" : ""); + $width = ($width ? "width='$width'" : ""); //echo "\n"; // outer table echo "\n"; // outer table } @@ -116,10 +141,10 @@ function vertical_space($params='') echo ""; } -function meta_forward($forward_to, $params="") +function meta_forward($forward_to, $params="", $timeout=0) { global $Ajax; - echo "\n"; + echo "\n"; echo "

" . _("You should automatically be forwarded."); echo " " . _("If this does not happen") . " " . "" . _("click here") . " " . _("to continue") . ".

\n"; if ($params !='') $params = '?'.$params; @@ -150,7 +175,7 @@ function access_string($label, $clean=false) return $clean ? $label : array($label, $access); } -function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0) +function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0, $final=false) { global $path_to_root; @@ -161,17 +186,17 @@ function hyperlink_back($center=true, $no_menu=true, $type_no=0, $trans_no=0) { include_once($path_to_root."/admin/db/attachments_db.inc"); $id = has_attachment($type_no, $trans_no); + $attach = get_attachment_string($type_no, $trans_no); + echo $attach; } $width = ($id != 0 ? "30%" : "20%"); - start_table(false, "width=$width"); + start_table(false, "width='$width'"); start_row(); if ($no_menu) { - if ($id != 0) - echo ""._("View Attachment")."\n"; echo ""._("Print")."\n"; } - echo "".($no_menu ? _("Close") : _("Back"))."\n"; + echo "".($no_menu ? _("Close") : _("Back"))."\n"; end_row(); end_table(); if ($center) @@ -214,7 +239,7 @@ function viewer_link($label, $url='', $class='', $id='', $icon=null) $pars = access_string($label); if (user_graphic_links() && $icon) $pars[0] = set_icon($icon, $pars[0]); - $preview_str = "$pars[0]"; +- $preview_str = "$pars[0]"; } else $preview_str = $label; @@ -223,7 +248,6 @@ function viewer_link($label, $url='', $class='', $id='', $icon=null) function menu_link($url, $label, $id=null) { - $id = default_focus($id); $pars = access_string($label); return "$pars[0]"; @@ -231,8 +255,7 @@ function menu_link($url, $label, $id=null) function submenu_option($title, $url, $id=null) { - global $path_to_root; - display_note(menu_link($path_to_root . $url, $title, $id), 0, 1); + display_note( menu_link($url, $title, $id), 0, 1); } function submenu_view($title, $type, $number, $id=null) @@ -290,18 +313,20 @@ function hyperlink_params_separate_td($target, $label, $params) //-------------------------------------------------------------------------------------------------- -function alt_table_row_color(&$k) +function alt_table_row_color(&$k, $extra_class=null) { + $classes = $extra_class ? array($extra_class) : array(); if ($k == 1) { - echo "\n"; + array_push($classes, 'oddrow'); $k = 0; } else { - echo "\n"; + array_push($classes, 'evenrow'); $k++; } + echo "\n"; } function table_section_title($msg, $colspan=2) @@ -423,6 +448,28 @@ function tab_changed($name) return array('from' => $from = get_post("_{$name}_sel"), 'to' => $to); } +/* + Check whether tab has been just switched on +*/ +function tab_opened($name, $tab) +{ + return (get_post('_'.$name.'_sel') != $tab) && (find_submit($name.'_', false) == $tab); +} +/* + Check whether tab has been just switched off +*/ +function tab_closed($name, $tab) +{ + return (get_post('_'.$name.'_sel') == $tab) && (find_submit($name.'_', false) != $tab); +} +/* + Check whether tab is visible on current page +*/ +function tab_visible($name, $tab) +{ + $new = find_submit($name.'_', false); + return (get_post('_'.$name.'_sel') == $tab && !$new) || $new==$tab; +} /* Table editor interfaces. Key is editor type 0 => url of editor page @@ -573,7 +620,22 @@ function confirm_dialog($submit, $msg) { } else return get_post('DialogConfirm', 0); } +/* + Confirm dialog to be used optionally in final form checking routine. + Displays warning conditionally unless it was displayed +*/ +function display_confirmation($msg) +{ + global $Ajax; + if (!get_post('_confirmed')) + { + $_POST['_confirmed'] = 1; + display_warning($msg); + return false; + } else + return true; +} /* Block menu/shortcut links during transaction procesing. */ @@ -602,5 +664,3 @@ function page_modified($status = true) } else add_js_source($js); } - -?> \ No newline at end of file