X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_controls.inc;h=ddef1bddf3491d083918f0ed8f03ef8433b0add8;hb=927ebef2443b6dda544056e33ec84b71d2bdb6c2;hp=7934730c0629dfbb97f0d79739fe4cf4f52b9b3f;hpb=303eb17e9cdd9702eee9fdfcaee51e654a1da541;p=fa-stable.git diff --git a/includes/ui/ui_controls.inc b/includes/ui/ui_controls.inc index 7934730c..ddef1bdd 100644 --- a/includes/ui/ui_controls.inc +++ b/includes/ui/ui_controls.inc @@ -32,10 +32,15 @@ function get_post($name, $dflt='') ((!isset($_POST[$name]) || $_POST[$name] === '') ? $dflt : $_POST[$name]); } //--------------------------------------------------------------------------------- +$form_nested = -1; function start_form($multi=false, $dummy=false, $action="", $name="") { // $dummy - leaved for compatibility with 2.0 API + global $form_nested; + + if (++$form_nested) return; + if ($name != "") $name = "name='$name'"; @@ -53,15 +58,40 @@ function start_form($multi=false, $dummy=false, $action="", $name="") function end_form($breaks=0) { + global $Ajax, $form_nested; + + if ($form_nested-- > 0) return; + + $_SESSION['csrf_token'] = hash('sha256', uniqid(mt_rand(), true)); if ($breaks) br($breaks); - echo "\n"; + hidden('_focus'); + hidden('_modified', get_post('_modified', 0)); + hidden('_token', $_SESSION['csrf_token']); echo "\n"; + $Ajax->activate('_token'); +} + +function check_csrf_token() +{ + if ($_SESSION['csrf_token'] != @$_POST['_token']) + { + display_error(_("Request from outside of this page is forbidden.")); + error_log(_("CSRF attack detected from: ").@$_SERVER['HTTP_HOST'].' ('.@$_SERVER['HTTP_REFERER'].')'); + return false; + } + return true; } -function start_table($extra="", $padding='2', $spacing='0') +function start_table($class=false, $extra="", $padding='2', $spacing='0') { echo "
\n"; // outer table } @@ -109,10 +139,10 @@ function vertical_space($params='') echo " | |||
";
}
-function meta_forward($forward_to, $params="")
+function meta_forward($forward_to, $params="", $timeout=0)
{
global $Ajax;
- echo "\n";
+ echo "\n";
echo " " . _("You should automatically be forwarded."); echo " " . _("If this does not happen") . " " . "" . _("click here") . " " . _("to continue") . ". "._("Print")." | \n";
- echo "".($no_menu ? _("Close") : _("Back"))." | \n";
+ }
+ echo "".($no_menu ? _("Close") : _("Back"))." | \n";
end_row();
end_table();
if ($center)
@@ -198,7 +241,6 @@ function viewer_link($label, $url='', $class='', $id='', $icon=null)
}
else
$preview_str = $label;
-
return $preview_str;
}
@@ -218,12 +260,12 @@ function submenu_option($title, $url, $id=null)
function submenu_view($title, $type, $number, $id=null)
{
- display_note(get_trans_view_str($type, $number, $title, false, 'menu_option', $id), 0, 1);
+ display_note(get_trans_view_str($type, $number, $title, false, 'viewlink', $id), 0, 1);
}
function submenu_print($title, $type, $number, $id=null, $email=0, $extra=0)
{
- display_note(print_document_link($number, $title, true, $type, false, 'menu_option', $id, $email, $extra), 0, 1);
+ display_note(print_document_link($number, $title, true, $type, false, 'printlink', $id, $email, $extra), 0, 1);
}
//-----------------------------------------------------------------------------------
@@ -271,18 +313,20 @@ function hyperlink_params_separate_td($target, $label, $params)
//--------------------------------------------------------------------------------------------------
-function alt_table_row_color(&$k)
+function alt_table_row_color(&$k, $extra_class=null)
{
+ $classes = $extra_class ? array($extra_class) : array();
if ($k == 1)
{
- echo "
\n";
+ echo $str;
+}
+
+function tabbed_content_end() {
+ echo " "; // content box (don't change to div_end() unless div_start() is used above)
+ div_end(); // tabs widget
+}
+
+function tab_changed($name)
+{
+ $to = find_submit("{$name}_", false);
+ if (!$to) return null;
+
+ return array('from' => $from = get_post("_{$name}_sel"),
+ 'to' => $to);
+}
+
/* Table editor interfaces. Key is editor type
0 => url of editor page
1 => hotkey code
@@ -354,13 +456,13 @@ function div_end()
*/
$popup_editors = array(
'customer' => array('/sales/manage/customers.php?debtor_no=',
- 113, _("Customers")),
+ 113, _("Customers"), 900, 500),
'branch' => array('/sales/manage/customer_branches.php?SelectedBranch=',
- 114, _("Branches")),
+ 114, _("Branches"), 900, 700),
'supplier' => array('/purchasing/manage/suppliers.php?supplier_id=',
- 113, _("Suppliers")),
+ 113, _("Suppliers"), 900, 700),
'item' => array('/inventory/manage/items.php?stock_id=',
- 115, _("Items"))
+ 115, _("Items"), 800, 600)
);
/*
Bind editors for various selectors.
@@ -375,8 +477,9 @@ function set_editor($type, $input, $caller=true)
$key = $caller===true ? $popup_editors[$type][1] : $caller;
- $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input);
-
+ $Editors[$key] = array( $path_to_root . $popup_editors[$type][0], $input,
+ $popup_editors[$type][3], $popup_editors[$type][4]);
+
$help = 'F' . ($key - 111) . ' - ';
$help .= $popup_editors[$type][2];
$Pagehelp[] = $help;
@@ -494,6 +597,34 @@ function confirm_dialog($submit, $msg) {
return 0;
} else
return get_post('DialogConfirm', 0);
-}
+}
+
+/*
+ Block menu/shortcut links during transaction procesing.
+*/
+function page_processing($msg = false)
+{
+ global $Ajax;
+
+ if ($msg === true)
+ $msg = _('Entered data has not been saved yet.\nDo you want to abandon changes?');
+
+ $js = "_validate._processing=" . (
+ $msg ? '\''.strtr($msg, array("\n"=>'\\n')) . '\';' : 'null;');
+ if (in_ajax()) {
+ $Ajax->addScript(true, $js);
+ } else
+ add_js_source($js);
+}
+
+function page_modified($status = true)
+{
+ global $Ajax;
+
+ $js = "_validate._modified=" . ($status ? 1:0).';';
+ if (in_ajax()) {
+ $Ajax->addScript(true, $js);
+ } else
+ add_js_source($js);
+}
-?>
\ No newline at end of file
|