function edit_button_cell($name, $value, $title=false)
{
- label_cell("<input type=\"submit\" class=\"editbutton\" name=\"$name\" value=\"$value\""
- .($title ? " title='$title'":'')." />\n");
+// php silently changes dots,spaces,'[' and characters 128-159
+// to underscore in POST names, to maintain compatibility with register_globals
+
+ label_cell("<input type=\"submit\" class=\"editbutton\" name=\""
+ .htmlentities(strtr($name, array('.'=>'=2E',' '=>'=20','='=>'=3D','['=>'=5B')))
+ ."\" value=\"$value\""
+ .($title ? " title='$title'":'')." />\n");
}
//-----------------------------------------------------------------------------------
foreach (array('Edit', 'Delete') as $m) {
foreach ($_POST as $p => $pvar) {
if (strpos($p, $m) === 0) {
- $selected_id = substr($p, strlen($m));
+// $selected_id = strtr(substr($p, strlen($m)), array('%2E'=>'.'));
+ unset($_POST['_focus']); // focus on first form entry
+ $selected_id = quoted_printable_decode(substr($p, strlen($m)));
$Ajax->activate('_page_body');
$Mode = $m;
return;
<?php
-
$page_security = 11;
$path_to_root="../..";
include($path_to_root . "/includes/session.inc");
}
if ($input_error !=1) {
- write_item_unit($selected_id, $_POST['abbr'], $_POST['description'], $_POST['decimals'] );
+ write_item_unit(htmlentities($selected_id), $_POST['abbr'], $_POST['description'], $_POST['decimals'] );
if($selected_id != '')
display_notification(_('Selected unit has been updated'));
else
}
hidden('selected_id', $selected_id);
}
-
if ($selected_id != '' && item_unit_used($selected_id)) {
label_row(_("Unit Abbreviation:"), $_POST['abbr']);
hidden('abbr', $_POST['abbr']);
projects / fa-stable.git / commitdiff