Menu
▾
▴
deleted-70949-cvs
|
From: <tim...@us...> - 2010-09-29 21:22:28
|
Revision: 3833
http://web-erp.svn.sourceforge.net/web-erp/?rev=3833&view=rev
Author: tim_schofield
Date: 2010-09-29 21:22:22 +0000 (Wed, 29 Sep 2010)
Log Message:
-----------
SQL quoting corrections and layout changes and improvements
Modified Paths:
--------------
trunk/WorkOrderStatus.php
trunk/doc/Change.log.html
Modified: trunk/WorkOrderStatus.php
===================================================================
--- trunk/WorkOrderStatus.php 2010-09-29 16:21:25 UTC (rev 3832)
+++ trunk/WorkOrderStatus.php 2010-09-29 21:22:22 UTC (rev 3833)
@@ -25,7 +25,7 @@
INNER JOIN stockmaster
ON woitems.stockid=stockmaster.stockid
WHERE woitems.stockid='" . $_REQUEST['StockID'] . "'
- AND woitems.wo =" . $_REQUEST['WO'],
+ AND woitems.wo ='" . $_REQUEST['WO'] . "'",
$db,
$ErrMsg);
@@ -35,11 +35,14 @@
exit;
}
$WORow = DB_fetch_array($WOResult);
-
+
echo '<a href="'. $rootpath . '/SelectWorkOrder.php?' . SID . '">' . _('Back to Work Orders'). '</a><br>';
echo '<a href="'. $rootpath . '/WorkOrderCosting.php?' . SID . '&WO=' . $_REQUEST['WO'] . '">' . _('Back to Costing'). '</a><br>';
-
- echo '<table cellpadding=2 border=1>
+
+ echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/group_add.png" title="' .
+ _('Search') . '" alt="">' . ' ' . $title.'</p';
+
+ echo '<table cellpadding=2 class=selection>
<tr><td class="label">' . _('Issue to work order') . ':</td><td>' . $_REQUEST['WO'] .'</td><td class="label">' . _('Item') . ':</td><td>' . $_REQUEST['StockID'] . ' - ' . $WORow['description'] . '</td></tr>
<tr><td class="label">' . _('Manufactured at') . ':</td><td>' . $WORow['locationname'] . '</td><td class="label">' . _('Required By') . ':</td><td>' . ConvertSQLDate($WORow['requiredby']) . '</td></tr>
<tr><td class="label">' . _('Quantity Ordered') . ':</td><td class=number>' . number_format($WORow['qtyreqd'],$WORow['decimalplaces']) . '</td><td colspan=2>' . $WORow['units'] . '</td></tr>
@@ -56,11 +59,11 @@
$db);
$LocRow = DB_fetch_array($LocResult);
echo $LocRow['locationname'];
- echo '<tr><td colspan=4><hr></td></tr>';
- echo '</td></tr></table>';
+ echo '<tr><td colspan=4></td></tr>';
+ echo '</td></tr></table><br />';
//set up options for selection of the item to be issued to the WO
- echo '<table border=1><tr><th colspan=5>' . _('Material Requirements For this Work Order') . '</th></tr>';
+ echo '<table class=selection><tr><th colspan=5><font size=2 color=navy>' . _('Material Requirements For this Work Order') . '</font></th></tr>';
echo '<tr><th colspan=2>' . _('Item') . '</th>
<th>' . _('Qty Required') . '</th>
<th>' . _('Qty Issued') . '</th></tr>';
@@ -72,7 +75,7 @@
qtypu
FROM worequirements INNER JOIN stockmaster
ON worequirements.stockid=stockmaster.stockid
- WHERE wo=" . $_REQUEST['WO'],
+ WHERE wo='" . $_REQUEST['WO'] . "'",
$db);
while ($RequirementsRow = DB_fetch_array($RequirmentsResult)){
@@ -88,7 +91,7 @@
AND reference='" . $_REQUEST['WO'] . "'",
$db);
$IssuedAlreadyRow = DB_fetch_row($IssuedAlreadyResult);
-
+
echo '<td align="right">' . number_format($WORow['qtyreqd']*$RequirementsRow['qtypu'],$RequirementsRow['decimalplaces']) . '</td>
<td align="right">' . number_format($IssuedAlreadyRow[0],$RequirementsRow['decimalplaces']) . '</td></tr>';
}
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-09-29 16:21:25 UTC (rev 3832)
+++ trunk/doc/Change.log.html 2010-09-29 21:22:22 UTC (rev 3833)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>29/09/10 Tim: WorkOrderStatus.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderReceive.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderIssue.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderEntry.php - SQL quoting corrections and layout changes and improvements</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-29 21:28:36
|
Revision: 3834
http://web-erp.svn.sourceforge.net/web-erp/?rev=3834&view=rev
Author: tim_schofield
Date: 2010-09-29 21:28:30 +0000 (Wed, 29 Sep 2010)
Log Message:
-----------
SQL quoting corrections
Modified Paths:
--------------
trunk/WOSerialNos.php
trunk/doc/Change.log.html
Modified: trunk/WOSerialNos.php
===================================================================
--- trunk/WOSerialNos.php 2010-09-29 21:22:22 UTC (rev 3833)
+++ trunk/WOSerialNos.php 2010-09-29 21:28:30 UTC (rev 3834)
@@ -55,11 +55,14 @@
qualitytext,
serialno)
VALUES ";
- $ValueLine = " ('" . $StockID . "', " . $WO . ",'' ,";
+ $ValueLine = " ('" . $StockID . "',
+ '" . $WO . "',
+ '' ,
+ ";
for ($i=0;$i<$_POST['NumberToAdd'];$i++){
$NextItemNumber = $NextSerialNo + $i;
$result = DB_query("SELECT serialno FROM woserialnos
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID ."'
AND serialno='" . $NextItemNumber . "'",$db);
if (DB_num_rows($result)!=0){
@@ -84,12 +87,12 @@
$ErrMsg = _('Unable to add the serial numbers requested');
$result = DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
// update the nextserialno in the stockmaster for the item
- $result = DB_query('UPDATE stockmaster
- SET nextserialno=' . $NextSerialNo . "
+ $result = DB_query("UPDATE stockmaster
+ SET nextserialno='" . $NextSerialNo . "'
WHERE stockid='" . $StockID . "'",$db);
- $result = DB_query('UPDATE woitems SET qtyreqd=qtyreqd+' . $_POST['NumberToAdd'] . "
+ $result = DB_query("UPDATE woitems SET qtyreqd=qtyreqd+" . $_POST['NumberToAdd'] . "
WHERE stockid='" . $StockID . "'
- AND wo=" . $WO,$db,$ErrMsg,$DbgMsg,true);
+ AND wo='" . $WO . "'",$db,$ErrMsg,$DbgMsg,true);
DB_Txn_Commit($db);
}
} // end Adding a number of serial numbers automatically
@@ -104,7 +107,7 @@
$InputError=true;
}
$result = DB_query("SELECT serialno FROM woserialnos
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID ."'
AND serialno='" . $_POST['Reference'] . "'",$db);
if (DB_num_rows($result)!=0){
@@ -121,19 +124,19 @@
if (!$InputError){
DB_Txn_Begin($db);
$ErrMsg = _('Could not add a new serial number/batch');
- $result = DB_query('UPDATE woitems
- SET qtyreqd=qtyreqd+' . $_POST['Quantity'] . "
+ $result = DB_query("UPDATE woitems
+ SET qtyreqd=qtyreqd+" . $_POST['Quantity'] . "
WHERE stockid='" . $StockID . "'
- AND wo=" . $WO,$db,$ErrMsg,$DbgMsg,true);
+ AND wo='" . $WO . "'",$db,$ErrMsg,$DbgMsg,true);
$sql = "INSERT INTO woserialnos (stockid,
wo,
qualitytext,
quantity,
serialno)
VALUES ('" . $StockID . "',
- " . $WO . ",
- '',
- " . $_POST['Quantity'] . ",
+ '" . $WO . "',
+ '',
+ '" . $_POST['Quantity'] . "',
'" . $_POST['Reference'] . "')";
$ErrMsg = _('Unable to add the batch or serial number requested');
@@ -148,13 +151,13 @@
/*when serial numbers /lots received they are removed from the woserialnos table so no need to check if already received - they will only show here if they are in progress */
$result = DB_query("DELETE FROM woserialnos
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID . "'
AND serialno='" . $_GET['Reference'] ."'",
$db);
$result = DB_query("UPDATE woitems SET qtyreqd=qtyreqd-" . $_GET['Quantity'] . "
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid = '" . $StockID . "'",$db);
prnMsg(_('The batch/serial number') . ' ' . $_GET['Reference'] . ' ' . _('has been deleted from this work order'),'info');
@@ -175,7 +178,7 @@
}
if ($_POST['Reference' .$i] != $_POST['OldReference' .$i]){
$result = DB_query("SELECT serialno FROM woserialnos
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID ."'
AND serialno='" . $_POST['Reference' . $i] . "'",$db);
if (DB_num_rows($result)!=0){
@@ -192,9 +195,9 @@
}
if (!$InputError){
$sql[] = "UPDATE woserialnos SET serialno='" . $_POST['Reference'.$i] . "',
- quantity=" . $_POST['Quantity'.$i] .",
+ quantity='" . $_POST['Quantity'.$i] ."',
qualitytext='" . $_POST['Notes'.$i] . "'
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID . "'
AND serialno='" . $_POST['OldReference'.$i] . "'";
$WOQuantityTotal += $_POST['Quantity'.$i];
@@ -208,8 +211,8 @@
foreach ($sql as $SQLStatement){
$result = DB_query($SQLStatement,$db,$ErrMsg,$DbgMsg,true);
}
- $result = DB_query("UPDATE woitems SET qtyreqd = " . $WOQuantityTotal . "
- WHERE wo = " .$WO . "
+ $result = DB_query("UPDATE woitems SET qtyreqd = '" . $WOQuantityTotal . "'
+ WHERE wo = '" .$WO . "'
AND stockid='" . $StockID . "'", $db, $ErrMsg,$DbgMsg,true);
$result = DB_Txn_Commit($db);
}
@@ -259,7 +262,7 @@
quantity,
qualitytext
FROM woserialnos
- WHERE wo=" . $WO . "
+ WHERE wo='" . $WO . "'
AND stockid='" . $StockID . "'";
$ErrMsg = _('Could note get the work order serial/batch items');
@@ -315,4 +318,4 @@
include('includes/footer.inc');
-?>
+?>
\ No newline at end of file
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-09-29 21:22:22 UTC (rev 3833)
+++ trunk/doc/Change.log.html 2010-09-29 21:28:30 UTC (rev 3834)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>29/09/10 Tim: WOSerialNos.php - SQL quoting corrections</p>
<p>29/09/10 Tim: WorkOrderStatus.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderReceive.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderIssue.php - SQL quoting corrections and layout changes and improvements</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 09:37:04
|
Revision: 3835
http://web-erp.svn.sourceforge.net/web-erp/?rev=3835&view=rev
Author: tim_schofield
Date: 2010-09-30 09:36:56 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
SQL quoting corrections and layout changes and improvements
Modified Paths:
--------------
trunk/WWW_Access.php
trunk/doc/Change.log.html
Modified: trunk/WWW_Access.php
===================================================================
--- trunk/WWW_Access.php 2010-09-29 21:28:30 UTC (rev 3834)
+++ trunk/WWW_Access.php 2010-09-30 09:36:56 UTC (rev 3835)
@@ -9,6 +9,9 @@
$title = _('Access Permission Maintenance');
include('includes/header.inc');
+echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/group_add.png" title="' .
+ _('Search') . '" alt="">' . ' ' . $title.'</p';
+
if (isset($_GET['SelectedRole'])){
$SelectedRole = $_GET['SelectedRole'];
} elseif (isset($_POST['SelectedRole'])){
@@ -27,14 +30,14 @@
$InputError = 1;
prnMsg(_('The role description entered must be at least 4 characters long'),'error');
}
-
+
// if $_POST['SecRoleName'] then it is a modifications on a SecRole
- // else it is either an add or remove of a page token
+ // else it is either an add or remove of a page token
unset($sql);
if (isset($_POST['SecRoleName']) ){ // Update or Add Security Headings
if(isset($SelectedRole)) { // Update Security Heading
- $sql = "UPDATE securityroles SET secrolename = '".$_POST['SecRoleName']."'
- WHERE secroleid = ".$SelectedRole;
+ $sql = "UPDATE securityroles SET secrolename = '".$_POST['SecRoleName']."'
+ WHERE secroleid = '".$SelectedRole . "'";
$ErrMsg = _('The update of the security role description failed because');
$ResMsg = _('The Security role description was updated.');
} else { // Add Security Heading
@@ -47,18 +50,18 @@
} elseif (isset($SelectedRole) ) {
$PageTokenId = $_GET['PageToken'];
if( isset($_GET['add']) ) { // updating Security Groups add a page token
- $sql = "INSERT INTO securitygroups (
- secroleid, tokenid
+ $sql = "INSERT INTO securitygroups (
+ secroleid, tokenid
) VALUES (
- ".$SelectedRole.",
- ".$PageTokenId."
+ '".$SelectedRole."',
+ '".$PageTokenId."'
)";
$ErrMsg = _('The addition of the page group access failed because');
$ResMsg = _('The page group access was added.');
} elseif ( isset($_GET['remove']) ) { // updating Security Groups remove a page token
- $sql = "DELETE FROM securitygroups
- WHERE secroleid = ".$SelectedRole."
- AND tokenid = ".$PageTokenId;
+ $sql = "DELETE FROM securitygroups
+ WHERE secroleid = '".$SelectedRole."'
+ AND tokenid = '".$PageTokenId . "'";
$ErrMsg = _('The removal of this page-group access failed because');
$ResMsg = _('This page-group access was removed.');
}
@@ -73,19 +76,19 @@
prnMsg( $ResMsg,'success');
}
}
-} elseif (isset($_GET['delete'])) {
+} elseif (isset($_GET['delete'])) {
//the Security heading wants to be deleted but some checks need to be performed fist
// PREVENT DELETES IF DEPENDENT RECORDS IN 'www_users'
- $sql= "SELECT COUNT(*) FROM www_users WHERE fullaccess=" . $_GET['SelectedRole'];
+ $sql= "SELECT COUNT(*) FROM www_users WHERE fullaccess='" . $_GET['SelectedRole'] . "'";
$result = DB_query($sql,$db);
$myrow = DB_fetch_row($result);
if ($myrow[0]>0) {
prnMsg( _('Cannot delete this role because user accounts are setup using it'),'warn');
echo '<br>' . _('There are') . ' ' . $myrow[0] . ' ' . _('user accounts that have this security role setting') . '</font>';
} else {
- $sql="DELETE FROM securitygroups WHERE secroleid=" . $_GET['SelectedRole'];
+ $sql="DELETE FROM securitygroups WHERE secroleid='" . $_GET['SelectedRole'] . "'";
$result = DB_query($sql,$db);
- $sql="DELETE FROM securityroles WHERE secroleid=" . $_GET['SelectedRole'];
+ $sql="DELETE FROM securityroles WHERE secroleid='" . $_GET['SelectedRole'] . "'";
$result = DB_query($sql,$db);
prnMsg( $_GET['SecRoleName'] . ' ' . _('security role has been deleted') . '!','success');
@@ -104,7 +107,7 @@
ORDER BY secroleid";
$result = DB_query($sql,$db);
- echo '<table border=1>';
+ echo '<table class=selection>';
echo "<tr><th>" . _('Role') . "</th></tr>";
$k=0; //row colour counter
@@ -137,7 +140,7 @@
if (isset($SelectedRole)) {
- echo "<div class='centre'><a href='" . $_SERVER['PHP_SELF'] ."?" . SID . "'>" . _('Review Existing Roles') . '</a></div>';
+ echo "<br /><div class='centre'><a href='" . $_SERVER['PHP_SELF'] ."?" . SID . "'>" . _('Review Existing Roles') . '</a></div>';
}
if (isset($SelectedRole)) {
@@ -161,23 +164,23 @@
if( isset($_POST['SelectedRole'])) {
echo "<input type=hidden name='SelectedRole' VALUE='" . $_POST['SelectedRole'] . "'>";
}
-echo '<table>';
+echo '<table class=selection>';
if (!isset($_POST['SecRoleName'])) {
$_POST['SecRoleName']='';
}
echo '<tr><td>' . _('Role') . ":</td>
<td><input type='text' name='SecRoleName' size=40 maxlength=40 VALUE='" . $_POST['SecRoleName'] . "'></tr>";
-echo "</table>
+echo "</table><br />
<div class='centre'><input type='Submit' name='submit' value='" . _('Enter Role') . "'></div></form>";
if (isset($SelectedRole)) {
- $sql = 'SELECT tokenid, tokenname
+ $sql = 'SELECT tokenid, tokenname
FROM securitytokens';
-
- $sqlUsed = "SELECT tokenid FROM securitygroups WHERE secroleid=". $SelectedRole;
-
+
+ $sqlUsed = "SELECT tokenid FROM securitygroups WHERE secroleid='". $SelectedRole . "'";
+
$Result = DB_query($sql, $db);
-
+
/*Make an array of the used tokens */
$UsedResult = DB_query($sqlUsed, $db);
$TokensUsed = array();
@@ -185,19 +188,19 @@
while ($myrow=DB_fetch_row($UsedResult)){
$TokensUsed[$i] =$myrow[0];
$i++;
- }
-
- echo '<table><tr>';
-
+ }
+
+ echo '<br /><table class=selection><tr>';
+
if (DB_num_rows($Result)>0 ) {
echo "<th colspan=3><div class='centre'>"._('Assigned Security Tokens')."</div></th>";
echo "<th colspan=3><div class='centre'>"._('Available Security Tokens')."</div></th>";
}
echo '</tr>';
-
+
$k=0; //row colour counter
while($AvailRow = DB_fetch_array($Result)) {
-
+
if ($k==1){
echo '<tr class="EvenTableRows">';
$k=0;
@@ -205,7 +208,7 @@
echo '<tr class="OddTableRows">';
$k=1;
}
-
+
if (in_array($AvailRow['tokenid'],$TokensUsed)){
printf("<td>%s</td><td>%s</td>
<td><a href=\"%s&SelectedRole=%s&remove=1&PageToken=%s\">" . _('Remove') . "</a></td><td> </td><td> </td><td> </td>",
@@ -213,7 +216,7 @@
$AvailRow['tokenname'],
$_SERVER['PHP_SELF'] . "?" . SID,
$SelectedRole,
- $AvailRow['tokenid']
+ $AvailRow['tokenid']
);
} else {
printf("<td> </td>
@@ -226,9 +229,9 @@
$AvailRow['tokenname'],
$_SERVER['PHP_SELF'] . "?" . SID,
$SelectedRole,
- $AvailRow['tokenid']
+ $AvailRow['tokenid']
);
- }
+ }
echo '</tr>';
}
echo '</table>';
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-09-29 21:28:30 UTC (rev 3834)
+++ trunk/doc/Change.log.html 2010-09-30 09:36:56 UTC (rev 3835)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>30/09/10 Tim: WWW_Access.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WOSerialNos.php - SQL quoting corrections</p>
<p>29/09/10 Tim: WorkOrderStatus.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WorkOrderReceive.php - SQL quoting corrections and layout changes and improvements</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 09:50:52
|
Revision: 3836
http://web-erp.svn.sourceforge.net/web-erp/?rev=3836&view=rev
Author: tim_schofield
Date: 2010-09-30 09:50:46 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
SQL quoting corrections and layout changes and improvements
Modified Paths:
--------------
trunk/WWW_Users.php
trunk/doc/Change.log.html
Modified: trunk/WWW_Users.php
===================================================================
--- trunk/WWW_Users.php 2010-09-30 09:36:56 UTC (rev 3835)
+++ trunk/WWW_Users.php 2010-09-30 09:50:46 UTC (rev 3836)
@@ -140,14 +140,14 @@
supplierid='" . $_POST['SupplierID'] . "',
salesman='" . $_POST['Salesman'] . "',
pagesize='" . $_POST['PageSize'] . "',
- fullaccess=" . $_POST['Access'] . ",
+ fullaccess='" . $_POST['Access'] . "',
theme='" . $_POST['Theme'] . "',
language ='" . $_POST['UserLanguage'] . "',
defaultlocation='" . $_POST['DefaultLocation'] ."',
modulesallowed='" . $ModulesAllowed . "',
- blocked=" . $_POST['Blocked'] . ",
- pdflanguage=" . $_POST['PDFLanguage'] . "
- WHERE userid = '$SelectedUser'";
+ blocked='" . $_POST['Blocked'] . "',
+ pdflanguage='" . $_POST['PDFLanguage'] . "'
+ WHERE userid = '". $SelectedUser . "'";
prnMsg( _('The selected user record has been updated'), 'success' );
} elseif ($InputError !=1) {
@@ -179,13 +179,13 @@
'" . $_POST['Phone'] . "',
'" . $_POST['Email'] ."',
'" . $_POST['PageSize'] ."',
- " . $_POST['Access'] . ",
+ '" . $_POST['Access'] . "',
'" . $_POST['DefaultLocation'] ."',
'" . $ModulesAllowed . "',
- " . $_SESSION['DefaultDisplayRecordsMax'] . ",
+ '" . $_SESSION['DefaultDisplayRecordsMax'] . "',
'" . $_POST['Theme'] . "',
'". $_POST['UserLanguage'] ."',
- " . $_POST['PDFLanguage'] . ")";
+ '" . $_POST['PDFLanguage'] . "')";
prnMsg( _('A new user record has been inserted'), 'success' );
}
@@ -230,7 +230,7 @@
prnMsg(_('Cannot delete user as entries already exist in the audit trail'), 'warn');
} else {
- $sql="DELETE FROM www_users WHERE userid='$SelectedUser'";
+ $sql="DELETE FROM www_users WHERE userid='" . $SelectedUser . "'";
$ErrMsg = _('The User could not be deleted because');;
$result = DB_query($sql,$db,$ErrMsg);
prnMsg(_('User Deleted'),'info');
@@ -261,7 +261,7 @@
FROM www_users';
$result = DB_query($sql,$db);
- echo '<table border=1>';
+ echo '<table class=selection>';
echo "<tr><th>" . _('User Login') . "</th>
<th>" . _('Full Name') . "</th>
<th>" . _('Telephone') . "</th>
@@ -388,12 +388,12 @@
echo "<input type='hidden' name='UserID' value='" . $_POST['UserID'] . "'>";
echo "<input type='hidden' name='ModulesAllowed' value='" . $_POST['ModulesAllowed'] . "'>";
- echo '<table> <tr><td>' . _('User code') . ':</td><td>';
+ echo '<table class=selection> <tr><td>' . _('User code') . ':</td><td>';
echo $_POST['UserID'] . '</td></tr>';
} else { //end of if $SelectedUser only do the else when a new record is being entered
- echo '<table><tr><td>' . _('User Login') . ":</td><td><input type='text' name='UserID' size=22 maxlength=20 ></td></tr>";
+ echo '<table class=selection><tr><td>' . _('User Login') . ":</td><td><input type='text' name='UserID' size=22 maxlength=20 ></td></tr>";
/*set the default modules to show to all
this had trapped a few people previously*/
@@ -648,4 +648,4 @@
echo '<script type="text/javascript">defaultControl(document.forms[0].UserID);</script>';
}
include('includes/footer.inc');
-?>
+?>
\ No newline at end of file
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-09-30 09:36:56 UTC (rev 3835)
+++ trunk/doc/Change.log.html 2010-09-30 09:50:46 UTC (rev 3836)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>30/09/10 Tim: WWW_Users.php - SQL quoting corrections and layout changes and improvements</p>
<p>30/09/10 Tim: WWW_Access.php - SQL quoting corrections and layout changes and improvements</p>
<p>29/09/10 Tim: WOSerialNos.php - SQL quoting corrections</p>
<p>29/09/10 Tim: WorkOrderStatus.php - SQL quoting corrections and layout changes and improvements</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:48:49
|
Revision: 3837
http://web-erp.svn.sourceforge.net/web-erp/?rev=3837&view=rev
Author: tim_schofield
Date: 2010-09-30 14:48:39 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/AccountGroups.php
trunk/AccountSections.php
trunk/includes/Login.php
trunk/includes/session.inc
Modified: trunk/AccountGroups.php
===================================================================
--- trunk/AccountGroups.php 2010-09-30 09:50:46 UTC (rev 3836)
+++ trunk/AccountGroups.php 2010-09-30 14:48:39 UTC (rev 3837)
@@ -277,7 +277,9 @@
if (! isset($_GET['delete'])) {
echo '<br><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+
if (isset($_GET['SelectedAccountGroup'])) {
//editing an existing account group
Modified: trunk/AccountSections.php
===================================================================
--- trunk/AccountSections.php 2010-09-30 09:50:46 UTC (rev 3836)
+++ trunk/AccountSections.php 2010-09-30 14:48:39 UTC (rev 3837)
@@ -215,6 +215,7 @@
if (! isset($_GET['delete'])) {
echo "<form method='post' name='AccountSections' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<br><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
if (isset($_GET['SelectedSectionID'])) {
//editing an existing section
Modified: trunk/includes/Login.php
===================================================================
--- trunk/includes/Login.php 2010-09-30 09:50:46 UTC (rev 3836)
+++ trunk/includes/Login.php 2010-09-30 14:48:39 UTC (rev 3837)
@@ -31,6 +31,7 @@
<div id="login_logo"></div>
<div id="login_box">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" name="loginform" method="post">
+ <input type="hidden" name="FormID" value="<?php echo $_SESSION['FormID']; ?>" />
<label><?php echo _('Company'); ?>:</label>
<?php
if ($AllowCompanySelectionBox == true){
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2010-09-30 09:50:46 UTC (rev 3836)
+++ trunk/includes/session.inc 2010-09-30 14:48:39 UTC (rev 3837)
@@ -62,6 +62,8 @@
$_GET[$key] = DB_escape_string($value);
}
}
+} else {
+ $_SESSION['FormID'] = sha1(uniqid(mt_rand(), true));
}
if (!isset($AllowAnyone)){ /* only do security checks if AllowAnyone is not true */
@@ -298,4 +300,14 @@
$Version = $_SESSION['VersionNumber'];
+if (sizeof($_POST) > 0) {
+ if (!isset($_POST['FormID']) or ($_POST['FormID'] != $_SESSION['FormID'])) {
+ $title = _('Error in form verificationm');
+ include('includes/header.inc');
+ prnMsg(_('This form was not submitted with a correct ID') , 'error');
+ include('includes/footer.inc');
+ exit;
+ }
+}
+
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:49:22
|
Revision: 3840
http://web-erp.svn.sourceforge.net/web-erp/?rev=3840&view=rev
Author: tim_schofield
Date: 2010-09-30 14:49:16 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/AccountSections.php
trunk/AddCustomerContacts.php
trunk/AddCustomerNotes.php
trunk/AddCustomerTypeNotes.php
Modified: trunk/AccountSections.php
===================================================================
--- trunk/AccountSections.php 2010-09-30 14:49:03 UTC (rev 3839)
+++ trunk/AccountSections.php 2010-09-30 14:49:16 UTC (rev 3840)
@@ -215,7 +215,7 @@
if (! isset($_GET['delete'])) {
echo "<form method='post' name='AccountSections' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
- echo '<br><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_GET['SelectedSectionID'])) {
//editing an existing section
Modified: trunk/AddCustomerContacts.php
===================================================================
--- trunk/AddCustomerContacts.php 2010-09-30 14:49:03 UTC (rev 3839)
+++ trunk/AddCustomerContacts.php 2010-09-30 14:49:16 UTC (rev 3840)
@@ -154,7 +154,7 @@
if (!isset($_GET['delete'])) {
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '&DebtorNo='.$DebtorNo.'">';
- echo '<br><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($Id)) {
//editing an existing Shipper
Modified: trunk/AddCustomerNotes.php
===================================================================
--- trunk/AddCustomerNotes.php 2010-09-30 14:49:03 UTC (rev 3839)
+++ trunk/AddCustomerNotes.php 2010-09-30 14:49:16 UTC (rev 3840)
@@ -147,7 +147,7 @@
if (!isset($_GET['delete'])) {
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '&DebtorNo='.$DebtorNo.'">';
- echo '<br><form method="post" id="AccountGroups" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($Id)) {
//editing an existing
Modified: trunk/AddCustomerTypeNotes.php
===================================================================
--- trunk/AddCustomerTypeNotes.php 2010-09-30 14:49:03 UTC (rev 3839)
+++ trunk/AddCustomerTypeNotes.php 2010-09-30 14:49:16 UTC (rev 3840)
@@ -36,19 +36,19 @@
$InputError = 1;
prnMsg( _("The contact's notes may not be empty"), 'error');
}
-
+
if ($Id AND $InputError !=1) {
-
- $sql = "UPDATE debtortypenotes SET
+
+ $sql = "UPDATE debtortypenotes SET
note='" . $_POST['note'] . "',
date='" . $_POST['date'] . "',
href='" . $_POST['href'] . "',
priority='" . $_POST['priority'] . "'
- WHERE typeid ='".$DebtorType."'
+ WHERE typeid ='".$DebtorType."'
AND noteid='".$Id."'";
$msg = _('Customer Group Notes') . ' ' . $DebtorType . ' ' . _('has been updated');
} elseif ($InputError !=1) {
-
+
$sql = "INSERT INTO debtortypenotes (typeid,href,note,date,priority)
VALUES (
'" . $DebtorType. "',
@@ -59,7 +59,7 @@
)";
$msg = _('The contact group notes record has been added');
}
-
+
if ($InputError !=1) {
$result = DB_query($sql,$db);
//echo '<br>'.$sql;
@@ -74,7 +74,7 @@
//the link to delete a selected record was clicked instead of the submit button
// PREVENT DELETES IF DEPENDENT RECORDS IN 'SalesOrders'
-
+
$sql="DELETE FROM debtortypenotes WHERE noteid='".$Id."'
and typeid='".$DebtorType."'";
$result = DB_query($sql,$db);
@@ -84,16 +84,16 @@
prnMsg( _('The contact group note record has been deleted'), 'success');
unset($Id);
unset($_GET['delete']);
-
+
}
-
+
if (!isset($Id)) {
$SQLname='SELECT * from debtortype where typeid="'.$DebtorType.'"';
$Result = DB_query($SQLname,$db);
$row = DB_fetch_array($Result);
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/customer.png" title="' . _('Search') . '" alt="">' . _('Notes for Customer Type: <b>') .$row['typename'].'<br>';
-
+
$sql = "SELECT * FROM debtortypenotes where typeid='".$DebtorType."' ORDER BY date DESC";
$result = DB_query($sql,$db);
//echo '<br>'.$sql;
@@ -104,7 +104,7 @@
<th>' . _('Note') . '</th>
<th>' . _('href') . '</th>
<th>' . _('Priority') . '</th>';
-
+
$k=0; //row colour counter
while ($myrow = DB_fetch_array($result)) {
@@ -125,13 +125,13 @@
$myrow[3],
$myrow[2],
$myrow[5],
- $_SERVER['PHP_SELF'] . "?" . SID,
- $myrow[0],
- $myrow[1],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . "?" . SID,
$myrow[0],
+ $myrow[1],
+ $_SERVER['PHP_SELF'] . "?" . SID,
+ $myrow[0],
$myrow[1]);
-
+
}
//END WHILE LIST LOOP
echo '</table>';
@@ -145,7 +145,8 @@
if (!isset($_GET['delete'])) {
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '&DebtorType='.$DebtorType.'">';
-
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+
if (isset($Id)) {
//editing an existing
@@ -156,7 +157,7 @@
//echo '<br>'.$sql;
$myrow = DB_fetch_array($result);
-
+
$_POST['noteid'] = $myrow['noteid'];
$_POST['note'] = $myrow['note'];
$_POST['href'] = $myrow['href'];
@@ -181,7 +182,7 @@
echo '<td><textarea name="note">'. $_POST['note'].'</textarea></td></tr>';
echo '<tr><td>'. _('Web site').':</td>';
echo '<td><input type="text" name="href" value="'. $_POST['href'].'" size=35 maxlength=100></td></tr>
- <tr><td>'. _('Date').':</td>';
+ <tr><td>'. _('Date').':</td>';
echo '<td><input type="text" name="date" class=date alt="'.$_SESSION['DefaultDateFormat'].'" value="'. $_POST['date'].
'" size=10 maxlength=10></td></tr>';
echo '<tr><td>'. _('Priority').':</td>';
@@ -190,8 +191,8 @@
echo '<br><div class="centre"><input type="Submit" name="submit" value="'. _('Enter Information').'"></div>';
echo '</form>';
-
-} //end if record deleted no point displaying form to add record
+} //end if record deleted no point displaying form to add record
+
include('includes/footer.inc');
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:53:39
|
Revision: 3865
http://web-erp.svn.sourceforge.net/web-erp/?rev=3865&view=rev
Author: tim_schofield
Date: 2010-09-30 14:53:28 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/CustEDISetup.php
trunk/CustLoginSetup.php
Modified: trunk/CustEDISetup.php
===================================================================
--- trunk/CustEDISetup.php 2010-09-30 14:53:18 UTC (rev 3864)
+++ trunk/CustEDISetup.php 2010-09-30 14:53:28 UTC (rev 3865)
@@ -76,6 +76,7 @@
}
echo "<form method='post' action='" . $_SERVER['PHP_SELF'] . '?' . SID ."'>";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br><table class=selection>';
$sql = "SELECT debtorno,
Modified: trunk/CustLoginSetup.php
===================================================================
--- trunk/CustLoginSetup.php 2010-09-30 14:53:18 UTC (rev 3864)
+++ trunk/CustLoginSetup.php 2010-09-30 14:53:28 UTC (rev 3865)
@@ -338,6 +338,7 @@
}
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . "?" . SID . ">";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedUser)) {
//editing an existing User
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:54:07
|
Revision: 3868
http://web-erp.svn.sourceforge.net/web-erp/?rev=3868&view=rev
Author: tim_schofield
Date: 2010-09-30 14:53:59 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/CustomerInquiry.php
trunk/CustomerReceipt.php
Modified: trunk/CustomerInquiry.php
===================================================================
--- trunk/CustomerInquiry.php 2010-09-30 14:53:47 UTC (rev 3867)
+++ trunk/CustomerInquiry.php 2010-09-30 14:53:59 UTC (rev 3868)
@@ -147,6 +147,7 @@
</table>';
echo "<br><div class='centre'><form action='" . $_SERVER['PHP_SELF'] . "' method=post>";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo _('Show all transactions after') . ": <input tabindex=1 type=text class='date' alt='".$_SESSION['DefaultDateFormat']."' id='datepicker' name='TransAfterDate' Value='" . $_POST['TransAfterDate'] . "' MAXLENGTH =10 size=12>" .
" <input tabindex=2 type=submit name='Refresh Inquiry' value='" . _('Refresh Inquiry') . "'></div></form><br>";
Modified: trunk/CustomerReceipt.php
===================================================================
--- trunk/CustomerReceipt.php 2010-09-30 14:53:47 UTC (rev 3867)
+++ trunk/CustomerReceipt.php 2010-09-30 14:53:59 UTC (rev 3868)
@@ -684,6 +684,7 @@
echo '<form action=' . $_SERVER['PHP_SELF'] . ' method=post name=form1>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/*show the batch header details and the entries in the batch so far */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:56:44
|
Revision: 3883
http://web-erp.svn.sourceforge.net/web-erp/?rev=3883&view=rev
Author: tim_schofield
Date: 2010-09-30 14:56:34 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/FixedAssetCategories.php
trunk/FixedAssetItems.php
Modified: trunk/FixedAssetCategories.php
===================================================================
--- trunk/FixedAssetCategories.php 2010-09-30 14:56:22 UTC (rev 3882)
+++ trunk/FixedAssetCategories.php 2010-09-30 14:56:34 UTC (rev 3883)
@@ -220,6 +220,7 @@
}
echo '<form name="CategoryForm" method="post" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCategory) and !isset($_POST['submit'])) {
//editing an existing stock category
Modified: trunk/FixedAssetItems.php
===================================================================
--- trunk/FixedAssetItems.php 2010-09-30 14:56:22 UTC (rev 3882)
+++ trunk/FixedAssetItems.php 2010-09-30 14:56:34 UTC (rev 3883)
@@ -590,6 +590,7 @@
echo '<form name="ItemForm" enctype="multipart/form-data" method="post" action="' . $_SERVER['PHP_SELF'] . '?' .SID .
'"><table class=selection>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($StockID) or $StockID=='') {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:59:05
|
Revision: 3897
http://web-erp.svn.sourceforge.net/web-erp/?rev=3897&view=rev
Author: tim_schofield
Date: 2010-09-30 14:58:59 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/GLJournal.php
trunk/GLProfit_Loss.php
Modified: trunk/GLJournal.php
===================================================================
--- trunk/GLJournal.php 2010-09-30 14:58:47 UTC (rev 3896)
+++ trunk/GLJournal.php 2010-09-30 14:58:59 UTC (rev 3897)
@@ -233,6 +233,7 @@
*/
echo '<form action=' . $_SERVER['PHP_SELF'] . '?' . SID . ' method=post name="form">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="">' . ' ' . $title;
Modified: trunk/GLProfit_Loss.php
===================================================================
--- trunk/GLProfit_Loss.php 2010-09-30 14:58:47 UTC (rev 3896)
+++ trunk/GLProfit_Loss.php 2010-09-30 14:58:59 UTC (rev 3897)
@@ -24,6 +24,7 @@
. _('The P&L represents a period of time. This contrasts with the Balance Sheet, which represents a single moment in time.') . '<br>'
. _('webERP is an "accrual" based system (not a "cash based" system). Accrual systems include items when they are invoiced to the customer, and when expenses are owed based on the supplier invoice date.') . '</div>';
echo "<form method='POST' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (Date('m') > $_SESSION['YearEnd']){
/*Dates in SQL format */
@@ -529,6 +530,7 @@
include('includes/header.inc');
echo "<form method='POST' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo "<input type=hidden name='FromPeriod' VALUE=" . $_POST['FromPeriod'] . "><input type=hidden name='ToPeriod' VALUE=" . $_POST['ToPeriod'] . '>';
$NumberOfMonths = $_POST['ToPeriod'] - $_POST['FromPeriod'] + 1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 14:59:36
|
Revision: 3900
http://web-erp.svn.sourceforge.net/web-erp/?rev=3900&view=rev
Author: tim_schofield
Date: 2010-09-30 14:59:30 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/GLTrialBalance.php
trunk/GoodsReceived.php
Modified: trunk/GLTrialBalance.php
===================================================================
--- trunk/GLTrialBalance.php 2010-09-30 14:59:19 UTC (rev 3899)
+++ trunk/GLTrialBalance.php 2010-09-30 14:59:30 UTC (rev 3900)
@@ -27,6 +27,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' .
_('Trial Balance') . '" alt="">' . ' ' . $title . '</div>';
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (Date('m') > $_SESSION['YearEnd']){
/*Dates in SQL format */
@@ -383,6 +384,7 @@
include('includes/header.inc');
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type=hidden name="FromPeriod" VALUE="' . $_POST['FromPeriod'] . '"><input type=hidden name="ToPeriod" VALUE="' . $_POST['ToPeriod'] . '">';
$NumberOfMonths = $_POST['ToPeriod'] - $_POST['FromPeriod'] + 1;
Modified: trunk/GoodsReceived.php
===================================================================
--- trunk/GoodsReceived.php 2010-09-30 14:59:19 UTC (rev 3899)
+++ trunk/GoodsReceived.php 2010-09-30 14:59:30 UTC (rev 3900)
@@ -65,6 +65,7 @@
echo ' : '. $_SESSION['PO']->OrderNo .' '. _('from'). ' ' . $_SESSION['PO']->SupplierName . ' </u></b></font></div>';
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['ProcessGoodsReceived'])) {
if (!isset($_POST['DefaultReceivedDate'])){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:06:00
|
Revision: 3916
http://web-erp.svn.sourceforge.net/web-erp/?rev=3916&view=rev
Author: tim_schofield
Date: 2010-09-30 15:05:47 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/MRPShortages.php
trunk/OffersReceived.php
Modified: trunk/MRPShortages.php
===================================================================
--- trunk/MRPShortages.php 2010-09-30 15:04:40 UTC (rev 3915)
+++ trunk/MRPShortages.php 2010-09-30 15:05:47 UTC (rev 3916)
@@ -249,6 +249,7 @@
. _('Stock') . '" alt="">' . ' ' . $title . '</p>';
echo '<form action=' . $_SERVER['PHP_SELF'] . " method='post'>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo "<table class=selection>";
echo '<tr><td>' . _('Sort') . ":</td><td><select name='Sort'>";
echo "<option selected value='extcost'>" . _('Extended Shortage Dollars')."</option>";
Modified: trunk/OffersReceived.php
===================================================================
--- trunk/OffersReceived.php 2010-09-30 15:04:40 UTC (rev 3915)
+++ trunk/OffersReceived.php 2010-09-30 15:05:47 UTC (rev 3916)
@@ -41,6 +41,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' .
_('Select Supplier') . '" alt="">' . ' ' . _('Select Supplier') . '</p>';
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class=selection>';
echo '<tr><td>'._('Select Supplier').'</td>';
echo '<td><select name=supplierid>';
@@ -81,6 +82,7 @@
$result=DB_query($sql, $db);
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' .
_('Supplier Offers') . '" alt="">' . ' ' . _('Supplier Offers') . '</p>';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:06:36
|
Revision: 3917
http://web-erp.svn.sourceforge.net/web-erp/?rev=3917&view=rev
Author: tim_schofield
Date: 2010-09-30 15:06:25 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/OutstandingGRNs.php
trunk/PaymentMethods.php
trunk/Payments.php
Modified: trunk/OutstandingGRNs.php
===================================================================
--- trunk/OutstandingGRNs.php 2010-09-30 15:05:47 UTC (rev 3916)
+++ trunk/OutstandingGRNs.php 2010-09-30 15:06:25 UTC (rev 3917)
@@ -175,6 +175,7 @@
'" alt="">' . ' ' . $title . '</p>';
echo '<form action=' . $_SERVER['PHP_SELF'] . " method='POST'><table class=selection>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('From Supplier Code') . ":</td>
<td><input type=text name='FromCriteria' value='0'></td></tr>";
Modified: trunk/PaymentMethods.php
===================================================================
--- trunk/PaymentMethods.php 2010-09-30 15:05:47 UTC (rev 3916)
+++ trunk/PaymentMethods.php 2010-09-30 15:06:25 UTC (rev 3917)
@@ -220,6 +220,7 @@
if (! isset($_GET['delete'])) {
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedPaymentID)) {
//editing an existing section
Modified: trunk/Payments.php
===================================================================
--- trunk/Payments.php 2010-09-30 15:05:47 UTC (rev 3916)
+++ trunk/Payments.php 2010-09-30 15:06:25 UTC (rev 3917)
@@ -244,6 +244,7 @@
echo '<br><a href="' . $rootpath . '/PrintCheque.php?' . SID . '&ChequeNum=' . $_POST['ChequeNum'] . '">' . _('Print Cheque using pre-printed stationery') . '</a><br><br>';
echo '<form method=post action="' . $_SERVER['PHP_SELF'] . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo _('Has the cheque been printed') . '?<br><br>';
echo '<input type="hidden" name="CommitBatch" VALUE="' . $_POST['CommitBatch'] . '">';
echo '<input type="submit" name="ChequePrinted" VALUE="' . _('Yes / Continue') . '"> ';
@@ -681,6 +682,7 @@
echo '<form action=' . $_SERVER['PHP_SELF'] . '?' . SID . ' method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
// Note this is duplicated
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:09:50
|
Revision: 3922
http://web-erp.svn.sourceforge.net/web-erp/?rev=3922&view=rev
Author: tim_schofield
Date: 2010-09-30 15:09:44 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/PcExpenses.php
trunk/PcExpensesTypeTab.php
trunk/PcReportTab.php
Modified: trunk/PcExpenses.php
===================================================================
--- trunk/PcExpenses.php 2010-09-30 15:09:21 UTC (rev 3921)
+++ trunk/PcExpenses.php 2010-09-30 15:09:44 UTC (rev 3922)
@@ -117,7 +117,7 @@
} else {
- $sql="DELETE FROM pcexpenses
+ $sql="DELETE FROM pcexpenses
WHERE codeexpense='$SelectedExpense'";
$ErrMsg = _('The expense type record could not be deleted because');
$result = DB_query($sql,$db,$ErrMsg);
@@ -125,8 +125,8 @@
unset ($SelectedExpense);
unset($_GET['delete']);
-
- } //end if tab type used in transactions
+
+ } //end if tab type used in transactions
}
if (!isset($SelectedExpense)){
@@ -136,7 +136,7 @@
links to delete or edit each. These will call the same page again and allow update/input
or deletion of the records*/
- $sql = 'SELECT *
+ $sql = 'SELECT *
FROM pcexpenses';
$result = DB_query($sql,$db);
@@ -158,11 +158,11 @@
echo '<tr class="OddTableRows">';
$k=1;
}
-
- $sqldesc="SELECT accountname
- FROM chartmaster
+
+ $sqldesc="SELECT accountname
+ FROM chartmaster
WHERE accountcode='". $myrow[2] . "'";
-
+
$ResultDes = DB_query($sqldesc,$db);
$Description=DB_fetch_array($ResultDes);
@@ -192,6 +192,7 @@
if (! isset($_GET['delete'])) {
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table border=1>'; //Main table
echo '<td><table>'; // First column
@@ -238,9 +239,9 @@
echo '<tr><td>' . _('Account Code') . ":</td><td><select name='glaccount'>";
DB_free_result($result);
- $SQL = "SELECT accountcode,
+ $SQL = "SELECT accountcode,
accountname
- FROM chartmaster
+ FROM chartmaster
ORDER BY accountcode";
$result = DB_query($SQL,$db);
@@ -251,11 +252,11 @@
echo "<option VALUE='";
}
echo $myrow['accountcode'] . "'>" . $myrow['accountcode'] . ' - ' . $myrow['accountname'];
-
- } //end while loop
-
+
+ } //end while loop
+
echo '</select></td></tr>';
-
+
echo '</table>'; // close table in first column
echo '</td></tr></table>'; // close main table
Modified: trunk/PcExpensesTypeTab.php
===================================================================
--- trunk/PcExpensesTypeTab.php 2010-09-30 15:09:21 UTC (rev 3921)
+++ trunk/PcExpensesTypeTab.php 2010-09-30 15:09:44 UTC (rev 3922)
@@ -91,8 +91,9 @@
links to delete or edit each. These will call the same page again and allow update/input
or deletion of the records*/
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
- echo '<p><table border=1>'; //Main table
- echo '<td><table>'; // First column
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+echo '<p><table border=1>'; //Main table
+echo '<td><table>'; // First column
echo '<tr><td>' . _('Select Type of Tab') . ":</td><td><select name='SelectedTabs'>";
@@ -171,6 +172,7 @@
if (! isset($_GET['delete'])) {
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table border=1>'; //Main table
echo '<td><table>'; // First column
Modified: trunk/PcReportTab.php
===================================================================
--- trunk/PcReportTab.php 2010-09-30 15:09:21 UTC (rev 3921)
+++ trunk/PcReportTab.php 2010-09-30 15:09:44 UTC (rev 3922)
@@ -19,6 +19,7 @@
include ('includes/header.inc');
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['FromDate'])){
$_POST['FromDate']=Date($_SESSION['DefaultDateFormat'], mktime(0,0,0,Date('m'),1,Date('Y')));
@@ -252,6 +253,7 @@
$SQL_ToDate = FormatDateForSQL($_POST['ToDate']);
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type=hidden name="FromDate" VALUE="' . $_POST['FromDate'] . '"><input type=hidden name="ToDate" VALUE="' . $_POST['ToDate'] . '">';
$SqlTabs = "SELECT * FROM pctabs
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:19:12
|
Revision: 3942
http://web-erp.svn.sourceforge.net/web-erp/?rev=3942&view=rev
Author: tim_schofield
Date: 2010-09-30 15:19:03 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/PO_AuthoriseMyOrders.php
trunk/PO_Header.php
Modified: trunk/PO_AuthoriseMyOrders.php
===================================================================
--- trunk/PO_AuthoriseMyOrders.php 2010-09-30 15:18:41 UTC (rev 3941)
+++ trunk/PO_AuthoriseMyOrders.php 2010-09-30 15:19:03 UTC (rev 3942)
@@ -48,6 +48,7 @@
$result=DB_query($sql, $db);
echo '<form method=post action="' . $_SERVER['PHP_SELF'] . '">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class=selection><tr>';
/* Create the table for the purchase order header */
Modified: trunk/PO_Header.php
===================================================================
--- trunk/PO_Header.php 2010-09-30 15:18:41 UTC (rev 3941)
+++ trunk/PO_Header.php 2010-09-30 15:19:03 UTC (rev 3942)
@@ -618,6 +618,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' .
_('Purchase Order') . '" alt="">' . ' ' . _('Purchase Order: Select Supplier') . '';
echo "<form action='" . $_SERVER['PHP_SELF'] . '?' . SID . "identifier=".$identifier."' method=post name='choosesupplier'>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (strlen($msg)>1){
prnMsg($msg,'warn');
}
@@ -688,6 +689,7 @@
/* everything below here only do if a supplier is selected */
echo "<form name='form1' action='" . $_SERVER['PHP_SELF'] . '?' . SID . "identifier=".$identifier. "' method=post>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
// Be careful not made confused by orderno and realorderno
// $orderno = previous_id("purchorders","orderno");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:19:43
|
Revision: 3944
http://web-erp.svn.sourceforge.net/web-erp/?rev=3944&view=rev
Author: tim_schofield
Date: 2010-09-30 15:19:37 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/PO_PDFPurchOrder.php
trunk/PO_SelectOSPurchOrder.php
trunk/PO_SelectPurchOrder.php
Modified: trunk/PO_PDFPurchOrder.php
===================================================================
--- trunk/PO_PDFPurchOrder.php 2010-09-30 15:19:18 UTC (rev 3943)
+++ trunk/PO_PDFPurchOrder.php 2010-09-30 15:19:37 UTC (rev 3944)
@@ -339,6 +339,7 @@
else { /*the user has just gone into the page need to ask the question whether to print the order or email it to the supplier */
include ('includes/header.inc');
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if ($ViewingOnly==1){
echo '<input type=hidden name="ViewingOnly" VALUE=1>';
}
Modified: trunk/PO_SelectOSPurchOrder.php
===================================================================
--- trunk/PO_SelectOSPurchOrder.php 2010-09-30 15:19:18 UTC (rev 3943)
+++ trunk/PO_SelectOSPurchOrder.php 2010-09-30 15:19:37 UTC (rev 3944)
@@ -33,6 +33,7 @@
}
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_POST['ResetPart'])){
Modified: trunk/PO_SelectPurchOrder.php
===================================================================
--- trunk/PO_SelectPurchOrder.php 2010-09-30 15:19:18 UTC (rev 3943)
+++ trunk/PO_SelectPurchOrder.php 2010-09-30 15:19:37 UTC (rev 3944)
@@ -21,6 +21,7 @@
$SelectedSupplier = $_POST['SelectedSupplier'];
}
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_POST['ResetPart'])) {
unset($SelectedStockItem);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:22:02
|
Revision: 3951
http://web-erp.svn.sourceforge.net/web-erp/?rev=3951&view=rev
Author: tim_schofield
Date: 2010-09-30 15:21:56 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/PrintCustTrans.php
trunk/PrintCustTransPortrait.php
Modified: trunk/PrintCustTrans.php
===================================================================
--- trunk/PrintCustTrans.php 2010-09-30 15:21:32 UTC (rev 3950)
+++ trunk/PrintCustTrans.php 2010-09-30 15:21:56 UTC (rev 3951)
@@ -456,6 +456,7 @@
if (!isset($FromTransNo) OR $FromTransNo == '') {
/* if FromTransNo is not set then show a form to allow input of either a single invoice number or a range of invoices to be printed. Also get the last invoice number created to show the user where the current range is up to */
echo "<form action='" . $_SERVER['PHP_SELF'] . '?' . SID . "' method='POST'><table class='selection'>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<div class="centre"><p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/printer.png" title="' . _('Print') . '" alt="">' . ' ' . _('Print Invoices or Credit Notes (Landscape Mode)') . '</div>';
echo '<tr><td>' . _('Print Invoices or Credit Notes') . '</td><td><select name=InvOrCredit>';
if ($InvOrCredit == 'Invoice' OR !isset($InvOrCredit)) {
Modified: trunk/PrintCustTransPortrait.php
===================================================================
--- trunk/PrintCustTransPortrait.php 2010-09-30 15:21:32 UTC (rev 3950)
+++ trunk/PrintCustTransPortrait.php 2010-09-30 15:21:56 UTC (rev 3951)
@@ -597,6 +597,7 @@
/*if FromTransNo is not set then show a form to allow input of either a single invoice number or a range of invoices to be printed. Also get the last invoice number created to show the user where the current range is up to */
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method="POST"><table class="selection">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<div class="centre"><p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/printer.png" title="' . _('Print') . '" alt="">' . ' ' . _('Print Invoices or Credit Notes (Portrait Mode)') . '</div>';
echo '<tr><td>' . _('Print Invoices or Credit Notes') . '</td><td><select name=InvOrCredit>';
if ($InvOrCredit=='Invoice' OR !isset($InvOrCredit)){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:27:50
|
Revision: 3970
http://web-erp.svn.sourceforge.net/web-erp/?rev=3970&view=rev
Author: tim_schofield
Date: 2010-09-30 15:27:43 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/SelectGLAccount.php
trunk/SelectOrderItems.php
Modified: trunk/SelectGLAccount.php
===================================================================
--- trunk/SelectGLAccount.php 2010-09-30 15:27:12 UTC (rev 3969)
+++ trunk/SelectGLAccount.php 2010-09-30 15:27:43 UTC (rev 3970)
@@ -79,6 +79,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') .
'" alt="">' . ' ' . _('Search for General Ledger Accounts') . '</p>';
echo "<br><form action='" . $_SERVER['PHP_SELF'] . '?' . SID . "' method=post>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if(strlen($msg)>1){
prnMsg($msg,'info');
Modified: trunk/SelectOrderItems.php
===================================================================
--- trunk/SelectOrderItems.php 2010-09-30 15:27:12 UTC (rev 3969)
+++ trunk/SelectOrderItems.php 2010-09-30 15:27:43 UTC (rev 3970)
@@ -607,6 +607,9 @@
echo '<div class="page_help_text">' . _('Orders/Quotations are placed against the Customer Branch. A Customer may have several Branches.') . '</div>';
?>
<form action="<?php echo $_SERVER['PHP_SELF'] . '?' .SID .'identifier='.$identifier;?>" name="SelectCustomer" method=post>
+<?php
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+?>
<b><?php echo '<p>' . $msg; ?></p>
<table cellpadding=3 colspan=4 class=selection>
<tr>
@@ -650,6 +653,7 @@
$k=1;
}
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID .'identifier='.$identifier . '"& name="SelectParts" method=post>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if ($LastCustomer != $myrow['name']) {
echo '<td>'.$myrow['name'].'</td>';
} else {
@@ -874,6 +878,7 @@
#Always do the stuff below if not looking for a customerid
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID .'identifier='.$identifier . '"& name="SelectParts" method=post>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
//Get The exchange rate used for GPPercent calculations on adding or amending items
if ($_SESSION['Items'.$identifier]->DefaultCurrency != $_SESSION['CompanyRecord']['currencydefault']){
@@ -1514,6 +1519,7 @@
if (isset($SearchResult)) {
$j = 1;
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID .'identifier='.$identifier . ' method=post name="orderform">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="table1">';
echo '<tr><td colspan=><input type="hidden" name="previous" value='.number_format($Offset-1).'><input tabindex='.number_format($j+7).' type="submit" name="Prev" value="'._('Prev').'"></td>';
echo '<td style="text-align:center" colspan=6><input type="hidden" name="order_items" value=1><input tabindex='.number_format($j+8).' type="submit" value="'._('Add to Sales Order').'"></td>';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:30:31
|
Revision: 3975
http://web-erp.svn.sourceforge.net/web-erp/?rev=3975&view=rev
Author: tim_schofield
Date: 2010-09-30 15:30:20 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/SelectWorkOrder.php
trunk/ShipmentCosting.php
Modified: trunk/SelectWorkOrder.php
===================================================================
--- trunk/SelectWorkOrder.php 2010-09-30 15:29:21 UTC (rev 3974)
+++ trunk/SelectWorkOrder.php 2010-09-30 15:30:20 UTC (rev 3975)
@@ -10,6 +10,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') . '" alt="">' . ' ' . $title;
echo '<form action=' . $_SERVER['PHP_SELF'] .'?' .SID . ' method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_POST['ResetPart'])){
Modified: trunk/ShipmentCosting.php
===================================================================
--- trunk/ShipmentCosting.php 2010-09-30 15:29:21 UTC (rev 3974)
+++ trunk/ShipmentCosting.php 2010-09-30 15:30:20 UTC (rev 3975)
@@ -613,7 +613,8 @@
if ( isset($_GET['Close'])) { /* Only an opportunity to confirm user wishes to close */
// if the page was called with Close=Yes then show options to confirm OK to c
- echo '<hr><div class+"centre"><form method="POST" action="' . $_SERVER['PHP_SELF'] .'?' . SID .'&SelectedShipment=' . $_GET['SelectedShipment'] . '">';
+ echo '<div class+"centre"><form method="POST" action="' . $_SERVER['PHP_SELF'] .'?' . SID .'&SelectedShipment=' . $_GET['SelectedShipment'] . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if ($_SESSION['WeightedAverageCosting']==0){
/* We are standard costing - so show the option to update costs - under W. Avg cost updates are implicit */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:31:14
|
Revision: 3976
http://web-erp.svn.sourceforge.net/web-erp/?rev=3976&view=rev
Author: tim_schofield
Date: 2010-09-30 15:31:04 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/Shipments.php
trunk/Shippers.php
Modified: trunk/Shipments.php
===================================================================
--- trunk/Shipments.php 2010-09-30 15:30:20 UTC (rev 3975)
+++ trunk/Shipments.php 2010-09-30 15:31:04 UTC (rev 3976)
@@ -289,6 +289,7 @@
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method="POST">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class=selection><tr><td><b>'. _('Shipment').': </td><td><b>' . $_SESSION['Shipment']->ShiptRef . '</b></td>
<td><b>'. _('From'). ' ' . $_SESSION['Shipment']->SupplierName . '</b></td></tr>';
Modified: trunk/Shippers.php
===================================================================
--- trunk/Shippers.php 2010-09-30 15:30:20 UTC (rev 3975)
+++ trunk/Shippers.php 2010-09-30 15:31:04 UTC (rev 3976)
@@ -164,6 +164,7 @@
if (!isset($_GET['delete'])) {
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '">';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedShipper)) {
//editing an existing Shipper
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:34:10
|
Revision: 3986
http://web-erp.svn.sourceforge.net/web-erp/?rev=3986&view=rev
Author: tim_schofield
Date: 2010-09-30 15:34:03 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/StockLocMovements.php
trunk/StockLocStatus.php
Modified: trunk/StockLocMovements.php
===================================================================
--- trunk/StockLocMovements.php 2010-09-30 15:33:30 UTC (rev 3985)
+++ trunk/StockLocMovements.php 2010-09-30 15:34:03 UTC (rev 3986)
@@ -10,6 +10,7 @@
include('includes/header.inc');
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/magnifier.png" title="' . _('Search') .
'" alt="">' . ' ' . $title.'</p>';
Modified: trunk/StockLocStatus.php
===================================================================
--- trunk/StockLocStatus.php 2010-09-30 15:33:30 UTC (rev 3985)
+++ trunk/StockLocStatus.php 2010-09-30 15:34:03 UTC (rev 3986)
@@ -17,6 +17,7 @@
echo '<form action="' . $_SERVER['PHP_SELF'] . '?'. SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
$sql = "SELECT loccode,
locationname
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 15:42:28
|
Revision: 3995
http://web-erp.svn.sourceforge.net/web-erp/?rev=3995&view=rev
Author: tim_schofield
Date: 2010-09-30 15:42:22 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/StockTransfers.php
trunk/StockUsage.php
Modified: trunk/StockTransfers.php
===================================================================
--- trunk/StockTransfers.php 2010-09-30 15:41:05 UTC (rev 3994)
+++ trunk/StockTransfers.php 2010-09-30 15:42:22 UTC (rev 3995)
@@ -417,6 +417,7 @@
'" alt="">' . ' ' . $title . '';
echo '<form action="'. $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
//echo '<table>
// <tr>
Modified: trunk/StockUsage.php
===================================================================
--- trunk/StockUsage.php 2010-09-30 15:41:05 UTC (rev 3994)
+++ trunk/StockUsage.php 2010-09-30 15:42:22 UTC (rev 3995)
@@ -55,6 +55,7 @@
}
echo "<form action='" . $_SERVER['PHP_SELF'] . '?'. SID ."' method=post><tr><td>";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo _('Stock Code') . ":<input type=text name='StockID' size=21 maxlength=20 value='$StockID' >";
echo _('From Stock Location') . ":<select name='StockLocation'>";
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 16:03:46
|
Revision: 4009
http://web-erp.svn.sourceforge.net/web-erp/?rev=4009&view=rev
Author: tim_schofield
Date: 2010-09-30 16:03:36 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/SuppLoginSetup.php
trunk/SuppPaymentRun.php
Modified: trunk/SuppLoginSetup.php
===================================================================
--- trunk/SuppLoginSetup.php 2010-09-30 16:01:45 UTC (rev 4008)
+++ trunk/SuppLoginSetup.php 2010-09-30 16:03:36 UTC (rev 4009)
@@ -285,6 +285,7 @@
}
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . "?" . SID . ">";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedUser)) {
//editing an existing User
Modified: trunk/SuppPaymentRun.php
===================================================================
--- trunk/SuppPaymentRun.php 2010-09-30 16:01:45 UTC (rev 4008)
+++ trunk/SuppPaymentRun.php 2010-09-30 16:03:36 UTC (rev 4009)
@@ -244,6 +244,7 @@
/* show form to allow input */
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method="POST"><table class=selection>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['FromCriteria']) or strlen($_POST['FromCriteria'])<1){
$DefaultFromCriteria = '1';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 16:05:28
|
Revision: 4011
http://web-erp.svn.sourceforge.net/web-erp/?rev=4011&view=rev
Author: tim_schofield
Date: 2010-09-30 16:05:22 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/SuppShiptChgs.php
trunk/SuppTransGLAnalysis.php
Modified: trunk/SuppShiptChgs.php
===================================================================
--- trunk/SuppShiptChgs.php 2010-09-30 16:04:53 UTC (rev 4010)
+++ trunk/SuppShiptChgs.php 2010-09-30 16:05:22 UTC (rev 4011)
@@ -95,6 +95,7 @@
/*Set up a form to allow input of new Shipment charges */
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method="post">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['ShiptRef'])) {
$_POST['ShiptRef']='';
Modified: trunk/SuppTransGLAnalysis.php
===================================================================
--- trunk/SuppTransGLAnalysis.php 2010-09-30 16:04:53 UTC (rev 4010)
+++ trunk/SuppTransGLAnalysis.php 2010-09-30 16:05:22 UTC (rev 4011)
@@ -129,6 +129,7 @@
/*Set up a form to allow input of new GL entries */
echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method="post">';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><table class=selection>';
if (!isset($_POST['GLCode'])) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2010-09-30 16:07:08
|
Revision: 4013
http://web-erp.svn.sourceforge.net/web-erp/?rev=4013&view=rev
Author: tim_schofield
Date: 2010-09-30 16:07:02 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/Tax.php
trunk/TaxAuthorities.php
Modified: trunk/Tax.php
===================================================================
--- trunk/Tax.php 2010-09-30 16:06:07 UTC (rev 4012)
+++ trunk/Tax.php 2010-09-30 16:07:02 UTC (rev 4013)
@@ -299,6 +299,7 @@
. '" alt="">' . $title. '</p>';
echo '<form action=' . $_SERVER['PHP_SELF'] . " method='POST'><table class=selection>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr><td>' . _('Tax Authority To Report On:') . ':</font></td>
<td><select name=TaxAuthority>';
Modified: trunk/TaxAuthorities.php
===================================================================
--- trunk/TaxAuthorities.php 2010-09-30 16:06:07 UTC (rev 4012)
+++ trunk/TaxAuthorities.php 2010-09-30 16:07:02 UTC (rev 4013)
@@ -205,6 +205,7 @@
echo "<p><form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID .'>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedTaxAuthID)) {
//editing an existing tax authority
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X