[Weberp-cvs] SF.net SVN: web-erp:[4047] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 4047
          http://web-erp.svn.sourceforge.net/web-erp/?rev=4047&view=rev
Author:   tim_schofield
Date:     2010-09-30 16:19:00 +0000 (Thu, 30 Sep 2010)

Log Message:
-----------
Add form verification to prevent form spoofing

Modified Paths:
--------------
    trunk/Z_poEditLangModule.php
    trunk/Z_poEditLangRemaining.php

Modified: trunk/Z_poEditLangModule.php
===================================================================

--- trunk/Z_poEditLangModule.php	2010-09-30 16:18:44 UTC (rev 4046)
+++ trunk/Z_poEditLangModule.php	2010-09-30 16:19:00 UTC (rev 4047)
@@ -14,12 +14,12 @@
 
 include('includes/header.inc');
 
-/* Your webserver user MUST have read/write access to here, 
+/* Your webserver user MUST have read/write access to here,
 	otherwise you'll be wasting your time */
-	
+
 $PathToLanguage		= './locale/' . $_SESSION['Language'] . '/LC_MESSAGES/messages.po';
 $PathToNewLanguage	= './locale/' . $_SESSION['Language'] . '/LC_MESSAGES/messages.po.new';
-	
+
 echo "<br>&nbsp;<a href='" . $rootpath . "/Z_poAdmin.php'>" . _('Back to the translation menu') . "</a>";
 echo '<br><br>&nbsp;' . _('Utility to edit a language file module');
 echo '<br>&nbsp;' . _('Current language is') . ' ' . $_SESSION['Language'];
@@ -28,7 +28,7 @@
 
 if (isset($_POST['ReMergePO'])){
 
-/*update the messages.po file with any new strings */	
+/*update the messages.po file with any new strings */
 
 /*first rebuild the en_GB default with xgettext */
 
@@ -38,17 +38,17 @@
 
 	system($xgettextCmd);
 /*now merge the translated file with the new template to get new strings*/
-	
+
 	$msgMergeCmd = 'msgmerge --no-wrap --update ' . $PathToLanguage . ' ' . $PathToDefault;
-	
+
 	system($msgMergeCmd);
 	//$Result = rename($PathToNewLanguage, $PathToLanguage);
 	exit;
 }
-	
-if (isset($_POST['module'])) {	
+
+if (isset($_POST['module'])) {
   // a module has been selected and is being modified
-  
+
 	$PathToLanguage_mo = substr($PathToLanguage,0,strrpos($PathToLanguage,'.')) . '.mo';
 
   /* now read in the language file */
@@ -58,9 +58,10 @@
 
 	if (isset($_POST['submit'])) {
     // save the modifications
-    
+
 		echo '<br><table><tr><td>';
 		echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
     /* write the new language file */
 
@@ -76,7 +77,7 @@
 			$Result = fputs($fpOut, $LangFile[$i]);
 		}
 		$Result = fclose($fpOut);
-	
+
     /* Done writing, now move the original file to a .old */
     /* and the new one to the default */
 
@@ -88,7 +89,7 @@
 		if (file_exists($PathToLanguage . '.bak')) {
 			$Result = unlink($PathToLanguage . '.bak');
 		}
-		
+
     /*now need to create the .mo file from the .po file */
 		$msgfmtCommand = 'msgfmt ' . $PathToLanguage . ' -o ' . $PathToLanguage_mo;
 		system($msgfmtCommand);
@@ -97,7 +98,7 @@
 
 		echo '</form>';
 		echo '</td></tr></table>';
-	
+
 	/* End of Submit block */
 	} else {
 
@@ -117,7 +118,7 @@
 			}
 		}
 		$TotalLines = $j - 1;
-						
+
 /* stick it on the screen */
 
     echo '<br>&nbsp;' . _('When finished modifying you must click on Modify at the bottom in order to save changes');
@@ -126,6 +127,7 @@
 		prnMsg (_('Your existing translation file (messages.po) will be saved as messages.po.old') . '<br>', 'info', _('PLEASE NOTE'));
 		echo '<br>';
 		echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 		echo '</div';
 		echo '<table>';
 		echo '<tr><th ALIGN="center">' . _('Language File for') . ' "' . $_POST['language'] . '"</th></tr>';
@@ -165,7 +167,7 @@
 		echo '<br><div class="centre">';
 		echo '<input type="Submit" name="submit" VALUE="' . _('Modify') . '">&nbsp;&nbsp;';
 		echo '<input type="hidden" name="module" VALUE="' . $_POST['module'] . '">';
-		
+
 		echo '</form>';
 		echo '</div>';
 	}
@@ -202,7 +204,7 @@
     	}
   	  closedir($handle);
 	}
-	
+
 	sort($AvailableModules);
 	$NumberOfModules = sizeof($AvailableModules) - 1;
 
@@ -213,6 +215,7 @@
 {
 	echo '<br><table><tr><td>';
 	echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
 	echo '<table>';
 

Modified: trunk/Z_poEditLangRemaining.php
===================================================================
--- trunk/Z_poEditLangRemaining.php	2010-09-30 16:18:44 UTC (rev 4046)
+++ trunk/Z_poEditLangRemaining.php	2010-09-30 16:19:00 UTC (rev 4047)
@@ -14,17 +14,17 @@
 
 include('includes/header.inc');
 
-/* Your webserver user MUST have read/write access to here, 
+/* Your webserver user MUST have read/write access to here,
 	otherwise you'll be wasting your time */
-	
+
 $PathToLanguage		= './locale/' . $_SESSION['Language'] . '/LC_MESSAGES/messages.po';
 $PathToNewLanguage	= './locale/' . $_SESSION['Language'] . '/LC_MESSAGES/messages.po.new';
-	
+
 echo "<br>&nbsp;<a href='" . $rootpath . "/Z_poAdmin.php'>" . _('Back to the translation menu') . "</a>";
 echo '<br><br>&nbsp;' . _('Utility to edit a language file module');
 echo '<br>&nbsp;' . _('Current language is') . ' ' . $_SESSION['Language'];
 
-  
+
 	$PathToLanguage_mo = substr($PathToLanguage,0,strrpos($PathToLanguage,'.')) . '.mo';
 
   /* now read in the language file */
@@ -34,9 +34,10 @@
 
 	if (isset($_POST['submit'])) {
     // save the modifications
-    
+
 		echo '<br><table><tr><td>';
 		echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
     /* write the new language file */
 
@@ -52,7 +53,7 @@
 			$Result = fputs($fpOut, $LangFile[$i]);
 		}
 		$Result = fclose($fpOut);
-	
+
     /* Done writing, now move the original file to a .old */
     /* and the new one to the default */
 
@@ -64,7 +65,7 @@
 		if (file_exists($PathToLanguage . '.bak')) {
 			$Result = unlink($PathToLanguage . '.bak');
 		}
-		
+
     /*now need to create the .mo file from the .po file */
 		$msgfmtCommand = 'msgfmt ' . $PathToLanguage . ' -o ' . $PathToLanguage_mo;
 		system($msgfmtCommand);
@@ -92,8 +93,8 @@
 			}
 		}
 		$TotalLines = $j - 1;
-		
-						
+
+
 /* stick it on the screen */
 
     echo '<br>&nbsp;' . _('When finished modifying you must click on Modify at the bottom in order to save changes');
@@ -103,6 +104,7 @@
 		echo '<br>';
 		echo '</div>';
 		echo '<form method="post" action=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
 		echo '<table>';
 		echo '<tr><th ALIGN="center">' . _('Language File for') . ' "' . $_SESSION['Language'] . '"</th></tr>';
@@ -134,7 +136,7 @@
 		echo '<br><div class="centre">';
 		echo '<input type="Submit" name="submit" VALUE="' . _('Modify') . '">&nbsp;&nbsp;';
 		echo '<input type="hidden" name="module" VALUE="' . $_POST['module'] . '">';
-		
+
 		echo '</form>';
 		echo '</div>';
 	}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Weberp-cvs] SF.net SVN: web-erp:[4047] trunk

Accounting & Best Practice Business Administration System

[Weberp-cvs] SF.net SVN: web-erp:[4047] trunk