Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[4051] trunk
|
From: <tim...@us...> - 2010-09-30 16:20:15
|
Revision: 4051
http://web-erp.svn.sourceforge.net/web-erp/?rev=4051&view=rev
Author: tim_schofield
Date: 2010-09-30 16:20:09 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/Z_RePostGLFromPeriod.php
trunk/Z_ReverseSuppPaymentRun.php
Modified: trunk/Z_RePostGLFromPeriod.php
===================================================================
--- trunk/Z_RePostGLFromPeriod.php 2010-09-30 16:19:45 UTC (rev 4050)
+++ trunk/Z_RePostGLFromPeriod.php 2010-09-30 16:20:09 UTC (rev 4051)
@@ -9,6 +9,7 @@
include('includes/header.inc');
echo "<form method='POST' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['FromPeriod'])){
@@ -31,7 +32,7 @@
</tr>
</table>';
- echo "<div class='centre'><input type=submit Name='recalc' Value='" . _('Do the Recalculation') . "'
+ echo "<div class='centre'><input type=submit Name='recalc' Value='" . _('Do the Recalculation') . "'
onclick=\"return confirm('" . _('Are you sure you wish to re-post all general ledger transactions since the selected period
.... this can take some time?') . '\');"></div></form>';
@@ -45,16 +46,16 @@
$sql = 'UPDATE chartdetails SET actual =0 WHERE period >= ' . $_POST['FromPeriod'];
$UpdActualChartDetails = DB_query($sql,$db);
- $ChartDetailBFwdResult = DB_query('SELECT accountcode, bfwd FROM chartdetails WHERE period=' . $_POST['FromPeriod'],$db);
+ $ChartDetailBFwdResult = DB_query('SELECT accountcode, bfwd FROM chartdetails WHERE period=' . $_POST['FromPeriod'],$db);
while ($ChartRow=DB_fetch_array($ChartDetailBFwdResult)){
$sql = 'UPDATE chartdetails SET bfwd =' . $ChartRow['bfwd'] . ' WHERE period > ' . $_POST['FromPeriod'] . ' AND accountcode=' . $ChartRow['accountcode'];
$UpdActualChartDetails = DB_query($sql,$db);
}
-
+
/*Now repost the lot */
include('includes/GLPostings.inc');
-
+
prnMsg(_('All general ledger postings have been reposted from period') . ' ' . $_POST['FromPeriod'],'success');
}
include('includes/footer.inc');
Modified: trunk/Z_ReverseSuppPaymentRun.php
===================================================================
--- trunk/Z_ReverseSuppPaymentRun.php 2010-09-30 16:19:45 UTC (rev 4050)
+++ trunk/Z_ReverseSuppPaymentRun.php 2010-09-30 16:20:09 UTC (rev 4051)
@@ -84,6 +84,7 @@
echo "<form method=post action='" . $_SERVER['PHP_SELF'] . '?' . SID . "'>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br>' . _('Enter the date of the payment run') . ": <input type=text name='PaytDate' maxlength=11 size=11 value='" . $_POST['PaytDate'] . "'>";
echo "<input type=submit name='RevPayts' value='" . _('Reverse Supplier Payments on the Date Entered') . "'>";
echo '</form>';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
