return "<img src='$src' alt='$title' title='$title'$options; />";
}
+ function img_link($src, $link='#void', $title='img_link', $internal=true, $translate=true, $options='width=64') {
+ return $this->link($this->img($src,$title,$options),$link,$internal,$translate);
+ }
+
function input($name=false, $value=false, $type='text', $placeholder=false, $options=false, $prefix='') {
$html = T($prefix)."<input type='$type' ";
if($name) $html.= "name='$name' ";
$home = URL_HOME;
$script = $_SERVER['SCRIPT_NAME'];
$search = htmlspecialchars(@trim($_GET['q']));
- $message = strip_tags(@trim($_GET['message']),'<a><b><u><i>');
+ $message = strip_tags(@trim($_GET['message']),'<a><b><u><i><br>');
$instance = INSTANCE_ID != '' ? '/'.INSTANCE_ID : '';
$user_id = htmlspecialchars($user['id']);
$user_gid = htmlspecialchars($user['gid']);
foreach($image as $column) if(isset($table[$id][$column])) {
$type = @array_shift(preg_split('/_/', $column));
$src=URL_IMAGES."/$type/".$table[$id][$column].'.jpg';
- $table[$id][$type.'_image']=$this->img($src, $table[$id][$column]);
+ $table[$id][$type.'_image']=$this->img_link($src, $src, $table[$id][$column], false, false);
}
}
}
function render_barcode($barcode,$opts=false) {
- return $this->link($this->img($this->internal_url("barcode/$barcode"),$barcode,$opts),"barcode/$barcode",true,false);
+ return $this->img_link($this->internal_url("barcode/$barcode"),$this->internal_url("barcode/$barcode"),$barcode,false,false,$opts);
}
function table_add_barcodes(&$table) {
$relations = array( //TODO: Autodetect???
'model' => array(
'model_id' => array(array('item',$where_url)),
- 'model_barcode' => array(array('store','assistant/%d?barcode=%v'))
+ 'model_barcode' => array(array('store','assistant/%d?barcode=%v')),
+ 'model_name' => array(array('google','http://google.com/search?q=%v',true))
+ ),
+ 'item' => array(
+ 'item_serial' => array(array('dispose','assistant/%d?serial=%v'),array('sell','assistant/%d?serial=%v'))
),
'category' => array('category_id' => array(array('item',$where_url))),
'producer' => array('producer_id' => array(array('item',$where_url))),
foreach($relations[$class][$column] as $destination) {
$destination_url = str_replace(
array('%d','%c','%v'),
- array($destination[0],$column,$value),
+ array(urlencode($destination[0]),urlencode($column),urlencode($value)),
$destination[1]
);
- @$table[$id][$class.$suffix_relations] .= $this->link($destination[0], $destination_url).',';
+ @$table[$id][$class.$suffix_relations] .= $this->link($destination[0], $destination_url, !isset($destination[2])).',';
}
}
}
new HTTP_Auth('SkladovejSystem', true, array($this->db->auth,'check_auth'));
}
- function post_redirect_get($location, $message='', $error=false) {
- $url_args = $message != '' ? '?message='.urlencode(T($message)) : '';
+ function post_redirect_get($location, $message='', $error=false, $translate=true) {
+ $messaget = $translate ? T($message) : $message;
+ $url_args = $messaget != '' ? '?message='.urlencode($messaget) : '';
$location = $this->html->internal_url($location).$url_args;
header('Location: '.$location);
if($error) trigger_error($message);
$location=htmlspecialchars($location);
die(
"<meta http-equiv='refresh' content='0; url=$location'>".
- T($message)."<br />Location: <a href='$location'>$location</a>"
+ $messaget."<br />Location: <a href='$location'>$location</a>"
);
}
return $out;
}
+ function check_input_validity($field, $value='', $ruleset=0) {
+ $rules = array(0 => array(
+ 'model_barcode' => '/./',
+ 'item_serial' => '/./'
+ ));
+ if(isset($rules[$ruleset][$field]) && !preg_match($rules[$ruleset][$field], trim($value))) return false;
+ return true;
+ }
+
function process_http_request_post($action=false, $class=false, $id=false, $force_redirect=false) {
if($_SERVER['REQUEST_METHOD'] != 'POST') return;
//echo('<pre>'); //DEBUG (maybe todo remove), HEADERS ALREADY SENT!!!!
$values=array();
foreach($_POST['values'] as $table => $columns) {
foreach($columns as $column => $ids) {
- foreach($ids as $id => $val) $values[$table][$id][$column] = $val;
+ foreach($ids as $id => $val) {
+ $values[$table][$id][$column] = trim($val);
+ if(!$this->check_input_validity($column,$val)) {
+ $message = "Spatny vstup: $column [$id] = \"$val\"; ". //XSS
+ $this->html->link('GO BACK', 'javascript:history.back()', false, false);
+ $this->post_redirect_get('', $message, false, false);
+ }
+ }
}
}
//die(print_r($values));