X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=index.php;h=479e75cf9ff0a43010091226ff8cc217e4510d97;hb=7f332543a7931f488b1a123ffc055c99ddeaf7e6;hp=11bb1ef4faf53c7cbb22a2949581efda04d3bd80;hpb=40eef626fb2ba34aeb8cadb1568cc989c41cd4c7;p=mirrors%2FSokoMan.git diff --git a/index.php b/index.php index 11bb1ef..479e75c 100755 --- a/index.php +++ b/index.php @@ -73,6 +73,10 @@ class HTML { return "$title"; } + function img_link($src, $link='#void', $title='img_link', $internal=true, $translate=true, $options='width=64') { + return $this->link($this->img($src,$title,$options),$link,$internal,$translate); + } + function input($name=false, $value=false, $type='text', $placeholder=false, $options=false, $prefix='') { $html = T($prefix)."'); + $message = strip_tags(@trim($_GET['message']),'
'); $instance = INSTANCE_ID != '' ? '/'.INSTANCE_ID : ''; $user_id = htmlspecialchars($user['id']); $user_gid = htmlspecialchars($user['gid']); @@ -269,13 +273,13 @@ EOF; foreach($image as $column) if(isset($table[$id][$column])) { $type = @array_shift(preg_split('/_/', $column)); $src=URL_IMAGES."/$type/".$table[$id][$column].'.jpg'; - $table[$id][$type.'_image']=$this->img($src, $table[$id][$column]); + $table[$id][$type.'_image']=$this->img_link($src, $src, $table[$id][$column], false, false); } } } function render_barcode($barcode,$opts=false) { - return $this->link($this->img($this->internal_url("barcode/$barcode"),$barcode,$opts),"barcode/$barcode",true,false); + return $this->img_link($this->internal_url("barcode/$barcode"),$this->internal_url("barcode/$barcode"),$barcode,false,false,$opts); } function table_add_barcodes(&$table) { @@ -287,6 +291,39 @@ EOF; } } + function table_add_relations(&$table, $class, $suffix_relations='_relations') { + $where_url = '%d/?where[%c]==%v'; + $relations = array( //TODO: Autodetect??? + 'model' => array( + 'model_id' => array(array('item',$where_url)), + 'model_barcode' => array(array('store','assistant/%d?barcode=%v')), + 'model_name' => array(array('google','http://google.com/search?q=%v',true)) + ), + 'item' => array( + 'item_serial' => array(array('dispose','assistant/%d?serial=%v'),array('sell','assistant/%d?serial=%v')) + ), + 'category' => array('category_id' => array(array('item',$where_url))), + 'producer' => array('producer_id' => array(array('item',$where_url))), + 'vendor' => array('vendor_id' => array(array('item',$where_url))), + 'room' => array('room_id' => array(array('item',$where_url))), + 'status' => array('status_id' => array(array('item',$where_url))) + ); + foreach($table as $id => $row) { + foreach($row as $column => $value) { + if(isset($relations[$class][$column])) { + foreach($relations[$class][$column] as $destination) { + $destination_url = str_replace( + array('%d','%c','%v'), + array(urlencode($destination[0]),urlencode($column),urlencode($value)), + $destination[1] + ); + @$table[$id][$class.$suffix_relations] .= $this->link($destination[0], $destination_url, !isset($destination[2])).','; + } + } + } + } + } + function table_collapse(&$table) { $collapse = array( 'item_id' => 'item_id', @@ -322,8 +359,9 @@ EOF; $table = $table_sorted; } - function render_item_table($table) { + function render_item_table($table,$class=false) { $this->table_add_images($table); + if($class) $this->table_add_relations($table,$class); $this->table_add_barcodes($table); $this->table_collapse($table); $this->table_sort($table); @@ -686,7 +724,7 @@ class Sklad_UI { } function render_items($class, $id=false, $limit=false, $offset=0, $where=false, $search=false, $history=false) { - return $this->html->render_item_table($this->db->get_listing($class, $id, $limit, $offset, $where, $search, $history, false)); + return $this->html->render_item_table($this->db->get_listing($class, $id, $limit, $offset, $where, $search, $history, false),$class); } function render_form_add($class) { @@ -757,15 +795,16 @@ class Sklad_UI { new HTTP_Auth('SkladovejSystem', true, array($this->db->auth,'check_auth')); } - function post_redirect_get($location, $message='', $error=false) { - $url_args = $message != '' ? '?message='.urlencode(T($message)) : ''; + function post_redirect_get($location, $message='', $error=false, $translate=true) { + $messaget = $translate ? T($message) : $message; + $url_args = $messaget != '' ? '?message='.urlencode($messaget) : ''; $location = $this->html->internal_url($location).$url_args; header('Location: '.$location); if($error) trigger_error($message); $location=htmlspecialchars($location); die( "". - T($message)."
Location: $location" + $messaget."
Location: $location" ); } @@ -781,6 +820,15 @@ class Sklad_UI { return $out; } + function check_input_validity($field, $value='', $ruleset=0) { + $rules = array(0 => array( + 'model_barcode' => '/./', + 'item_serial' => '/./' + )); + if(isset($rules[$ruleset][$field]) && !preg_match($rules[$ruleset][$field], trim($value))) return false; + return true; + } + function process_http_request_post($action=false, $class=false, $id=false, $force_redirect=false) { if($_SERVER['REQUEST_METHOD'] != 'POST') return; //echo('
'); //DEBUG (maybe todo remove), HEADERS ALREADY SENT!!!!
@@ -795,7 +843,14 @@ class Sklad_UI {
 			$values=array();
 			foreach($_POST['values'] as $table => $columns) {
 				foreach($columns as $column => $ids) {
-					foreach($ids as $id => $val) $values[$table][$id][$column] = $val;
+					foreach($ids as $id => $val) {
+						$values[$table][$id][$column] = trim($val);
+						if(!$this->check_input_validity($column,$val)) {
+							$message = "Spatny vstup: $column [$id] = \"$val\"; ". //XSS
+								$this->html->link('GO BACK', 'javascript:history.back()', false, false);
+			        $this->post_redirect_get('', $message, false, false);
+						}
+					}
 				}
 			}
 			//die(print_r($values));