projects
/
kivitendo-erp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Steuerzone darf nicht leer sein
[kivitendo-erp.git]
/
SL
/
Form.pm
diff --git
a/SL/Form.pm
b/SL/Form.pm
index
6ad6a92
..
f02c25a
100644
(file)
--- a/
SL/Form.pm
+++ b/
SL/Form.pm
@@
-42,6
+42,7
@@
use Data::Dumper;
use CGI;
use CGI::Ajax;
use Cwd;
use CGI;
use CGI::Ajax;
use Cwd;
+use Encode;
use IO::File;
use SL::Auth;
use SL::Auth::DB;
use IO::File;
use SL::Auth;
use SL::Auth::DB;
@@
-56,7
+57,7
@@
use SL::User;
use Template;
use URI;
use List::Util qw(first max min sum);
use Template;
use URI;
use List::Util qw(first max min sum);
-use List::MoreUtils qw(any);
+use List::MoreUtils qw(any
apply
);
use strict;
use strict;
@@
-265,7
+266,11
@@
sub new {
$self->{action} = lc $self->{action};
$self->{action} =~ s/( |-|,|\#)/_/g;
$self->{action} = lc $self->{action};
$self->{action} =~ s/( |-|,|\#)/_/g;
- $self->{version} = "2.6.1";
+ #$self->{version} = "2.6.1"; # Old hardcoded but secure style
+ open VERSION_FILE, "VERSION"; # New but flexible code reads version from VERSION-file
+ $self->{version} = <VERSION_FILE>;
+ close VERSION_FILE;
+ $self->{version} =~ s/[^0-9A-Za-z\.\_\-]//g; # only allow numbers, letters, points, underscores and dashes. Prevents injecting of malicious code.
$main::lxdebug->leave_sub();
$main::lxdebug->leave_sub();
@@
-375,6
+380,7
@@
sub escape {
my ($self, $str) = @_;
my ($self, $str) = @_;
+ $str = Encode::encode('utf-8-strict', $str) if $::locale->is_utf8;
$str =~ s/([^a-zA-Z0-9_.-])/sprintf("%%%02x", ord($1))/ge;
$main::lxdebug->leave_sub(2);
$str =~ s/([^a-zA-Z0-9_.-])/sprintf("%%%02x", ord($1))/ge;
$main::lxdebug->leave_sub(2);
@@
-466,13
+472,22
@@
sub info {
if (!$self->{header}) {
$self->header;
if (!$self->{header}) {
$self->header;
- print qq|
- <body>|;
+ print qq|<body>|;
}
print qq|
}
print qq|
+ <p class="message_ok"><b>$msg</b></p>
- <p><b>$msg</b>
+ <script type="text/javascript">
+ <!--
+ // If JavaScript is enabled, the whole thing will be reloaded.
+ // The reason is: When one changes his menu setup (HTML / XUL / CSS ...)
+ // it now loads the correct code into the browser instead of do nothing.
+ setTimeout("top.frames.location.href='login.pl'",500);
+ //-->
+ </script>
+
+</body>
|;
} else {
|;
} else {
@@
-659,6
+674,20
@@
sub header {
</script>
| if $self->{"fokus"};
</script>
| if $self->{"fokus"};
+ # if there is a title, we put some JavaScript in to the page, wich writes a
+ # meaningful title-tag for our frameset.
+ my $title_hack;
+ if ($self->{"title"}){
+ $title_hack = qq|
+ <script type="text/javascript">
+ <!--
+ // Write a meaningful title-tag for our frameset.
+ top.document.title="| . $self->{"title"} . qq| - | . $self->{"login"} . qq| - | . $::myconfig{dbname} . qq| - V| . $self->{"version"} . qq|";
+ //-->
+ </script>
+ |;
+ }
+
#Set Calendar
my $jsscript = "";
if ($self->{jsscript} == 1) {
#Set Calendar
my $jsscript = "";
if ($self->{jsscript} == 1) {
@@
-694,13
+723,12
@@
sub header {
$favicon
$jsscript
$ajax
$favicon
$jsscript
$ajax
-
$fokus
$fokus
+ $title_hack
<link rel="stylesheet" href="css/jquery.autocomplete.css" type="text/css" />
<meta name="robots" content="noindex,nofollow" />
<link rel="stylesheet" href="css/jquery.autocomplete.css" type="text/css" />
<meta name="robots" content="noindex,nofollow" />
- <script type="text/javascript" src="js/highlight_input.js"></script>
<link rel="stylesheet" type="text/css" href="css/tabcontent.css" />
<script type="text/javascript" src="js/tabcontent.js">
<link rel="stylesheet" type="text/css" href="css/tabcontent.css" />
<script type="text/javascript" src="js/tabcontent.js">
@@
-802,13
+830,13
@@
sub _prepare_html_template {
}
if (%main::myconfig) {
}
if (%main::myconfig) {
- map({ $additional_params->{"myconfig_${_}"} = $main::myconfig{$_}; } keys(%main::myconfig));
- my $jsc_dateformat = $main::myconfig{"dateformat"};
- $jsc_dateformat =~ s/d+/\%d/gi;
- $jsc_dateformat =~ s/m+/\%m/gi;
- $jsc_dateformat =~ s/y+/\%Y/gi;
- $additional_params->{"myconfig_jsc_dateformat"} = $jsc_dateformat;
+ $::myconfig{jsc_dateformat} = apply {
+ s/d+/\%d/gi;
+ s/m+/\%m/gi;
+ s/y+/\%Y/gi;
+ } $::myconfig{"dateformat"};
$additional_params->{"myconfig"} ||= \%::myconfig;
$additional_params->{"myconfig"} ||= \%::myconfig;
+ map { $additional_params->{"myconfig_${_}"} = $main::myconfig{$_}; } keys %::myconfig;
}
$additional_params->{"conf_dbcharset"} = $main::dbcharset;
}
$additional_params->{"conf_dbcharset"} = $main::dbcharset;
@@
-1547,15
+1575,21
@@
sub datetonum {
# Database routines used throughout
# Database routines used throughout
+sub _dbconnect_options {
+ my $self = shift;
+ my $options = { pg_enable_utf8 => $::locale->is_utf8,
+ @_ };
+
+ return $options;
+}
+
sub dbconnect {
$main::lxdebug->enter_sub(2);
my ($self, $myconfig) = @_;
# connect to database
sub dbconnect {
$main::lxdebug->enter_sub(2);
my ($self, $myconfig) = @_;
# connect to database
- my $dbh =
- DBI->connect($myconfig->{dbconnect},
- $myconfig->{dbuser}, $myconfig->{dbpasswd})
+ my $dbh = DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser}, $myconfig->{dbpasswd}, $self->_dbconnect_options)
or $self->dberror;
# set db options
or $self->dberror;
# set db options
@@
-1574,9
+1608,7
@@
sub dbconnect_noauto {
my ($self, $myconfig) = @_;
# connect to database
my ($self, $myconfig) = @_;
# connect to database
- my $dbh =
- DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser},
- $myconfig->{dbpasswd}, { AutoCommit => 0 })
+ my $dbh = DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser}, $myconfig->{dbpasswd}, $self->_dbconnect_options(AutoCommit => 0))
or $self->dberror;
# set db options
or $self->dberror;
# set db options
@@
-1988,7
+2020,7
@@
sub add_shipto {
my @values;
foreach my $item (qw(name department_1 department_2 street zipcode city country
my @values;
foreach my $item (qw(name department_1 department_2 street zipcode city country
- contact phone fax email)) {
+ contact
cp_gender
phone fax email)) {
if ($self->{"shipto$item"}) {
$shipto = 1 if ($self->{$item} ne $self->{"shipto$item"});
}
if ($self->{"shipto$item"}) {
$shipto = 1 if ($self->{$item} ne $self->{"shipto$item"});
}
@@
-2006,6
+2038,7
@@
sub add_shipto {
shiptocity = ?,
shiptocountry = ?,
shiptocontact = ?,
shiptocity = ?,
shiptocountry = ?,
shiptocontact = ?,
+ shiptocp_gender = ?,
shiptophone = ?,
shiptofax = ?,
shiptoemail = ?
shiptophone = ?,
shiptofax = ?,
shiptoemail = ?
@@
-2021,6
+2054,7
@@
sub add_shipto {
shiptocity = ? AND
shiptocountry = ? AND
shiptocontact = ? AND
shiptocity = ? AND
shiptocountry = ? AND
shiptocontact = ? AND
+ shiptocp_gender = ? AND
shiptophone = ? AND
shiptofax = ? AND
shiptoemail = ? AND
shiptophone = ? AND
shiptofax = ? AND
shiptoemail = ? AND
@@
-2031,8
+2065,8
@@
sub add_shipto {
$query =
qq|INSERT INTO shipto (trans_id, shiptoname, shiptodepartment_1, shiptodepartment_2,
shiptostreet, shiptozipcode, shiptocity, shiptocountry,
$query =
qq|INSERT INTO shipto (trans_id, shiptoname, shiptodepartment_1, shiptodepartment_2,
shiptostreet, shiptozipcode, shiptocity, shiptocountry,
- shiptocontact, shiptophone, shiptofax, shiptoemail, module)
- VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)|;
+ shiptocontact, shipto
cp_gender, shipto
phone, shiptofax, shiptoemail, module)
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
, ?
)|;
do_query($self, $dbh, $query, $id, @values, $module);
}
}
do_query($self, $dbh, $query, $id, @values, $module);
}
}