From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Mon, 14 Jan 2008 13:33:32 +0000 (+0000)
Subject: Die Variablen login und password müssen/dürfen seit der Umstellung auf Session basier... 
X-Git-Tag: release-2.6.0beta1~352
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=5b22b6b5b7dbb290048cd15b3ede7d18cba4d09c;p=kivitendo-erp.git

Die Variablen login und password müssen/dürfen seit der Umstellung auf Session basierte Authentifizierung nicht mehr übergeben werden.
---

diff --git a/bin/mozilla/common.pl b/bin/mozilla/common.pl
index c27a35a69..6ed951c50 100644
--- a/bin/mozilla/common.pl
+++ b/bin/mozilla/common.pl
@@ -415,7 +415,7 @@ sub cov_selection_internal {
 
   my $callback = "$form->{script}?action=cov_selection_internal&";
   map({ $callback .= "$_=" . $form->escape($form->{$_}) . "&" }
-      (qw(login path password name input_name input_id is_vendor allow_both), grep({ /^[fl]_/ } keys %$form)));
+      (qw(name input_name input_id is_vendor allow_both), grep({ /^[fl]_/ } keys %$form)));
 
   my @header_sort = qw(name address contact);
   my %header_title = ( "name" => $locale->text("Name"),
diff --git a/bin/mozilla/drafts.pl b/bin/mozilla/drafts.pl
index 36eb6088a..a6a70cdb0 100644
--- a/bin/mozilla/drafts.pl
+++ b/bin/mozilla/drafts.pl
@@ -20,7 +20,7 @@ sub save_draft {
     restore_form($form->{SAVED_FORM}, 1) if ($form->{SAVED_FORM});
     delete $form->{SAVED_FORM};
 
-    $form->{SAVED_FORM}   = save_form(qw(login password stylesheet));
+    $form->{SAVED_FORM}   = save_form(qw(stylesheet));
     $form->{remove_draft} = 1;
 
     $form->header();
@@ -67,7 +67,7 @@ sub load_draft_maybe {
   $draft_nextsub = "add" unless ($draft_nextsub);
 
   delete $form->{action};
-  my $saved_form = save_form(qw(login password stylesheet));
+  my $saved_form = save_form(qw(stylesheet));
 
   $form->header();
   print($form->parse_html_template("drafts/load",
diff --git a/bin/mozilla/io.pl b/bin/mozilla/io.pl
index e331ff7c7..c5fc66103 100644
--- a/bin/mozilla/io.pl
+++ b/bin/mozilla/io.pl
@@ -607,10 +607,9 @@ sub new_item {
   my $previousform = join '&', map { $form->{$_} =~ s/&/%26/; "$_=$form->{$_}" } grep { !/action/ } keys %$form;
 
   push @HIDDENS,      { 'name' => 'previousform', 'value' => $form->escape($previousform, 1) };
-  push @HIDDENS, map +{ 'name' => $_,             'value' => $form->{$_} },                       qw(rowcount vc login password);
+  push @HIDDENS, map +{ 'name' => $_,             'value' => $form->{$_} },                       qw(rowcount vc);
   push @HIDDENS, map +{ 'name' => $_,             'value' => $form->{"${_}_$form->{rowcount}"} }, qw(partnumber description unit sellprice);
   push @HIDDENS,      { 'name' => 'taxaccount2',  'value' => $form->{taxaccounts} };
-    next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
 
   $form->header();
   print $form->parse_html_template("generic/new_item", { HIDDENS => [ sort { $a->{name} cmp $b->{name} } @HIDDENS ] } );
diff --git a/bin/mozilla/menuXML.pl b/bin/mozilla/menuXML.pl
index 84fabbb05..06746ae74 100644
--- a/bin/mozilla/menuXML.pl
+++ b/bin/mozilla/menuXML.pl
@@ -53,12 +53,6 @@ sub display {
 <!ENTITY szlig "ß">
 ]>|;
   print qq|<doc>|;
-  print qq|<login>|;
-  print $form->{login};
-  print qq|</login>|;
-  print qq|<password>|;
-  print $form->{password};
-  print qq|</password>|;
   print qq|<name>|;
   print %myconfig->{name};
   print qq|</name>|;
diff --git a/bin/mozilla/pe.pl b/bin/mozilla/pe.pl
index eb62b0663..5a617ba4d 100644
--- a/bin/mozilla/pe.pl
+++ b/bin/mozilla/pe.pl
@@ -49,7 +49,7 @@ sub add {
 
   # construct callback
   $form->{callback} =
-    "$form->{script}?action=add&type=$form->{type}&login=$form->{login}&password=$form->{password}"
+    "$form->{script}?action=add&type=$form->{type}"
     unless $form->{callback};
 
   call_sub("form_$form->{type}_header");
@@ -180,9 +180,6 @@ sub search {
 
 <input type=hidden name=nextsub value=$report>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <br>
 <input class=submit type=submit name=action value="|
     . $locale->text('Continue') . qq|">
@@ -205,7 +202,7 @@ sub project_report {
   PE->projects(\%myconfig, \%$form);
 
   $callback =
-    "$form->{script}?action=project_report&type=$form->{type}&login=$form->{login}&password=$form->{password}&status=$form->{status}&active=" .
+    "$form->{script}?action=project_report&type=$form->{type}&status=$form->{status}&active=" .
     E($form->{active});
   $href = $callback;
 
@@ -286,7 +283,7 @@ sub project_report {
 |;
 
     $column_data{projectnumber} =
-      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{projectnumber}</td>|;
+      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&callback=$callback>$ref->{projectnumber}</td>|;
     $column_data{description} = qq|<td>$ref->{description}&nbsp;</td>|;
     $column_data{active} =
       qq|<td>| .
@@ -316,9 +313,6 @@ sub project_report {
 
 <input type=hidden name=type value=$form->{type}>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -424,9 +418,6 @@ sub form_project_footer {
 
 <input name=callback type=hidden value="$form->{callback}">
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <br><input type=submit class=submit name=action value="|
     . $locale->text('Save') . qq|">
 |;
@@ -528,7 +519,7 @@ sub partsgroup_report {
   PE->partsgroups(\%myconfig, \%$form);
 
   $callback =
-    "$form->{script}?action=partsgroup_report&type=$form->{type}&login=$form->{login}&password=$form->{password}&status=$form->{status}";
+    "$form->{script}?action=partsgroup_report&type=$form->{type}&status=$form->{status}";
 
   if ($form->{status} eq 'all') {
     $option = $locale->text('All');
@@ -589,7 +580,7 @@ sub partsgroup_report {
 |;
 
     $column_data{partsgroup} =
-      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{partsgroup}</td>|;
+      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&callback=$callback>$ref->{partsgroup}</td>|;
     map { print "$column_data{$_}\n" } @column_index;
 
     print "
@@ -613,9 +604,6 @@ sub partsgroup_report {
 
 <input type=hidden name=type value=$form->{type}>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -684,9 +672,6 @@ sub form_partsgroup_footer {
 
 <input name=callback type=hidden value="$form->{callback}">
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <br><input type=submit class=submit name=action value="|
     . $locale->text('Save') . qq|">
 |;
@@ -727,7 +712,7 @@ sub pricegroup_report {
   PE->pricegroups(\%myconfig, \%$form);
 
   $callback =
-    "$form->{script}?action=pricegroup_report&type=$form->{type}&login=$form->{login}&password=$form->{password}&status=$form->{status}";
+    "$form->{script}?action=pricegroup_report&type=$form->{type}&status=$form->{status}";
 
   if ($form->{status} eq 'all') {
     $option = $locale->text('All');
@@ -790,7 +775,7 @@ sub pricegroup_report {
         <tr valign=top class=listrow$i>
 |;
     $column_data{pricegroup} =
-      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{pricegroup}</td>|;
+      qq|<td><a href=$form->{script}?action=edit&type=$form->{type}&status=$form->{status}&id=$ref->{id}&callback=$callback>$ref->{pricegroup}</td>|;
 
     map { print "$column_data{$_}\n" } @column_index;
 
@@ -815,9 +800,6 @@ sub pricegroup_report {
 
 <input type=hidden name=type value=$form->{type}>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -890,9 +872,6 @@ sub form_pricegroup_footer {
 
 <input name=callback type=hidden value="$form->{callback}">
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <br><input type=submit class=submit name=action value="|
     . $locale->text('Save') . qq|">
 |;
diff --git a/js/calculate_qty.js b/js/calculate_qty.js
index 048346c1a..fb04cd7cd 100644
--- a/js/calculate_qty.js
+++ b/js/calculate_qty.js
@@ -8,8 +8,6 @@ function calculate_qty_selection_window(input_name, alu, formel, row) {
   }  else var action = "calculate_qty";
   url = "common.pl?" +
     "action=" + action + "&" +
-    "login=" + encodeURIComponent(document.getElementsByName("login")[0].value) + "&" +
-    "password=" + encodeURIComponent(document.getElementsByName("password")[0].value) + "&" +
     "name=" + escape(name) + "&" +
     "input_name=" + escape(input_name) + "&" +
     "description=" + escape(description) + "&" +
diff --git a/js/common.js b/js/common.js
index b354d3ccc..a89fa02be 100644
--- a/js/common.js
+++ b/js/common.js
@@ -44,8 +44,6 @@ function set_longdescription_window(input_name) {
   var name = document.getElementsByName(input_name)[0].value;
   url = "common.pl?" +
     "action=set_longdescription&" +
-    "login=" +  encodeURIComponent(document.getElementsByName("login")[0].value)+ "&"+
-    "password=" + encodeURIComponent(document.getElementsByName("password")[0].value) + "&" +
     "longdescription=" + escape_more(document.getElementsByName(input_name)[0].value) + "&" +
     "input_name=" + escape_more(input_name) + "&"
   window.open(url, "_new_generic", parm);
diff --git a/js/customer_or_vendor_selection.js b/js/customer_or_vendor_selection.js
index 4d1bf8d7b..1be1c716c 100644
--- a/js/customer_or_vendor_selection.js
+++ b/js/customer_or_vendor_selection.js
@@ -3,8 +3,6 @@ function customer_or_vendor_selection_window(input_name, input_id, is_vendor, al
   var name = document.getElementsByName(input_name)[0].value;
   url = "common.pl?" +
     "action=cov_selection_internal&" +
-    "login=" + escape(document.forms[0].login.value) + "&" +
-    "password=" + escape(document.forms[0].password.value) + "&" +
     "name=" + escape_more(name) + "&" +
     "input_name=" + escape(input_name) + "&" +
     "input_id=" + escape(input_id) + "&" +
diff --git a/js/delivery_customer_selection.js b/js/delivery_customer_selection.js
index a94f3c067..89a9a8972 100644
--- a/js/delivery_customer_selection.js
+++ b/js/delivery_customer_selection.js
@@ -3,8 +3,6 @@ function delivery_customer_selection_window(input_name, input_id) {
   var name = document.getElementsByName(input_name)[0].value;
   url = "common.pl?" +
     "action=delivery_customer_selection&" +
-    "login=" + escape(document.getElementsByName("login")[0].value) + "&" +
-    "password=" + escape(document.getElementsByName("password")[0].value) + "&" +
     "name=" + escape(name) + "&" +
     "input_name=" + escape(input_name) + "&" +
     "input_id=" + escape(input_id)
diff --git a/js/dunning.js b/js/dunning.js
index 060dbbd2f..a98722ed2 100644
--- a/js/dunning.js
+++ b/js/dunning.js
@@ -2,8 +2,6 @@ function set_email_window(input_subject, input_body, input_attachment) {
   var parm = centerParms(800,600) + ",width=800,height=600,status=yes,scrollbars=yes";
   var url = "dn.pl?" +
     "action=set_email&" +
-    "login=" +  encodeURIComponent(document.getElementsByName("login")[0].value)+ "&"+
-    "password=" + encodeURIComponent(document.getElementsByName("password")[0].value) + "&" +
     "email_subject=" + escape_more(document.getElementsByName(input_subject)[0].value) + "&" +
     "email_body=" + escape_more(document.getElementsByName(input_body)[0].value) + "&" +
     "email_attachment=" + escape_more(document.getElementsByName(input_attachment)[0].value) + "&" +
diff --git a/js/parts_language_selection.js b/js/parts_language_selection.js
index 220acd6ad..87f8f10f4 100644
--- a/js/parts_language_selection.js
+++ b/js/parts_language_selection.js
@@ -3,8 +3,6 @@ function parts_language_selection_window(input_name) {
   var name = document.getElementsByName(input_name)[0].value;
   url = "ic.pl?" +
     "action=parts_language_selection&" +
-    "login="           + escape_more(document.ic.login.value)           + "&" +
-    "password="        + escape_more(document.ic.password.value)        + "&" +
     "id="              + escape_more(document.ic.id.value)              + "&" +
     "language_values=" + escape_more(document.ic.language_values.value) + "&" +
     "name="            + escape_more(name)                              + "&" +
diff --git a/js/show_am_history.js b/js/show_am_history.js
index 8dd1e69d2..8888ab632 100644
--- a/js/show_am_history.js
+++ b/js/show_am_history.js
@@ -1,8 +1,6 @@
 function set_history_uri() {
   document.location.href = "am.pl?" +
     "action=show_am_history&" +
-    "login=" +  encodeURIComponent(document.getElementsByName("login")[0].value)+ "&"+
-    "password=" + encodeURIComponent(document.getElementsByName("password")[0].value) + "&" +
     "longdescription=" + "&" +
     "einschraenkungen=" + document.getElementById("einschraenkungen").value + "&" +
     "transdate=" + document.getElementById("transdate_hidden").value + "&" +
diff --git a/js/show_history.js b/js/show_history.js
index 137e2193e..2aeb7d4fc 100644
--- a/js/show_history.js
+++ b/js/show_history.js
@@ -15,8 +15,6 @@ function set_history_window(id) {
   var name = "History";
   url = "common.pl?" +
     "action=show_history&" +
-    "login=" +  encodeURIComponent(document.getElementsByName("login")[0].value)+ "&"+
-    "password=" + encodeURIComponent(document.getElementsByName("password")[0].value) + "&" +
     "longdescription=" + "&" +
     "input_name=" + escape(id) + "&"
   window.open(url, "_new_generic", parm);
diff --git a/js/show_vc_details.js b/js/show_vc_details.js
index b85614bc6..5595e72fb 100644
--- a/js/show_vc_details.js
+++ b/js/show_vc_details.js
@@ -7,8 +7,6 @@ function show_vc_details(vc) {
     vc_id = vc_id[0].value;
   url = "common.pl?" +
     "action=show_vc_details&" +
-    "login=" + escape(document.getElementsByName("login")[0].value) + "&" +
-    "password=" + escape(document.getElementsByName("password")[0].value) + "&" +
     "vc=" + escape(vc) + "&" +
     "vc_id=" + escape(vc_id)
   //alert(url);
diff --git a/js/vendor_selection.js b/js/vendor_selection.js
index 19e232d4e..41f6e1766 100644
--- a/js/vendor_selection.js
+++ b/js/vendor_selection.js
@@ -3,8 +3,6 @@ function vendor_selection_window(input_name, input_id) {
   var name = document.getElementsByName(input_name)[0].value;
   url = "common.pl?" +
     "action=vendor_selection&" +
-    "login=" + escape(document.getElementsByName("login")[0].value) + "&" +
-    "password=" + escape(document.getElementsByName("password")[0].value) + "&" +
     "name=" + escape(name) + "&" +
     "input_name=" + escape(input_name) + "&" +
     "input_id=" + escape(input_id)