FIX CSRF errors on margin forms
This commit is contained in:
Laurent Destailleur
parent
7ff5cd50c3
commit
b80de4aeaf
@ -1927,7 +1927,7 @@ class Form
|
||||
* Return list of products for customer in Ajax if Ajax activated or go to select_produits_list
|
||||
*
|
||||
* @param int $selected Preselected products
|
||||
* @param string $htmlname Name of HTML select field (must be unique in page)
|
||||
* @param string $htmlname Name of HTML select field (must be unique in page).
|
||||
* @param int $filtertype Filter on product type (''=nofilter, 0=product, 1=service)
|
||||
* @param int $limit Limit on number of returned lines
|
||||
* @param int $price_level Level of price to show
|
||||
@ -1949,7 +1949,7 @@ class Form
|
||||
* @param string $nooutput No print, return the output into a string
|
||||
* @return void|string
|
||||
*/
|
||||
public function select_produits($selected = '', $htmlname = 'productid', $filtertype = '', $limit = 0, $price_level = 0, $status = 1, $finished = 2, $selected_input_value = '', $hidelabel = 0, $ajaxoptions = array(), $socid = 0, $showempty = '1', $forcecombo = 0, $morecss = '', $hidepriceinlabel = 0, $warehouseStatus = '', $selected_combinations = array(), $nooutput = 0)
|
||||
public function select_produits($selected = '', $htmlname = 'productid', $filtertype = '', $limit = 0, $price_level = 0, $status = 1, $finished = 2, $selected_input_value = '', $hidelabel = 0, $ajaxoptions = array(), $socid = 0, $showempty = '1', $forcecombo = 0, $morecss = '', $hidepriceinlabel = 0, $warehouseStatus = '', $selected_combinations = null, $nooutput = 0)
|
||||
{
|
||||
// phpcs:enable
|
||||
global $langs, $conf;
|
||||
@ -1997,10 +1997,13 @@ class Form
|
||||
}
|
||||
$out .= ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajax/products.php', $urloption, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT, 1, $ajaxoptions);
|
||||
|
||||
if (!empty($conf->variants->enabled)) {
|
||||
if (!empty($conf->variants->enabled) && is_array($selected_combinations)) {
|
||||
// Code to automatically insert with javascript the select of attributes under the select of product
|
||||
// when a parent of variant has been selected.
|
||||
$out .= '
|
||||
<!-- script to auto show attributes select tags if a variant was selected -->
|
||||
<script>
|
||||
|
||||
// auto show attributes fields
|
||||
selected = '.json_encode($selected_combinations).';
|
||||
combvalues = {};
|
||||
|
||||
@ -2019,6 +2022,8 @@ class Form
|
||||
return;
|
||||
}
|
||||
|
||||
console.log("After change we get variants");
|
||||
|
||||
jQuery.getJSON("'.DOL_URL_ROOT.'/variants/ajax/getCombinations.php", {
|
||||
id: jQuery(this).val()
|
||||
}, function (data) {
|
||||
|
||||
@ -144,10 +144,10 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
|
||||
dataType: "json",
|
||||
minLength: '.$minLength.',
|
||||
select: function( event, ui ) { // Function ran once new value has been selected into javascript combo
|
||||
console.log("Call change on input '.$htmlname.' because of select definition of autocomplete select call on input#search_'.$htmlname.'");
|
||||
console.log("We will trigger change on input '.$htmlname.' because of the select definition of autocomplete code for input#search_'.$htmlname.'");
|
||||
console.log("Selected id = "+ui.item.id+" - If this value is null, it means you select a record with key that is null so selection is not effective");
|
||||
|
||||
//console.log(ui.item);
|
||||
console.log("Propagate before some properties");
|
||||
$("#'.$htmlname.'").attr("data-pbq", ui.item.pbq);
|
||||
$("#'.$htmlname.'").attr("data-pbqup", ui.item.price_ht);
|
||||
$("#'.$htmlname.'").attr("data-pbqbase", ui.item.pricebasetype);
|
||||
@ -155,6 +155,7 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
|
||||
$("#'.$htmlname.'").attr("data-pbqpercent", ui.item.discount);
|
||||
|
||||
$("#'.$htmlname.'").val(ui.item.id).trigger("change"); // Select new value
|
||||
|
||||
// Disable an element
|
||||
if (options.option_disabled) {
|
||||
console.log("Make action option_disabled on #"+options.option_disabled+" with disabled="+ui.item.disabled)
|
||||
@ -170,6 +171,7 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
|
||||
$("#" + options.option_disabled).removeAttr("disabled");
|
||||
}
|
||||
}
|
||||
|
||||
if (options.disabled) {
|
||||
console.log("Make action disabled on each "+options.option_disabled)
|
||||
$.each(options.disabled, function(key, value) {
|
||||
@ -182,6 +184,7 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
|
||||
$("#" + value).show().trigger("show");
|
||||
});
|
||||
}
|
||||
|
||||
// Update an input
|
||||
if (ui.item.update) {
|
||||
console.log("Make action update on each ui.item.update")
|
||||
@ -202,7 +205,7 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
|
||||
}
|
||||
});
|
||||
}
|
||||
console.log("ajax_autocompleter new value selected, we trigger change on original component so field #search_'.$htmlname.'");
|
||||
console.log("ajax_autocompleter new value selected, we trigger change also on original component so on field #search_'.$htmlname.'");
|
||||
|
||||
$("#search_'.$htmlname.'").trigger("change"); // We have changed value of the combo select, we must be sure to trigger all js hook binded on this event. This is required to trigger other javascript change method binded on original field by other code.
|
||||
}
|
||||
|
||||
@ -214,8 +214,7 @@ if ($nolinesbefore) {
|
||||
if (empty($senderissupplier))
|
||||
{
|
||||
$statustoshow = 1;
|
||||
if (!empty($conf->global->ENTREPOT_EXTRA_STATUS))
|
||||
{
|
||||
if (!empty($conf->global->ENTREPOT_EXTRA_STATUS)) {
|
||||
// hide products in closed warehouse, but show products for internal transfer
|
||||
$form->select_produits(GETPOST('idprod'), 'idprod', $filtertype, $conf->product->limit_size, $buyer->price_level, $statustoshow, 2, '', 1, array(), $buyer->id, '1', 0, 'maxwidth500', 0, 'warehouseopen,warehouseinternal', GETPOST('combinations', 'array'));
|
||||
} else {
|
||||
|
||||
@ -106,6 +106,7 @@ $titre = $langs->trans("Margins");
|
||||
$picto = 'margin';
|
||||
|
||||
print '<form method="post" name="sel" action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
print dol_get_fiche_head($head, 'agentMargins', $titre, 0, $picto);
|
||||
|
||||
@ -113,7 +114,7 @@ print '<table class="border centpercent">';
|
||||
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ContactOfInvoice').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print $form->select_dolusers($agentid, 'agentid', 1, '', $user->rights->margins->read->all ? 0 : 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
|
||||
print img_picto('', 'user').$form->select_dolusers($agentid, 'agentid', 1, '', $user->rights->margins->read->all ? 0 : 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
|
||||
print '</td></tr>';
|
||||
|
||||
// Start date
|
||||
@ -308,14 +309,6 @@ if ($result)
|
||||
}
|
||||
$db->free($result);
|
||||
|
||||
print "\n".'<script type="text/javascript">
|
||||
$(document).ready(function() {
|
||||
$("#agentid").change(function() {
|
||||
$("div.fiche form").submit();
|
||||
});
|
||||
});
|
||||
</script>'."\n";
|
||||
|
||||
// End of page
|
||||
llxFooter();
|
||||
$db->close();
|
||||
|
||||
@ -87,6 +87,7 @@ $picto = 'margin';
|
||||
|
||||
|
||||
print '<form method="post" name="sel" action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
print dol_get_fiche_head($head, 'customerMargins', $titre, 0, $picto);
|
||||
|
||||
@ -101,7 +102,7 @@ if ($socid > 0) {
|
||||
{
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ThirdPartyName').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print $form->select_company($socid, 'socid', '(client=1 OR client=3)', 1, 0, 0);
|
||||
print img_picto('', 'company').$form->select_company($socid, 'socid', '(client=1 OR client=3)', 1, 0, 0);
|
||||
print '</td></tr>';
|
||||
|
||||
$client = true;
|
||||
@ -111,7 +112,7 @@ if ($socid > 0) {
|
||||
} else {
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ThirdPartyName').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print $form->select_company(null, 'socid', '(client=1 OR client=3)', 1, 0, 0);
|
||||
print img_picto('', 'company').$form->select_company(null, 'socid', '(client=1 OR client=3)', 1, 0, 0);
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
@ -138,16 +139,16 @@ foreach ($TRes as $prod) {
|
||||
$TProducts[$prod['key']] = $prod['label'];
|
||||
}
|
||||
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ChooseProduct/Service').'</td>';
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ProductOrService').'</td>';
|
||||
print '<td class="maxwidthonsmartpone" colspan="4">';
|
||||
print $form->multiselectarray('products', $TProducts, $TSelectedProducts, 0, 0, 'minwidth500');
|
||||
print img_picto('', 'product').$form->multiselectarray('products', $TProducts, $TSelectedProducts, 0, 0, 'minwidth500');
|
||||
print '</td></tr>';
|
||||
|
||||
// Categories
|
||||
$TCats = $form->select_all_categories(0, array(), '', 64, 0, 1);
|
||||
|
||||
print '<tr>';
|
||||
print '<td class="titlefield">'.$langs->trans('ChooseCategory').'</td>';
|
||||
print '<td class="titlefield">'.$langs->trans('Category').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print img_picto('', 'category').$form->multiselectarray('categories', $TCats, $TSelectedCats, 0, 0, 'quatrevingtpercent widthcentpercentminusx');
|
||||
print '</td>';
|
||||
@ -365,11 +366,6 @@ $db->free($result);
|
||||
|
||||
print '<script type="text/javascript">
|
||||
$(document).ready(function() {
|
||||
/*
|
||||
$("#socid").change(function() {
|
||||
$("div.fiche form").submit();
|
||||
});*/
|
||||
|
||||
$("#totalMargin").html("'.price($totalMargin, null, null, null, null, $rounding).'");
|
||||
$("#marginRate").html("'.(($marginRate === '') ? 'n/a' : price($marginRate, null, null, null, null, $rounding)."%").'");
|
||||
$("#markRate").html("'.(($markRate === '') ? 'n/a' : price($markRate, null, null, null, null, $rounding)."%").'");
|
||||
|
||||
@ -99,31 +99,23 @@ $titre = $langs->trans("Margins");
|
||||
$picto = 'margin';
|
||||
|
||||
print '<form method="post" name="sel" action="'.$_SERVER['PHP_SELF'].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
|
||||
print dol_get_fiche_head($head, 'productMargins', $titre, 0, $picto);
|
||||
|
||||
print '<table class="border centpercent">';
|
||||
|
||||
if ($id > 0) {
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ChooseProduct/Service').'</td>';
|
||||
print '<td class="maxwidthonsmartpone" colspan="4">';
|
||||
$form->select_produits($id, 'id', '', 20, 0, 1, 2, '', 1, array(), 0, 'All');
|
||||
print '</td></tr>';
|
||||
|
||||
if (!$sortorder) $sortorder = "DESC";
|
||||
if (!$sortfield) $sortfield = "f.datef";
|
||||
} else {
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ChooseProduct/Service').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
$form->select_produits('', 'id', '', 20, 0, 1, 2, '', 1, array(), 0, 'All');
|
||||
print '</td></tr>';
|
||||
}
|
||||
// Product
|
||||
print '<tr><td class="titlefield">'.$langs->trans('ProductOrService').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print img_picto('', 'product').$form->select_produits(($id > 0 ? $id : ''), 'id', '', 20, 0, 1, 2, '', 1, array(), 0, 'All', 0, '', 0, '', null, 1);
|
||||
print '</td></tr>';
|
||||
|
||||
// Categories
|
||||
$TCats = $form->select_all_categories(0, array(), '', 64, 0, 1);
|
||||
|
||||
print '<tr>';
|
||||
print '<td class="titlefield">'.$langs->trans('ChooseCategory').'</td>';
|
||||
print '<td class="titlefield">'.$langs->trans('Category').'</td>';
|
||||
print '<td class="maxwidthonsmartphone" colspan="4">';
|
||||
print img_picto('', 'category').$form->multiselectarray('categories', $TCats, $TSelectedCats, 0, 0, 'quatrevingtpercent widthcentpercentminusx');
|
||||
print '</td>';
|
||||
@ -350,15 +342,10 @@ $db->free($result);
|
||||
print '
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function() {
|
||||
|
||||
$("#id").change(function() {
|
||||
$("div.fiche form").submit();
|
||||
});
|
||||
|
||||
console.log("Init some values");
|
||||
$("#totalMargin").html("'.price(price2num($totalMargin, 'MT')).'");
|
||||
$("#marginRate").html("'.(($marginRate === '') ? 'n/a' : price(price2num($marginRate, 'MT'))."%").'");
|
||||
$("#markRate").html("'.(($markRate === '') ? 'n/a' : price(price2num($markRate, 'MT'))."%").'");
|
||||
|
||||
});
|
||||
</script>
|
||||
';
|
||||
|
||||
@ -107,7 +107,9 @@ if (($action == 'add' || $action == 'create') && empty($massaction) && !GETPOST(
|
||||
$features = $_SESSION['addvariant_'.$object->id];
|
||||
|
||||
if (!$features) {
|
||||
setEventMessages($langs->trans('ErrorFieldsRequired'), null, 'errors');
|
||||
if ($action == 'create') {
|
||||
setEventMessages($langs->trans('ErrorFieldsRequired'), null, 'errors');
|
||||
}
|
||||
} else {
|
||||
$reference = trim($reference);
|
||||
if (empty($reference)) {
|
||||
@ -763,11 +765,11 @@ if (!empty($id) || !empty($ref))
|
||||
|
||||
print ' <div class="inline-block divButAction">';
|
||||
|
||||
print '<a href="combinations.php?id='.$object->id.'&action=add" class="butAction">'.$langs->trans('NewProductCombination').'</a>'; // NewVariant
|
||||
print '<a href="combinations.php?id='.$object->id.'&action=add&token='.newToken().'" class="butAction">'.$langs->trans('NewProductCombination').'</a>'; // NewVariant
|
||||
|
||||
if ($productCombinations)
|
||||
{
|
||||
print '<a href="combinations.php?id='.$object->id.'&action=copy" class="butAction">'.$langs->trans('PropagateVariant').'</a>';
|
||||
print '<a href="combinations.php?id='.$object->id.'&action=copy&token='.newToken().'" class="butAction">'.$langs->trans('PropagateVariant').'</a>';
|
||||
}
|
||||
|
||||
print ' </div>';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user