Commit 93cc3ebbdc30d2a32de220b2a34fe93d29128bcc
1 parent
bb4a5e85
Ensure that all self-directed forms use POST method and PHP_SELF action.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4423 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
23 changed files
with
34 additions
and
34 deletions
templates/ktcore/edit_conditional.smarty
| 1 | 1 | <h2>{i18n}Edit Fieldset{/i18n}</h2> |
| 2 | 2 | |
| 3 | -<form> | |
| 3 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 4 | 4 | <fieldset> |
| 5 | 5 | <legend>{i18n}Current Fields in Set{/i18n}</legend> |
| 6 | 6 | |
| ... | ... | @@ -28,7 +28,7 @@ to this set.{/i18n}</p> |
| 28 | 28 | <legend>{i18n}Add Field to set{/i18n}</legend> |
| 29 | 29 | <p>{i18n}Fields which are currently not included in any set can be added |
| 30 | 30 | to this set.{/i18n}</p> |
| 31 | -<form> | |
| 31 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 32 | 32 | <input type="hidden" name="id" value="{$setId}" /> |
| 33 | 33 | <input type="hidden" name="action" value="addToFieldset"> |
| 34 | 34 | |
| ... | ... | @@ -52,7 +52,7 @@ to this set.{/i18n}</p> |
| 52 | 52 | <fieldset> |
| 53 | 53 | <legend>{i18n}Make this fieldset conditional{/i18n}</legend> |
| 54 | 54 | |
| 55 | -<form> | |
| 55 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 56 | 56 | <input type="hidden" name="id" value="{$setId}" /> |
| 57 | 57 | <input type="hidden" name="action" value="makeConditionalSet"> |
| 58 | 58 | ... | ... |
templates/ktcore/edit_fieldset.smarty
| 1 | 1 | <h2>{i18n}Edit Fieldset{/i18n}</h2> |
| 2 | 2 | |
| 3 | -<form> | |
| 3 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 4 | 4 | <fieldset> |
| 5 | 5 | <legend>{i18n}Current Fields in Set{/i18n}</legend> |
| 6 | 6 | <p>{i18n}Fields which are currently not included in any set can be added to this set.{/i18n}</p> |
| ... | ... | @@ -23,7 +23,7 @@ |
| 23 | 23 | <fieldset> |
| 24 | 24 | <legend>{i18n}Add Field to set{/i18n}</legend> |
| 25 | 25 | <p>{i18n}Fields which are currently not included in any set can be added to this set.{/i18n}</p> |
| 26 | -<form> | |
| 26 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 27 | 27 | <input type="hidden" name="id" value="{$setId}" /> |
| 28 | 28 | <input type="hidden" name="action" value="addToFieldset"> |
| 29 | 29 | |
| ... | ... | @@ -47,7 +47,7 @@ |
| 47 | 47 | <fieldset> |
| 48 | 48 | <legend>{i18n}Make this fieldset conditional{/i18n}</legend> |
| 49 | 49 | |
| 50 | -<form> | |
| 50 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 51 | 51 | <input type="hidden" name="id" value="{$setId}" /> |
| 52 | 52 | <input type="hidden" name="action" value="makeConditionalSet"> |
| 53 | 53 | ... | ... |
templates/ktcore/edit_lookuptrees.smarty
| ... | ... | @@ -40,7 +40,7 @@ |
| 40 | 40 | <h2>{i18n}Edit Lookup Tree{/i18n}: {$field->getName()}</h2> |
| 41 | 41 | |
| 42 | 42 | |
| 43 | -<form> | |
| 43 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 44 | 44 | <fieldset> |
| 45 | 45 | <legend>{i18n}Add New Subcategory{/i18n}</legend> |
| 46 | 46 | |
| ... | ... | @@ -63,7 +63,7 @@ |
| 63 | 63 | <p>{i18n}No free keywords. Use the "unlink" action on a keyword to |
| 64 | 64 | make it available.{/i18n}</p> |
| 65 | 65 | {else} |
| 66 | -<form> | |
| 66 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 67 | 67 | <fieldset> |
| 68 | 68 | <legend>{i18n}Link free keywords.{/i18n}</legend> |
| 69 | 69 | ... | ... |
templates/ktcore/folder/permissions.smarty
| ... | ... | @@ -83,7 +83,7 @@ parent's permissions{/i18n}</a>] |
| 83 | 83 | |
| 84 | 84 | { if $edit } |
| 85 | 85 | <div class="edit" id="edit"> |
| 86 | -<form method="POST"> | |
| 86 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 87 | 87 | <input type="hidden" name="action" value="update"> |
| 88 | 88 | <input type="hidden" name="fFolderId" value="{$iFolderId}"> |
| 89 | 89 | <table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%"> |
| ... | ... | @@ -159,7 +159,7 @@ $this->assign("aPermissions", $this->_tpl_vars['oDynamicCondition']->getAssignme |
| 159 | 159 | |
| 160 | 160 | { if $edit } |
| 161 | 161 | <h3>{i18n}Add a new dynamic permission{/i18n}</h3> |
| 162 | -<form> | |
| 162 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 163 | 163 | <table class="pretty" cellpadding="0" cellspacing="0"> |
| 164 | 164 | <input type="hidden" name="action" value="newDynamicPermission" /> |
| 165 | 165 | <input type="hidden" name="fFolderId" value="{$iFolderId}" /> | ... | ... |
templates/ktcore/manage_fieldsets.smarty
templates/ktcore/manage_lookuptrees.smarty
| 1 | 1 | <h2>{i18n}Manage Lookup Trees{/i18n}</h1> |
| 2 | -<form> | |
| 2 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 3 | 3 | <fieldset> |
| 4 | 4 | <legend>{i18n}Fields that have lookup categories.{/i18n}</legend> |
| 5 | 5 | |
| ... | ... | @@ -14,7 +14,7 @@ |
| 14 | 14 | </form> |
| 15 | 15 | |
| 16 | 16 | <h3>{i18n}Convert to Trees.{/i18n}</h3> |
| 17 | -<form> | |
| 17 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 18 | 18 | <fieldset> |
| 19 | 19 | <legend>{i18n}Lookup fields without categories.{/i18n}</legend> |
| 20 | 20 | ... | ... |
templates/ktcore/manage_permissions.smarty
| ... | ... | @@ -2,7 +2,7 @@ |
| 2 | 2 | |
| 3 | 3 | <p class="descriptiveText"><strong>FIXME</strong> add a useful explanation about permissions.</p> |
| 4 | 4 | |
| 5 | -<form> | |
| 5 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 6 | 6 | <fieldset> |
| 7 | 7 | <legend>{i18n}Create a new permission{/i18n}</legend> |
| 8 | 8 | <input type="hidden" name="action" value="newPermission"> | ... | ... |
templates/ktcore/metadata/conditional/editcomplex.smarty
| ... | ... | @@ -36,7 +36,7 @@ addLoadEvent(updateActiveFields); |
| 36 | 36 | {$context->oPage->requireJSStandalone($sJS)} |
| 37 | 37 | |
| 38 | 38 | <h2>{i18n}Edit Complex Conditional Metadata{/i18n}</h2> |
| 39 | -<form> | |
| 39 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 40 | 40 | <input type="hidden" name="fieldset_id" id="global-fieldset-id" value="{$fieldset_id}" /> |
| 41 | 41 | |
| 42 | 42 | <table> | ... | ... |
templates/ktcore/metadata/conditional/editsimple.smarty
| ... | ... | @@ -61,7 +61,7 @@ addLoadEvent(partial(editSimpleField, {$iMasterFieldId})); |
| 61 | 61 | |
| 62 | 62 | <h2>{i18n}Editing Fieldset Rules (Simple){/i18n}</h2> |
| 63 | 63 | |
| 64 | -<form> | |
| 64 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 65 | 65 | <input type="hidden" name="fieldset_id" id="global-fieldset-id" value="{$fieldset_id}" /> |
| 66 | 66 | |
| 67 | 67 | <table id="simple_conditional_edit"> | ... | ... |
templates/ktcore/metadata/conditional/select_fieldset.smarty
templates/ktcore/metadata/editFieldset.smarty
| ... | ... | @@ -69,7 +69,7 @@ field can depend on the user's selections for the others.{/i18n} |
| 69 | 69 | |
| 70 | 70 | {if $oFieldset->getIsConditional() } |
| 71 | 71 | |
| 72 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 72 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 73 | 73 | <input type="hidden" name="fFieldsetId" value="{$oFieldset->getId()}" /> |
| 74 | 74 | <input type="hidden" name="action" value="manageConditional" /> |
| 75 | 75 | <input type="submit" name="submit" value="{i18n}Manage conditional{/i18n}" /> | ... | ... |
templates/ktcore/principals/groupadmin.smarty
| ... | ... | @@ -6,7 +6,7 @@ |
| 6 | 6 | <p><a href="?action=addGroup" class="ktAction ktAddGroup" style="float: left; padding-right: 0.5em;">Add Group</a><a href="?action=addGroup">Add a new group</a>.</p> |
| 7 | 7 | |
| 8 | 8 | <!-- we roll both in here. --> |
| 9 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 9 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 10 | 10 | <fieldset> |
| 11 | 11 | <legend>{i18n}Search for groups{/i18n}</legend> |
| 12 | 12 | <p class="descriptiveText">{i18n}Since there may be many groups in the | ... | ... |
templates/ktcore/principals/groups_managesubgroups.smarty
| ... | ... | @@ -9,7 +9,7 @@ |
| 9 | 9 | <strong>FIXME</strong> there are potential unexpected |
| 10 | 10 | side-effects to this when used by unitAdmins.</p> |
| 11 | 11 | |
| 12 | -<form action="{$smarty.server.PHP_SELF}" method="GET" id="usergroupform"> | |
| 12 | +<form action="{$smarty.server.PHP_SELF}" method="POST" id="usergroupform"> | |
| 13 | 13 | <input type="hidden" name="action" value="updateGroupMembers" /> |
| 14 | 14 | <input type="hidden" name="group_id" value="{$edit_group->getId()}" /> |
| 15 | 15 | <!-- erk. FIXME clean up and remove OptionTransfer.js. --> | ... | ... |
templates/ktcore/principals/groups_manageusers.smarty
| ... | ... | @@ -7,7 +7,7 @@ |
| 7 | 7 | |
| 8 | 8 | <p class="descriptiveText"><strong>FIXME</strong> help text for group-editing. |
| 9 | 9 | |
| 10 | -<form action="{$smarty.server.PHP_SELF}" method="GET" id="usergroupform"> | |
| 10 | +<form action="{$smarty.server.PHP_SELF}" method="POST" id="usergroupform"> | |
| 11 | 11 | <input type="hidden" name="action" value="updateUserMembers" /> |
| 12 | 12 | <input type="hidden" name="group_id" value="{$edit_group->getId()}" /> |
| 13 | 13 | <!-- erk. FIXME clean up and remove OptionTransfer.js. --> | ... | ... |
templates/ktcore/principals/orgadmin.smarty
templates/ktcore/principals/roleadmin.smarty
| ... | ... | @@ -7,7 +7,7 @@ |
| 7 | 7 | |
| 8 | 8 | {if ($for_edit === false)} |
| 9 | 9 | |
| 10 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 10 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 11 | 11 | <fieldset> |
| 12 | 12 | <legend>{i18n}Add a Role{/i18n}</legend> |
| 13 | 13 | |
| ... | ... | @@ -25,7 +25,7 @@ |
| 25 | 25 | |
| 26 | 26 | {else} |
| 27 | 27 | |
| 28 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 28 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 29 | 29 | <fieldset> |
| 30 | 30 | <legend>{i18n}Change a role's details{/i18n}</legend> |
| 31 | 31 | ... | ... |
templates/ktcore/principals/unitadmin.smarty
| ... | ... | @@ -4,7 +4,7 @@ |
| 4 | 4 | |
| 5 | 5 | {if ($for_edit === false)} |
| 6 | 6 | |
| 7 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 7 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 8 | 8 | <fieldset> |
| 9 | 9 | <legend>{i18n}Add a unit{/i18n}</legend> |
| 10 | 10 | |
| ... | ... | @@ -22,7 +22,7 @@ |
| 22 | 22 | |
| 23 | 23 | {else} |
| 24 | 24 | |
| 25 | -<form action="{$smarty.server.PHP_SELF}" method="GET"> | |
| 25 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 26 | 26 | <fieldset> |
| 27 | 27 | <legend>{i18n}Change a unit's details{/i18n}</legend> |
| 28 | 28 | ... | ... |
templates/ktcore/principals/usergroups.smarty
| ... | ... | @@ -9,7 +9,7 @@ |
| 9 | 9 | <strong>FIXME</strong> there are potential unexpected |
| 10 | 10 | side-effects to this when used by unitAdmins.</p> |
| 11 | 11 | |
| 12 | -<form action="{$smarty.server.PHP_SELF}" method="GET" id="usergroupform"> | |
| 12 | +<form action="{$smarty.server.PHP_SELF}" method="POST" id="usergroupform"> | |
| 13 | 13 | <input type="hidden" name="action" value="updateGroups" /> |
| 14 | 14 | <input type="hidden" name="user_id" value="{$edit_user->getId()}" /> |
| 15 | 15 | <!-- erk. FIXME clean up and remove OptionTransfer.js. --> | ... | ... |
templates/ktcore/search/administration/conditions.smarty
| 1 | 1 | <h1>{i18n}Conditions{/i18n}</h1> |
| 2 | 2 | |
| 3 | 3 | <h2>{i18n}Create a new condition{/i18n}</h2> |
| 4 | -<form> | |
| 4 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 5 | 5 | <input type="hidden" name="action" value="new" /> |
| 6 | 6 | <input type="submit" name="submit" value="{i18n}New{/i18n}" /> |
| 7 | 7 | </form> |
| 8 | 8 | |
| 9 | 9 | {if $conditions} |
| 10 | 10 | <h2>{i18n}Edit existing conditions{/i18n}</h2> |
| 11 | -<form> | |
| 11 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 12 | 12 | <input type="hidden" name="action" value="edit" /> |
| 13 | 13 | {entity_radios entities=$conditions name="fSavedSearchId" assign=aRadios} |
| 14 | 14 | {foreach from=$aRadios item=sRadio} | ... | ... |
templates/ktcore/search/administration/savedsearches.smarty
| 1 | 1 | <h1>{i18n}Saved searches{/i18n}</h1> |
| 2 | 2 | |
| 3 | 3 | <h2>{i18n}Create a new saved search{/i18n}</h2> |
| 4 | -<form> | |
| 4 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 5 | 5 | <input type="hidden" name="action" value="new" /> |
| 6 | 6 | <input type="submit" name="submit" value="{i18n}New{/i18n}" /> |
| 7 | 7 | </form> |
| 8 | 8 | |
| 9 | 9 | {if $saved_searches} |
| 10 | 10 | <h2>{i18n}Edit existing saved searches{/i18n}</h2> |
| 11 | -<form> | |
| 11 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 12 | 12 | <input type="hidden" name="action" value="edit" /> |
| 13 | 13 | {entity_radios entities=$saved_searches name="fSavedSearchId" assign=aRadios} |
| 14 | 14 | {foreach from=$aRadios item=sRadio} | ... | ... |
templates/ktcore/widget_fieldset_conditional.smarty
| ... | ... | @@ -121,7 +121,7 @@ function triggerUpdate(formname) { |
| 121 | 121 | {$context->oPage->requireJSStandalone($sJS)} |
| 122 | 122 | |
| 123 | 123 | <!-- do we need to have more than one set of these on a page? --> |
| 124 | -<form > | |
| 124 | +<form method="POST" action="{$smarty.server.PHP_SELF}"> | |
| 125 | 125 | <input type="hidden" name="action" value="submitConditionalSet" /> |
| 126 | 126 | <input type="hidden" name="fieldset_id" class="resolved_conditional" value="{$fieldset_id}" /> |
| 127 | 127 | <!-- add items to handle save here. --> | ... | ... |
templates/ktstandard/authentication/ldapeditsource.smarty
templates/ktstandard/authentication/ldapedituser.smarty