Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

disable CSFR security component for adding and editing node

  • Loading branch information...
commit bc0872725a6b7c8ddde767057676a18abf7f77c7 1 parent 069f930
@elcuro authored
Showing with 173 additions and 161 deletions.
  1. +157 −145 controllers/eshop_items_controller.php
  2. +16 −16 views/eshop_items/admin_add.ctp
View
302 controllers/eshop_items_controller.php
@@ -1,145 +1,157 @@
-<?php
-/**
-* Eshop items controller
-*
-* @author Juraj Jancuska <jjancuska@gmail.com>
-* @copyright (c) 2010 Juraj Jancuska
-* @license MIT License - http://www.opensource.org/licenses/mit-license.php
-*/
-class EshopItemsController extends EshopAppController {
-
- /**
- * Controller name
- *
- * @var string
- */
- public $name = 'EshopItems';
-
- /**
- * Used models
- *
- * @var array
- */
- public $uses = array(
- 'Node',
- 'Eshop.EshopItem'
- );
-
- /**
- * Admin Index controller
- * Admin items for current node
- *
- * @param integer $id Node id
- * @return void
- */
- public function admin_index($node_id = false) {
-
- if (!$node_id) {
- $this->Session->setFlash(__('Missing node id', true), 'default', 'error');
- }
-
- $items = $this->EshopItem->find('all', array('conditions' => array('node_id' => $node_id)));
- $node = $this->Node->read(null, $node_id);
-
- $this->set(compact('items', 'node'));
- $this->set('title_for_layout', __('Eshop items', true));
-
- }
-
- /**
- * Get all items for node,
- * used by requestAction from node admin (tab)
- *
- * @param integer $node_id
- * @return array
- */
- public function getItems($node_id) {
-
- return $this->EshopItem->find('all', array('conditions' => array('node_id' => $node_id)));
-
- }
-
- /**
- * Add item for node
- *
- * @param integer $node_id
- * @return array
- */
- public function admin_add($node_id = false) {
-
- if (!$node_id) {
- $this->Session->setFlash(__('Add supplier - Missing node id', true), 'default', array('class' => 'error'));
- $this->redirect($this->referer());
- }
-
- if (!empty($this->data)) {
- $this->EshopItem->create();
- if ($this->EshopItem->save($this->data)) {
- $this->Session->setFlash(__('Eshop Item has been saved', true), 'default', array('class' => 'success'));
- $this->redirect(array('action' => 'index', $this->data['EshopItem']['node_id']));
- } else {
- $this->Session->setFlash(__('Error during saving item', true), 'default', array('class' => 'error'));
- }
- }
-
- $suppliers = $this->EshopItem->EshopSupplier->find('list');
- $node = $this->Node->read(null, $node_id);
-
- $this->set(compact('suppliers', 'node'));
-
- }
-
- /**
- * Add item for node
- *
- * @param integer $node_id
- * @return array
- */
- public function admin_edit($id = false) {
-
- if (!$id) {
- $this->Session->setFlash(__('Missing Item ID', true), 'default', array('class' => 'error'));
- $this->redirect($this->referer());
- }
-
- if (!empty($this->data)) {
- $this->EshopItem->create();
- if ($this->EshopItem->save($this->data)) {
- $this->Session->setFlash(__('Eshop Item has been updated', true), 'default', array('class' => 'success'));
- $this->redirect(array('action' => 'index', $this->data['EshopItem']['node_id']));
- } else {
- $this->Session->setFlash(__('Error during updating item', true), 'default', array('class' => 'error'));
- }
- }
-
- $suppliers = $this->EshopItem->EshopSupplier->find('list');
- $this->set(compact('suppliers'));
-
- $this->data = $this->EshopItem->read(null, $id);
-
- }
-
- /**
- * Delete item
- *
- * @param integer $id Item id
- * @return array
- */
- public function admin_delete($id) {
-
- if (!$id) {
- $this->Session->setFlash(__('Missing Item ID', true), 'default', array('class' => 'error'));
- $this->redirect($this->referer());
- }
-
- if($this->EshopItem->delete($id)) {
- $this->Session->setFlash(__('Item successfully deleted', true), 'default', array('class' => 'success'));
- $this->redirect($this->referer());
- } else {
- $this->Session->setFlash(__('Error occured while deleting item', true), 'default', array('class' => 'error'));
- $this->redirect($this->referer());
- }
-
- }
-
-}
+<?php
+/**
+* Eshop items controller
+*
+* @author Juraj Jancuska <jjancuska@gmail.com>
+* @copyright (c) 2010 Juraj Jancuska
+* @license MIT License - http://www.opensource.org/licenses/mit-license.php
+*/
+class EshopItemsController extends EshopAppController {
+
+ /**
+ * Controller name
+ *
+ * @var string
+ */
+ public $name = 'EshopItems';
+
+ /**
+ * Used models
+ *
+ * @var array
+ */
+ public $uses = array(
+ 'Node',
+ 'Eshop.EshopItem'
+ );
+
+ /**
+ * Before filter callback,
+ * disable CSFR security check to avoid security error
+ *
+ * @return void
+ */
+ function beforeFilter() {
+ parent::beforeFilter();
+ $this->Security->validatePost = false;
+ }
+
+
+ /**
+ * Admin Index controller
+ * Admin items for current node
+ *
+ * @param integer $id Node id
+ * @return void
+ */
+ public function admin_index($node_id = false) {
+
+ if (!$node_id) {
+ $this->Session->setFlash(__('Missing node id', true), 'default', 'error');
+ }
+
+ $items = $this->EshopItem->find('all', array('conditions' => array('node_id' => $node_id)));
+ $node = $this->Node->read(null, $node_id);
+
+ $this->set(compact('items', 'node'));
+ $this->set('title_for_layout', __('Eshop items', true));
+
+ }
+
+ /**
+ * Get all items for node,
+ * used by requestAction from node admin (tab)
+ *
+ * @param integer $node_id
+ * @return array
+ */
+ public function getItems($node_id) {
+
+ return $this->EshopItem->find('all', array('conditions' => array('node_id' => $node_id)));
+
+ }
+
+ /**
+ * Add item for node
+ *
+ * @param integer $node_id
+ * @return array
+ */
+ public function admin_add($node_id = false) {
+
+ if (!$node_id) {
+ $this->Session->setFlash(__('Add supplier - Missing node id', true), 'default', array('class' => 'error'));
+ $this->redirect($this->referer());
+ }
+
+ if (!empty($this->data)) {
+ $this->EshopItem->create();
+ if ($this->EshopItem->save($this->data)) {
+ $this->Session->setFlash(__('Eshop Item has been saved', true), 'default', array('class' => 'success'));
+ $this->redirect(array('action' => 'index', $this->data['EshopItem']['node_id']));
+ } else {
+ $this->Session->setFlash(__('Error during saving item', true), 'default', array('class' => 'error'));
+ }
+ }
+
+ $suppliers = $this->EshopItem->EshopSupplier->find('list');
+ $node = $this->Node->read(null, $node_id);
+
+ $this->set(compact('suppliers', 'node'));
+
+ }
+
+ /**
+ * Add item for node
+ *
+ * @param integer $node_id
+ * @return array
+ */
+ public function admin_edit($id = false) {
+
+ if (!$id) {
+ $this->Session->setFlash(__('Missing Item ID', true), 'default', array('class' => 'error'));
+ $this->redirect($this->referer());
+ }
+
+ if (!empty($this->data)) {
+ $this->EshopItem->create();
+ if ($this->EshopItem->save($this->data)) {
+ $this->Session->setFlash(__('Eshop Item has been updated', true), 'default', array('class' => 'success'));
+ $this->redirect(array('action' => 'index', $this->data['EshopItem']['node_id']));
+ } else {
+ $this->Session->setFlash(__('Error during updating item', true), 'default', array('class' => 'error'));
+ }
+ }
+
+ $suppliers = $this->EshopItem->EshopSupplier->find('list');
+ $this->set(compact('suppliers'));
+
+ $this->data = $this->EshopItem->read(null, $id);
+
+ }
+
+ /**
+ * Delete item
+ *
+ * @param integer $id Item id
+ * @return array
+ */
+ public function admin_delete($id) {
+
+ if (!$id) {
+ $this->Session->setFlash(__('Missing Item ID', true), 'default', array('class' => 'error'));
+ $this->redirect($this->referer());
+ }
+
+ if($this->EshopItem->delete($id)) {
+ $this->Session->setFlash(__('Item successfully deleted', true), 'default', array('class' => 'success'));
+ $this->redirect($this->referer());
+ } else {
+ $this->Session->setFlash(__('Error occured while deleting item', true), 'default', array('class' => 'error'));
+ $this->redirect($this->referer());
+ }
+
+ }
+
+}
View
32 views/eshop_items/admin_add.ctp
@@ -2,30 +2,30 @@
<h2>
<?php __('Add item for'); ?>&nbsp;
<?php
- echo $html->link($node['Node']['title'], array(
+ echo $this->Html->link($node['Node']['title'], array(
'plugin' => false,
'controller' => 'nodes',
'action' => 'edit',
$node['Node']['id'])
);?>
</h2>
- <?php echo $form->create('EshopItem', array('url' => array($node['Node']['id'])));?>
+ <?php echo $this->Form->create('EshopItem', array('url' => array($node['Node']['id'])));?>
<fieldset>
<?php
- echo $form->hidden('node_id', array('value' => $node['Node']['id']));
- echo $form->hidden('parent_id', array('value' => $node['Node']['id']));
- echo $form->input('eshop_supplier_id', array('options' => $suppliers, 'label' => __('Supplier', true)));
- echo $form->input('title', array('label' => __('Title', true)));
- echo $form->input('description', array('label' => __('Description', true)));
- echo $form->input('order_code', array('label' => __('Our order code (if any)', true)));
- echo $form->input('vat', array('value' => Configure::read('Eshop.vat'), 'label' => __('VAT (in %)', true)));
- echo $form->input('price_without_vat', array('label' => __('Price without VAT', true)));
- echo $form->input('delivery_days', array('value' => 7,'label' => __('Delivery (days)', true)));
- echo $form->input('on_stock', array('value' => 1, 'label' => __('On stock (pcs.)', true)));
- echo $form->input('supplier_price', array('label' => __('Supplier price', true)));
- echo $form->input('supplier_order_code', array('label' => __('Supplier order code', true)));
- echo $form->input('discount_percentage', array('label' => __('Discount (in %)', true)));
+ echo $this->Form->hidden('node_id', array('value' => $node['Node']['id']));
+ echo $this->Form->hidden('parent_id', array('value' => $node['Node']['id']));
+ echo $this->Form->input('eshop_supplier_id', array('options' => $suppliers, 'label' => __('Supplier', true)));
+ echo $this->Form->input('title', array('label' => __('Title', true)));
+ echo $this->Form->input('description', array('label' => __('Description', true)));
+ echo $this->Form->input('order_code', array('label' => __('Our order code (if any)', true)));
+ echo $this->Form->input('vat', array('value' => Configure::read('Eshop.vat'), 'label' => __('VAT (in %)', true)));
+ echo $this->Form->input('price_without_vat', array('label' => __('Price without VAT', true)));
+ echo $this->Form->input('delivery_days', array('value' => 7,'label' => __('Delivery (days)', true)));
+ echo $this->Form->input('on_stock', array('value' => 1, 'label' => __('On stock (pcs.)', true)));
+ echo $this->Form->input('supplier_price', array('label' => __('Supplier price', true)));
+ echo $this->Form->input('supplier_order_code', array('label' => __('Supplier order code', true)));
+ echo $this->Form->input('discount_percentage', array('label' => __('Discount (in %)', true)));
?>
</fieldset>
- <?php echo $form->end('Submit');?>
+ <?php echo $this->Form->end(__('Submit', true));?>
</div>

0 comments on commit bc08727

Please sign in to comment.
Something went wrong with that request. Please try again.