major updates to security and hacking logick

app/assets/javascripts/user/quser.js.coffee

@@ -208,12 +208,14 @@ class Quser
       $.getJSON(data_host + '/user/list_history.json?'+@authentication_string+'&page='+page, (res) =>
         @paginate(res, @load_list_history)
         container = $('#list-history-container').html('')
+        return unless res.lists
         for list in res.lists
           container.append @mustache('#list-history-template', new List(list) )
       )
   paginate: (wrapper, callback) ->
     container = $('nav.pagination')
     container.html('')
+    return unless wrapper.num_pages
     list = $('<ul></ul>').appendTo(container)
     if wrapper.num_pages && wrapper.num_pages > 1
       for i in [1..wrapper.num_pages]
@@ -224,7 +226,7 @@ class Quser
           li.addClass('active')
         else
           callback = ((i)->
-            -> 
+            ->
               Qstorage.page = i
               window.Quser.load_list_history()
           )(i)
@@ -240,9 +242,7 @@ class Quser
     Mustache.to_html($(selector).html(), locs)
   build_list_table: (body, foot, res) ->
     body.find('tr').remove()
-    if !res.orders && !res.orders.length
-      Qwaiter.alert('No orders in list')
-      return
+    return unless res.orders
     m_obj = res
     body.append @mustache('#active-list-order-template', new Order(order)) for order in m_obj.orders
     $('.list-total-amount').html(currency(m_obj.total_amount))
@@ -265,9 +265,9 @@ class Quser
         return
      
     if res['message'] && !res['ok']
-      redirect_to 'user_root', {message: res['message']}
-    else
-      redirect_to res.location || 'list_products' if res['ok']
+      redirect_to res.location || 'user_root', $.extend({message: res['message']}, res.location_params)
+    else if res.ok
+      redirect_to res.location || 'list_products', $.extend({message: res['message']}, res.location_params)
   build_product_list: ->
     total = 0.0
     h = {products: []}