Author: mor
Date: Wed Apr 22 14:34:35 2009
New Revision: 767540
URL: http://svn.apache.org/viewvc?rev=767540&view=rev
Log:
Securing URLs in FTL. Patch from Akash Jain.
Modified:
ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
Modified:
ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl?rev=767540&r1=767539&r2=767540&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
(original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl Wed
Apr 22 14:34:35 2009
@@ -17,6 +17,19 @@
under the License.
-->
+<script language="JavaScript" type="text/javascript">
+ function clearLine(facilityId, orderId, orderItemSeqId, productId,
shipGroupSeqId, inventoryItemId, packageSeqId) {
+ document.clearPackLineForm.facilityId.value = facilityId;
+ document.clearPackLineForm.orderId.value = orderId;
+ document.clearPackLineForm.orderItemSeqId.value = orderItemSeqId;
+ document.clearPackLineForm.productId.value = productId;
+ document.clearPackLineForm.shipGroupSeqId.value = shipGroupSeqId;
+ document.clearPackLineForm.inventoryItemId.value = inventoryItemId;
+ document.clearPackLineForm.packageSeqId.value = packageSeqId;
+ document.clearPackLineForm.submit();
+ }
+</script>
+
<#if security.hasEntityPermission("FACILITY", "_VIEW", session)>
<#assign showInput = requestParameters.showInput?default("Y")>
<#assign hideGrid = requestParameters.hideGrid?default("N")>
@@ -105,6 +118,15 @@
<input type="hidden" name="shipGroupSeqId"
value="${shipGroupSeqId?if_exists}"/>
<input type="hidden" name="facilityId"
value="${facilityId?if_exists}"/>
</form>
+ <form name="clearPackLineForm" method="post"
action="<@ofbizUrl>ClearPackLine</@ofbizUrl>">
+ <input type="hidden" name="facilityId"/>
+ <input type="hidden" name="orderId"/>
+ <input type="hidden" name="orderItemSeqId"/>
+ <input type="hidden" name="productId"/>
+ <input type="hidden" name="shipGroupSeqId"/>
+ <input type="hidden" name="inventoryItemId"/>
+ <input type="hidden" name="packageSeqId"/>
+ </form>
<form name="incPkgSeq" method="post"
action="<@ofbizUrl>SetNextPackageSeq</@ofbizUrl>">
<input type="hidden" name="orderId"
value="${orderId?if_exists}"/>
<input type="hidden" name="shipGroupSeqId"
value="${shipGroupSeqId?if_exists}"/>
@@ -425,7 +447,7 @@
<td
align="right">${line.getQuantity()}</td>
<td
align="right">${line.getWeight()}
(${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
<td
align="right">${line.getPackageSeq()}</td>
- <td align="right"><a
href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>"
class="buttontext">${uiLabelMap.CommonClear}</a></td>
+ <td align="right"><a
href="javascript:clearLine('${facilityId}', '${line.getOrderId()}',
'${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}',
'${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}',
'${line.getPackageSeq()}')"
class="buttontext">${uiLabelMap.CommonClear}</a></td>
</tr>
</#list>
</table>
@@ -469,7 +491,7 @@
<td
align="right">${line.getQuantity()}</td>
<td align="right">${line.getWeight()}
(${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
<td
align="right">${line.getPackageSeq()}</td>
- <td align="right"><a
href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>"
class="buttontext">${uiLabelMap.CommonClear}</a></td>
+ <td align="right"><a
href="javascript:clearLine('${facilityId}', '${line.getOrderId()}',
'${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}',
'${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}',
'${line.getPackageSeq()}')"
class="buttontext">${uiLabelMap.CommonClear}</a></td>
</tr>
</#list>
</table>