ordernotes.ftl

mor Thu, 02 Jul 2009 02:17:08 -0700

Author: mor
Date: Thu Jul  2 09:16:40 2009
New Revision: 790512

URL: http://svn.apache.org/viewvc?rev=790512&view=rev
Log:
Secure URLs in FTL. Applied patch from Sharad Gupta, part of OFBIZ-2683 
(https://issues.apache.org/jira/browse/OFBIZ-2683)


Modified:
    ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl?rev=790512&r1=790511&r2=790512&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl 
(original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl Thu Jul 
 2 09:16:40 2009
@@ -47,11 +47,21 @@
                   <td align="right" valign="top" width="15%">
                     <#if note.internalNote?if_exists == "N">
                         ${uiLabelMap.OrderPrintableNote}
-                        <a 
href="<@ofbizUrl>updateOrderNote?orderId=${orderId}&noteId=${note.noteId}&internalNote=Y</@ofbizUrl>"
 class="buttontext">${uiLabelMap.OrderNotesPrivate}</a>
+                        <form name="privateNotesForm_${note_index}" 
method="post" action="<@ofbizUrl>updateOrderNote</@ofbizUrl>">
+                          <input type="hidden" name="orderId" 
value="${orderId}"/>
+                          <input type="hidden" name="noteId" 
value="${note.noteId}"/>
+                          <input type="hidden" name="internalNote" value="Y"/>
+                          <a 
href="javascript:document.privateNotesForm_${note_index}.submit()" 
class="buttontext">${uiLabelMap.OrderNotesPrivate}</a>
+                        </form>
                     </#if>
                     <#if note.internalNote?if_exists == "Y">
                         ${uiLabelMap.OrderNotPrintableNote}
-                        <a 
href="<@ofbizUrl>updateOrderNote?orderId=${orderId}&noteId=${note.noteId}&internalNote=N</@ofbizUrl>"
 class="buttontext">${uiLabelMap.OrderNotesPublic}</a>
+                        <form name="publicNotesForm_${note_index}" 
method="post" action="<@ofbizUrl>updateOrderNote</@ofbizUrl>">
+                          <input type="hidden" name="orderId" 
value="${orderId}"/>
+                          <input type="hidden" name="noteId" 
value="${note.noteId}"/>
+                          <input type="hidden" name="internalNote" value="N"/>
+                          <a 
href="javascript:document.publicNotesForm_${note_index}.submit()" 
class="buttontext">${uiLabelMap.OrderNotesPublic}</a>
+                        </form>
                     </#if>
                   </td>
                 </tr>

svn commit: r790512 - /ofbiz/trunk/applications/order/webapp/ordermgr/order/ordernotes.ftl

Reply via email to