svn commit: r1748133 - /ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl

Mon, 13 Jun 2016 01:16:38 -0700 

Author: pranayp
Date: Mon Jun 13 08:15:35 2016
New Revision: 1748133

URL: http://svn.apache.org/viewvc?rev=1748133&view=rev
Log:
[OFBIZ-7270] - Fixed security error on Create New Shopping List in eCommerce.
 
 Thanks Mohammed Rehan Khan for the contribution.

Modified:
    
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl

Modified: 
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl?rev=1748133&r1=1748132&r2=1748133&view=diff
==============================================================================
--- 
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl 
(original)
+++ 
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl 
Mon Jun 13 08:15:35 2016
@@ -84,7 +84,10 @@ under the License.
 
 <div class="screenlet">
         <div class="boxlink">
-            <a 
href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>"
 class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            <form id="createEmptyShoppingList" 
action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+               <input type="hidden" name="productStoreId" 
value="${productStoreId!}" />
+               <a 
href="javascript:document.getElementById('createEmptyShoppingList').submit();" 
class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            </form>
         </div>
     <h3>${uiLabelMap.EcommerceShoppingLists}</h3>
     <div class="screenlet-body">
@@ -105,7 +108,10 @@ under the License.
           </form>
         <#else>
           <label>${uiLabelMap.EcommerceNoShoppingListsCreate}.</label>
-          <a 
href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>"
 class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+          <form id="createEmptyShoppingList" 
action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+             <input type="hidden" name="productStoreId" 
value="${productStoreId!}" />
+             <input type="submit" name="submit" class="smallSubmit" 
value="${uiLabelMap.CommonCreateNew}"/>
+          </form>
         </#if>
     </div>
 </div>

Reply via email to