svn commit: r1748135 - in /ofbiz/branches/release15.12: ./ specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Mon, 13 Jun 2016 01:28:55 -0700 

Author: pranayp
Date: Mon Jun 13 08:28:17 2016
New Revision: 1748135

URL: http://svn.apache.org/viewvc?rev=1748135&view=rev
Log:
Manually applied fix from trunk revision 1748133.
---------------------------------------------------------------------

[OFBIZ-7270] - Fixed security error on Create New Shopping List in eCommerce.

 Thanks Mohammed Rehan Khan for the contribution.
---------------------------------------------------------------------

Modified:
    ofbiz/branches/release15.12/   (props changed)
    
ofbiz/branches/release15.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Propchange: ofbiz/branches/release15.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 13 08:28:17 2016
@@ -9,4 +9,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744873,1744911,1745111,1745264,1745428,1745438,1745573,1745577,1745592,1745751,1746228,
 
1746422,1746459,1746524,1746527,1746536,1746601,1746676,1746714,1746755,1746805,1746832,1746890,1747223,1747349,1747498,1747639,1747642,1747646,1747650,1747661,1747956,1747959,1747963,1748121
+/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744873,1744911,1745111,1745264,1745428,1745438,1745573,1745577,1745592,1745751,1746228,
 
1746422,1746459,1746524,1746527,1746536,1746601,1746676,1746714,1746755,1746805,1746832,1746890,1747223,1747349,1747498,1747639,1747642,1747646,1747650,1747661,1747956,1747959,1747963,1748121,1748133

Modified: 
ofbiz/branches/release15.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release15.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl?rev=1748135&r1=1748134&r2=1748135&view=diff
==============================================================================
--- 
ofbiz/branches/release15.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
 (original)
+++ 
ofbiz/branches/release15.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
 Mon Jun 13 08:28:17 2016
@@ -84,7 +84,10 @@ under the License.
 
 <div class="screenlet">
         <div class="boxlink">
-            <a 
href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>"
 class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            <form id="createEmptyShoppingList" 
action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+               <input type="hidden" name="productStoreId" 
value="${productStoreId!}" />
+               <a 
href="javascript:document.getElementById('createEmptyShoppingList').submit();" 
class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            </form>
         </div>
     <h3>${uiLabelMap.EcommerceShoppingLists}</h3>
     <div class="screenlet-body">
@@ -105,7 +108,10 @@ under the License.
           </form>
         <#else>
           <label>${uiLabelMap.EcommerceNoShoppingListsCreate}.</label>
-          <a 
href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>"
 class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+          <form id="createEmptyShoppingList" 
action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+             <input type="hidden" name="productStoreId" 
value="${productStoreId!}" />
+             <input type="submit" name="submit" class="smallSubmit" 
value="${uiLabelMap.CommonCreateNew}"/>
+          </form>
         </#if>
     </div>
 </div>

Reply via email to