Author: pranayp
Date: Mon Jun 13 09:35:41 2016
New Revision: 1748156
URL: http://svn.apache.org/viewvc?rev=1748156&view=rev
Log:
[OFBIZ-7291] Applied slightly modified patch from the ticket to fix security
error on Remove Shopping List Item link in eCommerce.
Thanks Mohammed Rehan Khan for the contribution.
Modified:
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
Modified:
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl?rev=1748156&r1=1748155&r2=1748156&view=diff
==============================================================================
---
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
(original)
+++
ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
Mon Jun 13 09:35:41 2016
@@ -490,7 +490,13 @@ under the License.
</td>
<td>
<a
href="javascript:TimestampSubmit(listform_${shoppingListItem.shoppingListItemSeqId});"
class="button">${uiLabelMap.CommonUpdate}</a>
- <a
href="<@ofbizUrl>removeFromShoppingList?shoppingListId=${shoppingListItem.shoppingListId}&shoppingListItemSeqId=${shoppingListItem.shoppingListItemSeqId}</@ofbizUrl>"
class="button">${uiLabelMap.CommonRemove}</a>
+ <form name="removeFromShoppingList" method="post"
action="<@ofbizUrl>removeFromShoppingList</@ofbizUrl>">
+ <fieldset>
+ <input type="hidden" name="shoppingListId"
value="${shoppingListItem.shoppingListId!}">
+ <input type="hidden" name="shoppingListItemSeqId"
value="${shoppingListItem.shoppingListItemSeqId}">
+ </fieldset>
+ </form>
+ <a
href="javascript:document.removeFromShoppingList.submit();"
class="button">${uiLabelMap.CommonRemove}</a>
<#if isVirtual && productVariantAssocs?has_content>
<#assign replaceItemAction =
"/replaceShoppingListItem/" + requestAttributes._CURRENT_VIEW_?if_exists />
<#assign addToCartAction = "/additem/" +
requestAttributes._CURRENT_VIEW_?if_exists />
