svn commit: r1748163 - /ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Mon, 13 Jun 2016 02:45:47 -0700 

Author: pranayp
Date: Mon Jun 13 09:44:57 2016
New Revision: 1748163

URL: http://svn.apache.org/viewvc?rev=1748163&view=rev
Log:
Manually applied fix from trunk revision 1748156.
[OFBIZ-7291] Applied patch from the ticket to fix security error on Remove 
Shopping List Item link in eCommerce. Thanks Mohammed Rehan Khan for the 
contribution.

Modified:
    
ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Modified: 
ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl?rev=1748163&r1=1748162&r2=1748163&view=diff
==============================================================================
--- 
ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
 (original)
+++ 
ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
 Mon Jun 13 09:44:57 2016
@@ -506,7 +506,13 @@ under the License.
                     </td>
                     <td align="right">
                         <a href="#" 
onclick="javascript:TimestampSubmit(listform_${shoppingListItem.shoppingListItemSeqId});"
 class="buttontext">${uiLabelMap.CommonUpdate}</a>
-                        <a 
href="<@ofbizUrl>removeFromShoppingList?shoppingListId=${shoppingListItem.shoppingListId}&amp;shoppingListItemSeqId=${shoppingListItem.shoppingListItemSeqId}</@ofbizUrl>"
 class="buttontext">${uiLabelMap.CommonRemove}</a>
+                        <a 
href="javascript:document.removeFromShoppingList.submit();" 
class="buttontext">${uiLabelMap.CommonRemove}</a>
+                        <form name="removeFromShoppingList" method="post" 
action="<@ofbizUrl>removeFromShoppingList</@ofbizUrl>">
+                          <fieldset>
+                            <input type="hidden" name="shoppingListId" 
value="${shoppingListItem.shoppingListId!}">
+                            <input type="hidden" name="shoppingListItemSeqId" 
value="${shoppingListItem.shoppingListItemSeqId}">
+                          </fieldset>
+                        </form>
                       <#if isVirtual && productVariantAssocs?has_content>
                         <#assign replaceItemAction = 
"/replaceShoppingListItem/" + requestAttributes._CURRENT_VIEW_?if_exists>
                         <#assign addToCartAction = "/additem/" + 
requestAttributes._CURRENT_VIEW_?if_exists>

Reply via email to