This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 60dd569 Fixed: Handle special characters like single quote in
Freemarker template (prevent encoding) (OFBIZ-12029)
60dd569 is described below
commit 60dd569529eb9f9573c21be6216276cb746b1b21
Author: Jacques Le Roux <[email protected]>
AuthorDate: Tue Nov 10 11:09:46 2020 +0100
Fixed: Handle special characters like single quote in Freemarker template
(prevent encoding) (OFBIZ-12029)
A such case was reported by Amit Gadaley at
https://markmail.org/message/ybyjkngdiwrywut6
The solution is to use StringUtil.wrapString() to prevent encoding.
---
applications/order/template/entry/SplitShip.ftl | 4 ++--
applications/order/template/entry/cart/MiniCart.ftl | 6 +++---
applications/order/template/entry/cart/ShowCartItems.ftl | 8 ++++----
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/applications/order/template/entry/SplitShip.ftl
b/applications/order/template/entry/SplitShip.ftl
index f7dd3c7..6e43fd4 100644
--- a/applications/order/template/entry/SplitShip.ftl
+++ b/applications/order/template/entry/SplitShip.ftl
@@ -183,7 +183,7 @@ function submitForm(form, mode, value) {
</#if>
<#-- end code to display a small image of the product -->
<a
href="<@ofbizUrl>product?product_id=${cartLine.getProductId()}</@ofbizUrl>"
class="buttontext">${cartLine.getProductId()} -
- ${cartLine.getName(dispatcher)!}</a> :
${cartLine.getDescription(dispatcher)!}
+
${StringUtil.wrapString(cartLine.getName(dispatcher))!}</a> :
${StringUtil.wrapString(cartLine.getDescription(dispatcher))!}
<#-- display the registered ship groups and quantity -->
<#assign itemShipGroups = cart.getShipGroups(cartLine)>
@@ -203,7 +203,7 @@ function submitForm(form, mode, value) {
<#else>
<#-- this is a non-product item -->
- <b>${cartLine.getItemTypeDescription()!}</b> :
${cartLine.getName(dispatcher)!}
+
<b>${StringUtil.wrapString(cartLine.getItemTypeDescription())!}</b> :
${StringUtil.wrapString(cartLine.getName(dispatcher))!}
</#if>
</div>
diff --git a/applications/order/template/entry/cart/MiniCart.ftl
b/applications/order/template/entry/cart/MiniCart.ftl
index 0dba056..72a224b 100644
--- a/applications/order/template/entry/cart/MiniCart.ftl
+++ b/applications/order/template/entry/cart/MiniCart.ftl
@@ -60,12 +60,12 @@ under the License.
<td>
<#if cartLine.getProductId()??>
<#if cartLine.getParentProductId()??>
- <a href="<@ofbizCatalogAltUrl
productId=cartLine.getParentProductId()/>"
class="linktext">${cartLine.getName(dispatcher)}</a>
+ <a href="<@ofbizCatalogAltUrl
productId=cartLine.getParentProductId()/>"
class="linktext">${StringUtil.wrapString(cartLine.getName(dispatcher))}</a>
<#else>
- <a href="<@ofbizCatalogAltUrl
productId=cartLine.getProductId()/>"
class="linktext">${cartLine.getName(dispatcher)}</a>
+ <a href="<@ofbizCatalogAltUrl
productId=cartLine.getProductId()/>"
class="linktext">${StringUtil.wrapString(cartLine.getName(dispatcher))}</a>
</#if>
<#else>
- <strong>${cartLine.getItemTypeDescription()!}</strong>
+
<strong>${StringUtil.wrapString(cartLine.getItemTypeDescription())!}</strong>
</#if>
</td>
<td><@ofbizCurrency amount=cartLine.getDisplayItemSubTotal()
isoCode=shoppingCart.getCurrency()/></td>
diff --git a/applications/order/template/entry/cart/ShowCartItems.ftl
b/applications/order/template/entry/cart/ShowCartItems.ftl
index eebeb57..264a136 100644
--- a/applications/order/template/entry/cart/ShowCartItems.ftl
+++ b/applications/order/template/entry/cart/ShowCartItems.ftl
@@ -80,8 +80,8 @@ under the License.
<#if cartLine.getProductId()??>
<#-- product item -->
<a
href="<@ofbizUrl>product?product_id=${cartLine.getProductId()}</@ofbizUrl>"
class="buttontext">${cartLine.getProductId()}</a> -
- <input size="60" type="text"
name="description_${cartLineIndex}"
value="${cartLine.getName(dispatcher)?default("")}"/><br />
- <i>${cartLine.getDescription(dispatcher)!}</i>
+ <input size="60" type="text"
name="description_${cartLineIndex}"
value="${StringUtil.wrapString(cartLine.getName(dispatcher))?default("")}"/><br
/>
+
<i>${StringUtil.wrapString(cartLine.getDescription(dispatcher))!}</i>
<#if shoppingCart.getOrderType() != "PURCHASE_ORDER">
<#-- only applies to sales orders, not purchase orders
-->
<#-- if inventory is not required check to see if it is
out of stock and needs to have a message shown about that... -->
@@ -93,7 +93,7 @@ under the License.
</#if>
<#else>
<#-- this is a non-product item -->
- <b>${cartLine.getItemTypeDescription()!}</b> :
${cartLine.getName(dispatcher)!}
+
<b>${StringUtil.wrapString(StringUtil.wrapString(cartLine.getItemTypeDescription()))!}</b>
: ${StringUtil.wrapString(cartLine.getName(dispatcher))!}
</#if>
<#-- display the item's features -->
<#assign features = "">
@@ -132,7 +132,7 @@ under the License.
</#if>
<#if cartLine.getItemComment()?has_content>
<tr><td><div>${uiLabelMap.CommonComment} : </div></td>
- <td><div><input size="60" type="text"
name="comment_${cartLineIndex}"
value="${cartLine.getItemComment()?default("")}"/><br /></div></td>
+ <td><div><input size="60" type="text"
name="comment_${cartLineIndex}"
value="${StringUtil.wrapString(cartLine.getItemComment())?default("")}"/><br
/></div></td>
</tr>
</#if>
<#if cartLine.getDesiredDeliveryDate()?has_content>
