Re: svn commit: r567553 - in /ofbiz/trunk/applications/ecommerce: script/org/ofbiz/ecommerce/customer/CustomerEvents.xml webapp/ecommerce/customer/newcustomer.ftl webapp/ecommerce/login.ftl

Mon, 20 Aug 2007 01:51:15 -0700 


I move for reverting this commit as a security measure. With this a user could 
create a URL to add themselves to whatever role they desire and sometimes 
security code uses unattached roles (even though it's not the best of security 
code practices).

-David


[EMAIL PROTECTED] wrote:

Author: hansbak
Date: Sun Aug 19 23:25:02 2007
New Revision: 567553

URL: http://svn.apache.org/viewvc?rev=567553&view=rev
Log:
small change to optionally allow other roleTypes in the customer registration 
process

Modified:
    
ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
    ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
    ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl

Modified: 
ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=567553&r1=567552&r2=567553&view=diff
==============================================================================
--- 
ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
 (original)
+++ 
ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
 Sun Aug 19 23:25:02 2007
@@ -39,7 +39,7 @@
         <property-to-field resource="security" property="password.lowercase" 
default="false" field-name="password_lowercase"/>
<now-timestamp-to-env env-name="nowStamp"/> 
-        <set value="CUSTOMER" field="parameters.roleTypeId"/>
+        <set field="parameters.roleTypeId" from-field="parameters.ROLETYPEID" 
default-value="CUSTOMER"/>
<if-compare field-name="allowPassword" operator="not-equals" value="Y"> 
             <set from-field="defaultPassword" field="parameters.PASSWORD"/>

Modified: 
ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl?rev=567553&r1=567552&r2=567553&view=diff
==============================================================================
--- 
ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl 
(original)
+++ 
ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl 
Sun Aug 19 23:25:02 2007
@@ -86,6 +86,7 @@
<form method="post" action="<@ofbizUrl>createcustomer${previousParams}</@ofbizUrl>" name="newuserform" style="margin: 0;"> 
 <input type="hidden" name="emailProductStoreId" value="${productStoreId}"/>
+<input type="hidden" name="ROLETYPEID" 
value="${parameters.ROLETYPEID?if_exists}"/>
<div class="screenlet"> 
     <div class="screenlet-header">

Modified: ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl?rev=567553&r1=567552&r2=567553&view=diff
==============================================================================
--- ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl (original)
+++ ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl Sun Aug 19 
23:25:02 2007
@@ -75,6 +75,8 @@
         </div>
         <div class="screenlet-body" style="text-align: center;">
           <form method="post" action="<@ofbizUrl>newcustomer${previousParams}</@ofbizUrl>" 
style="margin: 0;">
+            <#-- optional field, default is 'CUSTOMER' -->
+            <#--input type="hidden" name="ROLETYPEID" value="--enter roletypeId 
here--"/-->
             <div 
class="tabletext">${uiLabelMap.CommonMayCreateNewAccountHere}:</div>
             <div><input type="submit" class="smallSubmit" 
value="${uiLabelMap.CommonMayCreate}"/></div>
           </form>

Reply via email to