Re: svn commit: r787968 - /ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl

Wed, 24 Jun 2009 04:22:06 -0700 

Thanks for taking care of this Vikas!

Jacques

From: <[email protected]>

Author: mor
Date: Wed Jun 24 10:29:57 2009
New Revision: 787968

URL: http://svn.apache.org/viewvc?rev=787968&view=rev
Log:
Securing URLs in FTL. These changes were removed while doing a revert in rev. 
781008.
Note: These changes are already moved in release09.04.

Modified:
   ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl

Modified: 
ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl?rev=787968&r1=787967&r2=787968&view=diff 
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl 
(original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl Wed 
Jun 24 10:29:57 2009
@@ -17,6 +17,19 @@
under the License.
-->

+<script language="JavaScript" type="text/javascript">
+    function clearLine(facilityId, orderId, orderItemSeqId, productId, 
shipGroupSeqId, inventoryItemId, packageSeqId) {
+        document.clearPackLineForm.facilityId.value = facilityId;
+        document.clearPackLineForm.orderId.value = orderId;
+        document.clearPackLineForm.orderItemSeqId.value = orderItemSeqId;
+        document.clearPackLineForm.productId.value = productId;
+        document.clearPackLineForm.shipGroupSeqId.value = shipGroupSeqId;
+        document.clearPackLineForm.inventoryItemId.value = inventoryItemId;
+        document.clearPackLineForm.packageSeqId.value = packageSeqId;
+        document.clearPackLineForm.submit();
+    }
+</script>
+
<#if security.hasEntityPermission("FACILITY", "_VIEW", session)>
    <#assign showInput = requestParameters.showInput?default("Y")>
    <#assign hideGrid = requestParameters.hideGrid?default("N")>
@@ -115,6 +128,15 @@
              <input type="hidden" name="shipGroupSeqId" 
value="${shipGroupSeqId?if_exists}"/>
              <input type="hidden" name="facilityId" 
value="${facilityId?if_exists}"/>
            </form>
+            <form name="clearPackLineForm" method="post" 
action="<@ofbizUrl>ClearPackLine</@ofbizUrl>">
+                <input type="hidden" name="facilityId"/>
+                <input type="hidden" name="orderId"/>
+                <input type="hidden" name="orderItemSeqId"/>
+                <input type="hidden" name="productId"/>
+                <input type="hidden" name="shipGroupSeqId"/>
+                <input type="hidden" name="inventoryItemId"/>
+                <input type="hidden" name="packageSeqId"/>
+            </form>
        </div>
    </div>

@@ -429,7 +451,7 @@
                      <td align="right">${line.getQuantity()}</td>
<td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td> 
                      <td align="right">${line.getPackageSeq()}</td>
- <td align="right"><a href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&amp;productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td> + <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td> 
                    </tr>
                  </#list>
                </table>
@@ -473,7 +495,7 @@
                      <td align="right">${line.getQuantity()}</td>
<td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td> 
                      <td align="right">${line.getPackageSeq()}</td>
- <td align="right"><a href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&amp;productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td> + <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td> 
                  </tr>
              </#list>
            </table>

Reply via email to