On second look there were no targets in this commit that needed to be secured.
Regards Scott On 7/06/2010, at 7:18 PM, Scott Gray wrote: > Quite a few of those links don't actually look like they needed to be secured > i.e. there is no event attached to that uri, orderview for example. > > Regards > Scott > > HotWax Media > http://www.hotwaxmedia.com > > On 7/06/2010, at 7:02 PM, [email protected] wrote: > >> Author: jleroux >> Date: Mon Jun 7 07:02:02 2010 >> New Revision: 952119 >> >> URL: http://svn.apache.org/viewvc?rev=952119&view=rev >> Log: >> Secure some targets. Note that they have been introduced since OFBIZ-2243 >> has been closed. >> Please committers use only target with parameter attribute (not in URL) for >> link and hyperlink fields when there is an action (ie DB modification) >> >> Modified: >> ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml >> ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml >> ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml >> ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml >> ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml >> >> ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml >> ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml >> >> Modified: ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml (original) >> +++ ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml Mon Jun 7 >> 07:02:02 2010 >> @@ -215,7 +215,12 @@ under the License. >> <field name="paymentId"><hyperlink >> target="paymentOverview?paymentId=${paymentId}" >> description="${paymentId}"/></field> >> <field name="amount"><display type="currency" >> currency="${currencyUomId}"/></field> >> <field name="origAmount"><display type="currency" >> currency="${origCurrencyUomId}"/></field> >> - <field name="acctgTransId"><hyperlink description="${acctgTransId}" >> target="EditAcctgTrans?acctgTransId=${acctgTransId}&organizationPartyId=${organizationPartyId}"/></field> >> + <field name="acctgTransId"> >> + <hyperlink description="${acctgTransId}" >> target="EditAcctgTrans"> >> + <parameter param-name="acctgTransId" >> from-field="acctgTransId"/> >> + <parameter param-name="organizationPartyId" >> from-field="organizationPartyId"/> >> + </hyperlink> >> + </field> >> <field name="acctgTransTypeId" >> title="${uiLabelMap.FormFieldTitle_acctgTransType}"><display-entity >> entity-name="AcctgTransType"/></field> >> <field name="glJournalId" >> title="${uiLabelMap.FormFieldTitle_glJournal}"><display-entity >> entity-name="GlJournal" description="${glJournalName}"/></field> >> <field name="glAccountTypeId" >> title="${uiLabelMap.FormFieldTitle_glAccountType}"><display-entity >> entity-name="GlAccountType"/></field> >> >> Modified: >> ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml >> (original) >> +++ ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml >> Mon Jun 7 07:02:02 2010 >> @@ -50,7 +50,9 @@ under the License. >> <auto-fields-entity entity-name="PaymentGatewayConfig" >> default-field-type="display"/> >> <field name="paymentGatewayConfigId"><hidden/></field> >> <field name="description" >> title="${uiLabelMap.AccountingPaymentGatewayConfigDescription}"> >> - <hyperlink description="${description}" >> target="EditPaymentGatewayConfig?paymentGatewayConfigId=${paymentGatewayConfigId}"/> >> + <hyperlink description="${description}" >> target="EditPaymentGatewayConfig"> >> + <parameter param-name="paymentGatewayConfigId" >> from-field="paymentGatewayConfigId"/> >> + </hyperlink> >> </field> >> <field name="paymentGatewayConfigTypeId" >> title="${uiLabelMap.AccountingPaymentGatewayConfigTypeId}"> >> <display-entity entity-name="PaymentGatewayConfigType" >> key-field-name="paymentGatewayConfigTypeId" description="${description}"/> >> @@ -385,7 +387,9 @@ under the License. >> <auto-fields-entity entity-name="PaymentGatewayConfigType" >> default-field-type="display"/> >> <field name="paymentGatewayConfigTypeId"><hidden/></field> >> <field name="description" >> title="${uiLabelMap.AccountingPaymentGatewayConfigTypeDescription}"> >> - <hyperlink description="${description}" >> target="EditPaymentGatewayConfigType?paymentGatewayConfigTypeId=${paymentGatewayConfigTypeId}"/> >> + <hyperlink description="${description}" >> target="EditPaymentGatewayConfigType"> >> + <parameter >> param-name="paymentGatewayConfigTypeId" >> from-field="paymentGatewayConfigTypeId"/> >> + </hyperlink> >> </field> >> </form> >> >> >> Modified: ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml >> (original) >> +++ ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml Mon >> Jun 7 07:02:02 2010 >> @@ -199,7 +199,9 @@ under the License. >> <form name="LookupAssociatedProducts" type="multi" use-row-submit="true" >> list-name="productList" title="" target="BulkAddProducts" >> paginate-target="LookupAssociatedProducts" >> default-title-style="tableheadtext" default-widget-style="inputBox" >> default-tooltip-style="tabletext"> >> <field name="productId" title="${uiLabelMap.ProductProductId}" >> widget-style="buttontext"> >> - <hyperlink description="${productId}" >> target="/catalog/control/EditProductInventoryItems?productId=${productId}" >> target-type="inter-app"/> >> + <hyperlink description="${productId}" >> target="/catalog/control/EditProductInventoryItems" target-type="inter-app"> >> + <parameter param-name="productId" >> from-field="productId"/> >> + </hyperlink> >> </field> >> <field name="brandName" >> title="${uiLabelMap.ProductBrandName}"><display/></field> >> <field name="internalName"><display/></field> >> >> Modified: >> ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml >> (original) >> +++ >> ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml >> Mon Jun 7 07:02:02 2010 >> @@ -287,7 +287,9 @@ under the License. >> <field name="communicationEventId"><display/></field> >> <field name="contactListId" use-when="contactListId!=null"> >> <display-entity entity-name="ContactList" >> description="${contactListName}"> >> - <sub-hyperlink >> target="/marketing/control/EditContactList?contactListId=${communicationEvent.contactListId}" >> description="[${communicationEvent.contactListId}]" >> target-type="inter-app"/> >> + <sub-hyperlink target="/marketing/control/EditContactList" >> description="[${communicationEvent.contactListId}]" target-type="inter-app"> >> + <parameter param-name="contactListId" >> from-field="communicationEvent.contactListId"/> >> + </sub-hyperlink> >> </display-entity> >> </field> >> <field name="partyIdFrom" use-when=""my"==void" >> title="${uiLabelMap.PartyPartyFrom}"> >> @@ -470,7 +472,9 @@ under the License. >> </service> >> </actions> >> <field name="orderId" title="${uiLabelMap.FormFieldTitle_orderId}"> >> - <hyperlink >> target="/ordermgr/control/orderview?orderId=${orderId}" >> description="${orderId}" target-type="inter-app"/> >> + <hyperlink target="/ordermgr/control/orderview" >> description="${orderId}" target-type="inter-app"> >> + <parameter param-name="orderId" from-field="orderId"/> >> + </hyperlink> >> </field> >> <field name="communicationEventId"> >> <hyperlink description="${communicationEventId}" >> target="ViewCommunicationEvent"> >> @@ -1022,7 +1026,9 @@ under the License. >> <set field="orderTypeId" from-field="orderHeader.orderTypeId"/> >> </row-actions> >> <field name="orderId" title="${uiLabelMap.FormFieldTitle_orderId}" >> widget-style="buttontext"> >> - <hyperlink >> target="/ordermgr/control/orderview?orderId=${orderId}" >> description="${orderId}" target-type="inter-app"/> >> + <hyperlink target="/ordermgr/control/orderview" >> description="${orderId}" target-type="inter-app"> >> + <parameter param-name="orderId" from-field="orderId"/> >> + </hyperlink> >> </field> >> <field name="communicationEventId"><hidden/></field> >> <field name="orderTypeId" title="${uiLabelMap.OrderOrderType}"> >> >> Modified: ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml >> (original) >> +++ ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml Mon Jun >> 7 07:02:02 2010 >> @@ -1997,7 +1997,9 @@ under the License. >> >> <form name="ListCommEvents" list-name="communicationEvents" type="list" >> header-row-style="header-row" default-table-style="basic-table"> >> <field name="communicationEventId" widget-style="buttontext"> >> - <hyperlink description="${communicationEventId}" >> target="/partymgr/control/EditCommunicationEvent?communicationEventId=${communicationEventId}" >> target-type="inter-app"/> >> + <hyperlink description="${communicationEventId}" >> target="/partymgr/control/EditCommunicationEvent" target-type="inter-app"> >> + <parameter param-name="communicationEventId" >> from-field="communicationEventId"/> >> + </hyperlink> >> </field> >> <field name="subject"><display/></field> >> <field name="communicationEventTypeId"><display-entity >> description="${description}" entity-name="CommunicationEventType" >> key-field-name="communicationEventTypeId"/></field> >> >> Modified: >> ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml >> (original) >> +++ >> ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml >> Mon Jun 7 07:02:02 2010 >> @@ -50,7 +50,9 @@ under the License. >> <auto-fields-entity entity-name="ShipmentGatewayConfig" >> default-field-type="display"/> >> <field name="shipmentGatewayConfigId"><hidden/></field> >> <field name="description" >> title="${uiLabelMap.FacilityShipmentGatewayConfigDescription}"> >> - <hyperlink description="${description}" >> target="EditShipmentGatewayConfig?shipmentGatewayConfigId=${shipmentGatewayConfigId}"/> >> + <hyperlink description="${description}" >> target="EditShipmentGatewayConfig"> >> + <parameter param-name="shipmentGatewayConfigId" >> from-field="shipmentGatewayConfigId"/> >> + </hyperlink> >> </field> >> <field name="shipmentGatewayConfTypeId" >> title="${uiLabelMap.FacilityShipmentGatewayConfigTypeId}"> >> <display-entity entity-name="ShipmentGatewayConfigType" >> key-field-name="shipmentGatewayConfTypeId" description="${description}"/> >> @@ -313,7 +315,9 @@ under the License. >> <auto-fields-entity entity-name="ShipmentGatewayConfigType" >> default-field-type="display"/> >> <field name="shipmentGatewayConfTypeId"><hidden/></field> >> <field name="description" >> title="${uiLabelMap.FacilityShipmentGatewayConfigTypeDescription}"> >> - <hyperlink description="${description}" >> target="EditShipmentGatewayConfigType?shipmentGatewayConfTypeId=${shipmentGatewayConfTypeId}"/> >> + <hyperlink description="${description}" >> target="EditShipmentGatewayConfigType"> >> + <parameter param-name="shipmentGatewayConfTypeId" >> from-field="shipmentGatewayConfTypeId"/> >> + </hyperlink> >> </field> >> </form> >> >> >> Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml?rev=952119&r1=952118&r2=952119&view=diff >> ============================================================================== >> --- ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml >> (original) >> +++ ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml Mon >> Jun 7 07:02:02 2010 >> @@ -340,7 +340,9 @@ >> <field name="estimatedStartDate" >> title="${uiLabelMap.WorkEffortEstimatedStartDate}"><date-time >> type="date"/></field> >> <field name="estimatedCompletionDate" >> title="${uiLabelMap.WorkEffortEstimatedCompletionDate}"><date-time >> type="date"/></field> >> <field name="edit" title=" "> >> - <hyperlink target="EditTask?workEffortId=${workEffortId}" >> description="${uiLabelMap.CommonEdit}"/> >> + <hyperlink target="EditTask" >> description="${uiLabelMap.CommonEdit"}> >> + <parameter param-name="workEffortId" >> from-field="workEffortId}"/> >> + </hyperlink> >> </field> >> <field name="submitButton" title="${uiLabelMap.CommonUpdate}"><submit >> button-type="button"/></field> >> </form> >> >> >
smime.p7s
Description: S/MIME cryptographic signature
