Re: svn commit: r567553 - in /ofbiz/trunk/applications/ecommerce: script/org/ofbiz/ecommerce/customer/CustomerEvents.xml webapp/ecommerce/customer/newcustomer.ftl webapp/ecommerce/login.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r567553 - in /ofbiz/trunk/applications/ecommerce: script/org/ofbiz/ecommerce/customer/CustomerEvents.xml webapp/ecommerce/customer/newcustomer.ftl webapp/ecommerce/login.ftl

David E Jones-2

I move for reverting this commit as a security measure. With this a user could create a URL to add themselves to whatever role they desire and sometimes security code uses unattached roles (even though it's not the best of security code practices).

-David


[hidden email] wrote:

> Author: hansbak
> Date: Sun Aug 19 23:25:02 2007
> New Revision: 567553
>
> URL: http://svn.apache.org/viewvc?rev=567553&view=rev
> Log:
> small change to optionally allow other roleTypes in the customer registration process
>
> Modified:
>     ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
>     ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
>     ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl
>
> Modified: ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original)
> +++ ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Sun Aug 19 23:25:02 2007
> @@ -39,7 +39,7 @@
>          <property-to-field resource="security" property="password.lowercase" default="false" field-name="password_lowercase"/>
>  
>          <now-timestamp-to-env env-name="nowStamp"/>
> -        <set value="CUSTOMER" field="parameters.roleTypeId"/>
> +        <set field="parameters.roleTypeId" from-field="parameters.ROLETYPEID" default-value="CUSTOMER"/>
>  
>          <if-compare field-name="allowPassword" operator="not-equals" value="Y">
>              <set from-field="defaultPassword" field="parameters.PASSWORD"/>
>
> Modified: ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl (original)
> +++ ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl Sun Aug 19 23:25:02 2007
> @@ -86,6 +86,7 @@
>  
>  <form method="post" action="<@ofbizUrl>createcustomer${previousParams}</@ofbizUrl>" name="newuserform" style="margin: 0;">
>  <input type="hidden" name="emailProductStoreId" value="${productStoreId}"/>
> +<input type="hidden" name="ROLETYPEID" value="${parameters.ROLETYPEID?if_exists}"/>
>  
>  <div class="screenlet">
>      <div class="screenlet-header">
>
> Modified: ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl (original)
> +++ ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl Sun Aug 19 23:25:02 2007
> @@ -75,6 +75,8 @@
>          </div>
>          <div class="screenlet-body" style="text-align: center;">
>            <form method="post" action="<@ofbizUrl>newcustomer${previousParams}</@ofbizUrl>" style="margin: 0;">
> +            <#-- optional field, default is 'CUSTOMER' -->
> +            <#--input type="hidden" name="ROLETYPEID" value="--enter roletypeId here--"/-->
>              <div class="tabletext">${uiLabelMap.CommonMayCreateNewAccountHere}:</div>
>              <div><input type="submit" class="smallSubmit" value="${uiLabelMap.CommonMayCreate}"/></div>
>            </form>
>
>