svn commit: r1037506 - /ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl

Author: jleroux
Date: Sun Nov 21 17:29:48 2010
New Revision: 1037506

URL: http://svn.apache.org/viewvc?rev=1037506&view=rev
Log:
Fixes "Secure URL when reading messages (readmessage?communicationEventId)" (https://issues.apache.org/jira/browse/OFBIZ-4017) - OFBIZ-4017

To simplify the macro, I have also used a javascript call for the newmessage request even if it was unneeded (no event or service call)

Modified:
    ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl

Modified: ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl?rev=1037506&r1=1037505&r2=1037506&view=diff
==============================================================================
--- ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl (original)
+++ ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/messagelist.ftl Sun Nov 21 17:29:48 2010
@@ -17,7 +17,7 @@ specific language governing permissions
 under the License.
 -->
 
-<#macro showMessage communicationEvent isSentMessage>
+<#macro showMessage communicationEvent isSentMessage index>
   <#if communicationEvent.partyIdFrom?has_content>
     <#assign partyNameFrom = Static["org.ofbiz.party.party.PartyHelper"].getPartyName(delegator, communicationEvent.partyIdFrom, true)>
   <#else/>
@@ -34,9 +34,16 @@ under the License.
                 <td><div class="tabletext">${communicationEvent.subject?default("")}</div></td>
                 <td><div class="tabletext">${communicationEvent.entryDate}</div></td>
                 <td align="right">
-                  <a href="<@ofbizUrl>readmessage?communicationEventId=${communicationEvent.communicationEventId}</@ofbizUrl>" class="buttontext">${uiLabelMap.EcommerceRead}</a>
+                  <form method="post" action="<@ofbizUrl>readmessage</@ofbizUrl>" name="ecomm_read_mess${index}">
+                    <input name="communicationEventId" value="${communicationEvent.communicationEventId}" type="hidden"/>
+                  </form>
+                  <a href="javascript:document.ecomm_read_mess${index}.submit()">${uiLabelMap.EcommerceRead}</a>
+                  
                   <#if isSentMessage>
-                    <a href="<@ofbizUrl>newmessage?communicationEventId=${communicationEvent.communicationEventId}</@ofbizUrl>" class="buttontext">${uiLabelMap.PartyReply}</a>
+                  <form method="post" action="<@ofbizUrl>newmessage</@ofbizUrl>" name="ecomm_sent_mess${index}">
+                    <input name="communicationEventId" value="${communicationEvent.communicationEventId}" type="hidden"/>
+                  </form>
+                  <a href="javascript:document.ecomm_sent_mess${index}.submit()">${uiLabelMap.PartyReply}</a>
                   </#if>
                 </td>
               </tr>
@@ -67,10 +74,10 @@ under the License.
             </tr>
             <tr><td colspan="5"><hr/></td></tr>
             <#list receivedCommunicationEvents?if_exists as receivedCommunicationEvent>
-              <@showMessage communicationEvent=receivedCommunicationEvent isSentMessage=false/>
+              <@showMessage communicationEvent=receivedCommunicationEvent isSentMessage=false index=receivedCommunicationEvent_index/>
             </#list>
             <#list sentCommunicationEvents?if_exists as sentCommunicationEvent>
-              <@showMessage communicationEvent=sentCommunicationEvent isSentMessage=true/>
+              <@showMessage communicationEvent=sentCommunicationEvent isSentMessage=true index=sentCommunicationEvent_index/>
             </#list>
           </#if>
         </table>