svn commit: r1337059 - in /ofbiz/trunk/specialpurpose/ec
Locked
 
|
Author: lektran
Date: Fri May 11 08:23:21 2012 New Revision: 1337059 URL: http://svn.apache.org/viewvc?rev=1337059&view=rev Log: Changed the Anon Contact Us in ecommerce to use the improved captcha event. Also removed some bad code that would allow a user to impersonate another user and discover their name simply by entering that person's email address in the form. Modified: ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl Modified: ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=1337059&r1=1337058&r2=1337059&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original) +++ ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Fri May 11 08:23:21 2012 @@ -1280,47 +1280,18 @@ under the License. <add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressMissingError"/></add-error> <else> <if-validate-method field="parameters.emailAddress" method="isEmail" class="org.ofbiz.base.util.UtilValidate"> - <!-- Check existing email --> - <entity-condition list="contacts" entity-name="PartyContactDetailByPurpose"> - <condition-list> - <condition-expr field-name="infoString" from-field="parameters.emailAddress"/> - <condition-expr field-name="contactMechTypeId" value="EMAIL_ADDRESS"/> - <condition-expr field-name="contactMechPurposeTypeId" value="PRIMARY_EMAIL"/> - </condition-list> - </entity-condition> - <if-not-empty field="contacts"> - <first-from-list entry="contact" list="contacts"/> - <set field="isExistingEmail" type="Boolean" value="true"/> - </if-not-empty> <else> <add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressNotFormattedCorrectly"/></add-error> </else> </if-validate-method> </else> </if-empty> - <call-object-method obj-field="parameters.captcha" method-name="toLowerCase" ret-field="parameters.captcha"/> - <call-object-method obj-field="parameters.captchaCode" method-name="toLowerCase" ret-field="parameters.captchaCode"/> - <if-compare-field operator="not-equals" field="parameters.captcha" to-field="parameters.captchaCode"> + <call-object-method obj-field="parameters.captcha" method-name="toLowerCase" ret-field="submittedCaptcha"/> + <script>groovy: context.actualCaptcha = request.getSession().getAttribute("_CAPTCHA_CODE_")?.toLowerCase()</script> + <if-compare-field operator="not-equals" field="submittedCaptcha" to-field="actualCaptcha"> <add-error><fail-property resource="MyPortalUiLabels" property="MyPortalCaptchaMissingError"/></add-error> </if-compare-field> <check-errors/> - <!-- If email already exist, will go to confirm screen. --> - <if> - <condition> - <and> - <if-empty field="parameters.partyId"/> - <if-compare operator="equals" value="true" field="isExistingEmail"/> - </and> - </condition> - <then> - <entity-one value-field="person" entity-name="Person"> - <field-map field-name="partyId" from-field="contact.partyId"/> - </entity-one> - <field-to-request field="person" request-name="person"/> - <return response-code="confirm"/> - </then> - </if> - <!-- If person doesn't exist, will create new person and contact. --> <if-empty field="parameters.partyId"> <set-service-fields service-name="createPerson" to-map="newPerson" map="parameters"/> <call-service service-name="createPerson" in-map-name="newPerson"> Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml?rev=1337059&r1=1337058&r2=1337059&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml (original) +++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml Fri May 11 08:23:21 2012 @@ -1309,7 +1309,6 @@ under the License. </request-map> <request-map uri="AnonContactus"> <security https="true" auth="false"/> - <event type="java" invoke="getCodeCaptcha" path="org.ofbiz.common.Captcha"/> <response name="success" type="view" value="AnonContactus"/> </request-map> <request-map uri="contactsubmit"> @@ -1322,7 +1321,6 @@ under the License. <security https="true" auth="false"/> <event type="simple" invoke="createAnonContact" path="component://ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml"/> <response name="success" type="request-redirect" value="main"/> - <response name="confirm" type="request" value="AnonContactus"/> <response name="error" type="request" value="AnonContactus"/> </request-map> Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl?rev=1337059&r1=1337058&r2=1337059&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl (original) +++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl Fri May 11 08:23:21 2012 @@ -21,66 +21,16 @@ under the License. <div class="screenlet-title-bar"> <h3>${uiLabelMap.CommonContactUs}</h3> </div> -<#if parameters.person?has_content> - <#assign person = parameters.person/> - <div class="screenlet-body"> - <form name="contactForm" method="post" action="<@ofbizUrl>submitAnonContact</@ofbizUrl>"> - <input type="hidden" name="partyIdFrom" value="${(userLogin.partyId)?if_exists}" /> - <input type="hidden" name="partyIdTo" value="${productStore.payToPartyId?if_exists}"/> - <input type="hidden" name="contactMechTypeId" value="WEB_ADDRESS" /> - <input type="hidden" name="communicationEventTypeId" value="WEB_SITE_COMMUNICATI" /> - <input type="hidden" name="productStoreId" value="${productStore.productStoreId}" /> - <input type="hidden" name="emailType" value="CONT_NOTI_EMAIL" /> - <input type="hidden" name="captchaCode" value="${requestParameters.captchaCode?if_exists}"/> - <input type="hidden" name="captcha" value="${requestParameters.captcha?if_exists}"/> - <input type="hidden" name="partyId" value="${person.partyId?if_exists}"/> - <input type="hidden" name="emailAddress" value="${requestParameters.emailAddress?if_exists}"/> - <table class="basic-table" cellspacing="0"> - <tbody> - <tr> - <td class="label">${uiLabelMap.EcommerceSubject}</td> - <td><input type="text" name="subject" id="subject" class="required" value="${requestParameters.subject?if_exists}"/>*</td> - </tr> - <tr> - <td class="label">${uiLabelMap.CommonMessage}</td> - <td><textarea name="content" id="message" class="required" cols="50" rows="5">${requestParameters.content?if_exists}</textarea>*</td> - </tr> - <tr> - <td class="label">${uiLabelMap.FormFieldTitle_emailAddress}</td> - <td>${requestParameters.emailAddress?if_exists} (${uiLabelMap.CommonEmailAlreadyExist})</td> - </tr> - <tr> - <td class="label">${uiLabelMap.CommonFrom}</td> - <td>${person.firstName?if_exists} ${person.lastName?if_exists} (${uiLabelMap.FormFieldTitle_existingCustomer})</td> - </tr> - <tr> - <td class="label"></td> - <td><a class="smallsubmit" href="javascript: void(0)" onclick="document.contactForm.submit();">${uiLabelMap.CommonConfirm}</a><a href="<@ofbizUrl>AnonContactus</@ofbizUrl>" class="smallsubmit">${uiLabelMap.CommonCancel}</a></td> - </tr> - </tbody> - </table> - </form> - </div> -<#else> -<script type="text/javascript" language="JavaScript"> -<!-- - function reloadCaptcha(){ - var submitToUri = "<@ofbizUrl>reloadCaptchaImage</@ofbizUrl>"; - $.post(submitToUri, null, - function(data){ - document.getElementById("captchaImage").innerHTML = data; - }); - reloadCaptchaCode(); - } - function reloadCaptchaCode(){ - var submitToUri = "<@ofbizUrl>reloadCaptchaCode</@ofbizUrl>"; - $.post(submitToUri, null, - function(data){ - document.getElementById("captchaCode").innerHTML = data; - }); - } + <script type="text/javascript" language="JavaScript"> + <!-- + function reloadCaptcha() { + var captchaUri = "<@ofbizUrl>captcha.jpg?unique=_PLACEHOLDER_</@ofbizUrl>"; + var unique = Date.now(); + captchaUri = captchaUri.replace("_PLACEHOLDER_", unique); + document.getElementById("captchaImage").src = captchaUri; + } //--> -</script> + </script> <div class="screenlet-body"> <form id="contactForm" method="post" action="<@ofbizUrl>submitAnonContact</@ofbizUrl>"> <input type="hidden" name="partyIdFrom" value="${(userLogin.partyId)?if_exists}" /> @@ -92,10 +42,6 @@ under the License. <table class="basic-table" cellspacing="0"> <tbody> <tr> - <td></td> - <td><div id="captchaCode"><input type="hidden" value="${parameters.ID_KEY}" name="captchaCode"/></div></td> - </tr> - <tr> <td class="label">${uiLabelMap.EcommerceSubject}</td> <td><input type="text" name="subject" id="subject" class="required" value="${requestParameters.subject?if_exists}"/>*</td> </tr> @@ -117,7 +63,7 @@ under the License. </tr> <tr> <td class="label">${uiLabelMap.CommonCaptchaCode}</td> - <td><div id="captchaImage"><img src="${parameters.captchaFileName}" alt="" /></div><a href="javascript:reloadCaptcha();">${uiLabelMap.CommonReloadCaptchaCode}</a></td> + <td><div><img id="captchaImage" src="<@ofbizUrl>captcha.jpg?unique=${nowTimestamp.getTime()}</@ofbizUrl>" alt="" /></div><a href="javascript:reloadCaptcha();">${uiLabelMap.CommonReloadCaptchaCode}</a></td> </tr> <tr> <td class="label">${uiLabelMap.CommonVerifyCaptchaCode}</td> @@ -131,5 +77,4 @@ under the License. </table> </form> </div> -</#if> </div> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |