svn commit: r1746824 - /ofbiz/branches/release13.07/a
Locked
 
|
Author: pranayp
Date: Sat Jun 4 13:26:02 2016 New Revision: 1746824 URL: http://svn.apache.org/viewvc?rev=1746824&view=rev Log: Manually applied fix from trunk revision 1746820. --------------------------------------------------------------------- [OFBIZ-7162] Fixed security issue with delete child period in EditCustomTimePeriod. Thanks Montalbano Florian for reporting the issue and thanks Arjun Kaushal for providing the patch. --------------------------------------------------------------------- Modified: ofbiz/branches/release13.07/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl Modified: ofbiz/branches/release13.07/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release13.07/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl?rev=1746824&r1=1746823&r2=1746824&view=diff ============================================================================== --- ofbiz/branches/release13.07/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl (original) +++ ofbiz/branches/release13.07/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl Sat Jun 4 13:26:02 2016 @@ -60,7 +60,7 @@ under the License. <td>${uiLabelMap.AccountingPeriodName}</td> <td>${uiLabelMap.CommonFromDate}</td> <td>${uiLabelMap.CommonThruDate}</td> - <td> </td> + <td colspan="2"> </td> </tr> <tr> <td>${currentCustomTimePeriod.customTimePeriodId}</td> @@ -124,12 +124,16 @@ under the License. </td> <td class="button-col"> <input type="submit" value='${uiLabelMap.CommonUpdate}'/> - <a href='<@ofbizUrl>deleteCustomTimePeriod?customTimePeriodId=${currentCustomTimePeriod.customTimePeriodId}</@ofbizUrl>'> - ${uiLabelMap.CommonDelete}</a> + </td> + </form> + <td class="button-col"> + <form method="post" action='<@ofbizUrl>deleteCustomTimePeriod</@ofbizUrl>' name='deleteCustomTimePeriodForm'> + <input type="hidden" name="customTimePeriodId" value="${currentCustomTimePeriod.customTimePeriodId!}" /> + <input type="submit" value='${uiLabelMap.CommonDelete}'/> + </form> </td> </tr> </table> - </form> <#else> <div class="screenlet-body">${uiLabelMap.AccountingNoCurrentCustomTimePeriodSelected}</div> </#if> @@ -152,7 +156,7 @@ under the License. <td>${uiLabelMap.AccountingPeriodName}</td> <td>${uiLabelMap.CommonFromDate}</td> <td>${uiLabelMap.CommonThruDate}</td> - <td> </td> + <td colspan="3"> </td> </tr> <#assign line = 0> <#list customTimePeriods as customTimePeriod> @@ -213,15 +217,20 @@ under the License. <#if nowTimestamp.after(compareDate)><#assign hasExpired = true></#if> </#if> <input type="text" size='13' name="thruDate" value="${customTimePeriod.thruDate?string("yyyy-MM-dd")}"<#if hasExpired> class="alert"</#if> /> - </td> - <td class="button-col"> + </td> + <td class="button-col"> <input type="submit" value='${uiLabelMap.CommonUpdate}'/> - <a href='<@ofbizUrl>deleteCustomTimePeriod?customTimePeriodId=${customTimePeriod.customTimePeriodId?if_exists}&currentCustomTimePeriodId=${currentCustomTimePeriodId?if_exists}&findOrganizationPartyId=${findOrganizationPartyId?if_exists}</@ofbizUrl>'> - ${uiLabelMap.CommonDelete}</a> - <a href='<@ofbizUrl>EditCustomTimePeriod?currentCustomTimePeriodId=${customTimePeriod.customTimePeriodId?if_exists}&findOrganizationPartyId=${findOrganizationPartyId?if_exists}</@ofbizUrl>'> + </form> + <td class="button-col"> + <form method="post" action='<@ofbizUrl>deleteCustomTimePeriod</@ofbizUrl>' name='lineForm${line}'> + <input type="hidden" name="customTimePeriodId" value="${customTimePeriod.customTimePeriodId!}" /> + <input type="submit" value='${uiLabelMap.CommonDelete}'/> + </form> + </td> + <td class="button-col"> + <a href='<@ofbizUrl>EditCustomTimePeriod?currentCustomTimePeriodId=${customTimePeriod.customTimePeriodId!}&findOrganizationPartyId=${findOrganizationPartyId!}</@ofbizUrl>'> ${uiLabelMap.CommonSetAsCurrent}</a> </td> - </form> </tr> </#list> </table> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |