svn commit: r1748137 - /ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1748137 - /ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

pranayp
Author: pranayp
Date: Mon Jun 13 08:29:21 2016
New Revision: 1748137

URL: http://svn.apache.org/viewvc?rev=1748137&view=rev
Log:
Manually applied fix from trunk revision 1748133.
---------------------------------------------------------------------

[OFBIZ-7270] - Fixed security error on Create New Shopping List in eCommerce.

 Thanks Mohammed Rehan Khan for the contribution.
---------------------------------------------------------------------

Modified:
    ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Modified: ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl?rev=1748137&r1=1748136&r2=1748137&view=diff
==============================================================================
--- ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl (original)
+++ ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl Mon Jun 13 08:29:21 2016
@@ -83,7 +83,10 @@ under the License.
 
 <div class="screenlet">
         <div class="boxlink">
-            <a href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            <form id="createEmptyShoppingList" action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+               <input type="hidden" name="productStoreId" value="${productStoreId!}" />
+               <a href="javascript:document.getElementById('createEmptyShoppingList').submit();" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+            </form>
         </div>
     <h3>&nbsp;${uiLabelMap.EcommerceShoppingLists}</h3>
     <div class="screenlet-body">
@@ -103,7 +106,10 @@ under the License.
           </form>
         <#else>
           <div>${uiLabelMap.EcommerceNoShoppingListsCreate}.</div>
-          <a href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+          <form id="createEmptyShoppingList" action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+             <input type="hidden" name="productStoreId" value="${productStoreId!}" />
+             <input type="submit" name="submit" class="smallSubmit" value="${uiLabelMap.CommonCreateNew}"/>
+          </form>
         </#if>
     </div>
 </div>