Author: pranayp
Date: Mon Jun 13 08:29:21 2016
New Revision: 1748137
URL:
http://svn.apache.org/viewvc?rev=1748137&view=revLog:
Manually applied fix from trunk revision 1748133.
---------------------------------------------------------------------
[OFBIZ-7270] - Fixed security error on Create New Shopping List in eCommerce.
Thanks Mohammed Rehan Khan for the contribution.
---------------------------------------------------------------------
Modified:
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
Modified: ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl?rev=1748137&r1=1748136&r2=1748137&view=diff==============================================================================
--- ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl (original)
+++ ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl Mon Jun 13 08:29:21 2016
@@ -83,7 +83,10 @@ under the License.
<div class="screenlet">
<div class="boxlink">
- <a href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+ <form id="createEmptyShoppingList" action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+ <input type="hidden" name="productStoreId" value="${productStoreId!}" />
+ <a href="javascript:document.getElementById('createEmptyShoppingList').submit();" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+ </form>
</div>
<h3> ${uiLabelMap.EcommerceShoppingLists}</h3>
<div class="screenlet-body">
@@ -103,7 +106,10 @@ under the License.
</form>
<#else>
<div>${uiLabelMap.EcommerceNoShoppingListsCreate}.</div>
- <a href="<@ofbizUrl>createEmptyShoppingList?productStoreId=${productStoreId}</@ofbizUrl>" class="submenutextright">${uiLabelMap.CommonCreateNew}</a>
+ <form id="createEmptyShoppingList" action="<@ofbizUrl>createEmptyShoppingList</@ofbizUrl>" method="post">
+ <input type="hidden" name="productStoreId" value="${productStoreId!}" />
+ <input type="submit" name="submit" class="smallSubmit" value="${uiLabelMap.CommonCreateNew}"/>
+ </form>
</#if>
</div>
</div>