Author: pranayp
Date: Wed Jun 22 14:02:43 2016
New Revision: 1749704
URL:
http://svn.apache.org/viewvc?rev=1749704&view=revLog:
[OFBIZ-7523] Fixed security error in deleting AddressMatchMap for party. Thanks Chandan Khandelwal for reporting the issue and providing the patch.
Modified:
ofbiz/trunk/applications/party/template/party/AddressMatchMap.ftl
Modified: ofbiz/trunk/applications/party/template/party/AddressMatchMap.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/template/party/AddressMatchMap.ftl?rev=1749704&r1=1749703&r2=1749704&view=diff==============================================================================
--- ofbiz/trunk/applications/party/template/party/AddressMatchMap.ftl (original)
+++ ofbiz/trunk/applications/party/template/party/AddressMatchMap.ftl Wed Jun 22 14:02:43 2016
@@ -85,7 +85,13 @@ under the License.
<td>=></td>
<td>${map.mapValue}</td>
<td>${map.sequenceNum!}</td>
- <td class="button-col"><a href="<@ofbizUrl>removeAddressMatchMap?mapKey=${map.mapKey}&mapValue=${map.mapValue}</@ofbizUrl>">${uiLabelMap.CommonDelete}</a></td>
+ <td class="button-col">
+ <form name="removeAddressMatchMap_${map_index}" method="post" action="<@ofbizUrl>removeAddressMatchMap</@ofbizUrl>">
+ <input type="hidden" name="mapKey" value="${map.mapKey}" />
+ <input type="hidden" name="mapValue" value="${map.mapValue}" />
+ <input type="submit" value="${uiLabelMap.CommonDelete}" />
+ </form>
+ </td>
</tr>
<#-- toggle the row color -->
@@ -95,4 +101,4 @@ under the License.
</#if>
</div>
</div>
-<!-- end addressMatchMap.ftl -->
\ No newline at end of file
+<!-- end addressMatchMap.ftl -->
Locked
