OFBiz › OFBiz - Commits

svn commit: r1860599 - in /ofbiz/ofbiz-framework/branches/release17.12/themes: common/template/macro/ rainbowstone/template/ rainbowstone/template/macro/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Deepak Dixit-5

svn commit: r1860599 - in /ofbiz/ofbiz-framework/branches/release17.12/themes: common/template/macro/ rainbowstone/template/ rainbowstone/template/macro/

Author: deepak
Date: Tue Jun 4 10:54:31 2019
New Revision: 1860599

URL: http://svn.apache.org/viewvc?rev=1860599&view=rev
Log:
Applied fix from trunk for revision: 1860597
===

Fixed: Html escaping missing for renderLink parameters
(OFBIZ-11090)
Parameters vlaue should be escaped to avoid any kind of corss site scripting issue.

Modified:
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl Tue Jun 4 10:54:31 2019
@@ -788,7 +788,7 @@ Parameter: delegatorName, String, option
<#macro makeHiddenFormLinkForm actionUrl name parameters targetWindow="">
<form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${name}">
<#list parameters as parameter>
- <input name="${parameter.name}" value="${parameter.value}" type="hidden"/>
+ <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/>
</#list>
</form>
</#macro>

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:54:31 2019
@@ -50,7 +50,7 @@ under the License.
<#if linkType?has_content && "hidden-form" == linkType>
<form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/>
<#list parameterList as parameter>
-<input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/>
+<input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/>
</#list>
</form><#rt/>
</#if>
@@ -63,7 +63,7 @@ under the License.
function ${uniqueItemName}_data() {
var data = {
<#list parameterList as parameter>
- "${parameter.name}": "${parameter.value}",
+ "${parameter.name}": "${parameter.value?html}",
</#list>
"presentation": "layer"
};

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl Tue Jun 4 10:54:31 2019
@@ -95,7 +95,7 @@ under the License.
<#if "hidden-form" == linkType>
<form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/>
<#list parameterList as parameter>
- <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/>
+ <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/>
</#list>
</form><#rt/>
</#if>
@@ -116,7 +116,7 @@ under the License.
function ${uniqueItemName}_data() {
var data = {
<#list parameterList as parameter>
- "${parameter.name}": "${parameter.value}",
+ "${parameter.name}": "${parameter.value?html}",
</#list>
"presentation": "layer"
};

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:54:31 2019
@@ -50,7 +50,7 @@ under the License.
<#if linkType?has_content && "hidden-form" == linkType>
<form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/>
<#list parameterList as parameter>
- <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/>
+ <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/>
</#list>
</form><#rt/>
</#if>
@@ -63,7 +63,7 @@ under the License.
function ${uniqueItemName}_data() {
var data = {
<#--list parameterList as parameter>
- "${parameter.name}": "${parameter.value}",
+ "${parameter.name}": "${parameter.value?html}",
</#list-->
"presentation": "layer"
};

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:54:31 2019
@@ -23,7 +23,7 @@ under the License.
<#if linkType?has_content && "hidden-form" == linkType>
<form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/>
<#list parameterList as parameter>
- <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/>
+ <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/>
</#list>
</form><#rt/>
</#if>
@@ -36,7 +36,7 @@ under the License.
function ${uniqueItemName}_data() {
var data = {
<#--list parameterList as parameter>
- "${parameter.name}": "${parameter.value}",
+ "${parameter.name}": "${parameter.value?html}",
</#list-->
"presentation": "layer"
};