svn commit: r758502 - /ofbiz/trunk/applications/orde
Locked
 
|
Author: jonesde
Date: Thu Mar 26 02:23:20 2009 New Revision: 758502 URL: http://svn.apache.org/viewvc?rev=758502&view=rev Log: A modified version of the patch from Deepesh Kapoort in OFBIZ-2252, see issue comments for changes from original; resolves issue with insecure information passed to the server for status change links, which now must be encrypted in the form body in order to protect from spoofed requests and the like Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderinfo.ftl Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderinfo.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderinfo.ftl?rev=758502&r1=758501&r2=758502&view=diff ============================================================================== --- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderinfo.ftl (original) +++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderinfo.ftl Thu Mar 26 02:23:20 2009 @@ -24,17 +24,47 @@ <#assign externalOrder = "(" + orderHeader.externalId + ")"/> </#if> <#assign orderType = orderHeader.getRelatedOne("OrderType")/> - <li class="h3"> ${orderType?if_exists.get("description", locale)?default(uiLabelMap.OrderOrder)} #<a href="<@ofbizUrl>/orderview?orderId=${orderId}</@ofbizUrl>">${orderId}</a> ${externalOrder?if_exists} [ <a href="<@ofbizUrl>order.pdf?orderId=${orderId}</@ofbizUrl>" target="_blank">PDF</a> ]</li> + <li class="h3"> ${orderType?if_exists.get("description", locale)?default(uiLabelMap.OrderOrder)} #<a href="<@ofbizUrl>orderview?orderId=${orderId}</@ofbizUrl>">${orderId}</a> ${externalOrder?if_exists} [ <a href="<@ofbizUrl>order.pdf?orderId=${orderId}</@ofbizUrl>" target="_blank">PDF</a> ]</li> <#if currentStatus.statusId == "ORDER_CREATED" || currentStatus.statusId == "ORDER_PROCESSING"> - <li><a href="<@ofbizUrl>changeOrderStatus/orderview?statusId=ORDER_APPROVED&setItemStatus=Y&${paramString}</@ofbizUrl>">${uiLabelMap.OrderApproveOrder}</a></li> + <li><a href="javascript:document.OrderApproveOrder.submit()">${uiLabelMap.OrderApproveOrder}</a></li> + <form name="OrderApproveOrder" method="post" action="<@ofbizUrl>changeOrderStatus/orderview</@ofbizUrl>"> + <input type="hidden" name="statusId" value="ORDER_APPROVED"> + <input type="hidden" name="setItemStatus" value="Y"> + <input type="hidden" name="workEffortId" value=${workEffortId?if_exists}> + <input type="hidden" name="orderId" value=${orderId?if_exists}> + <input type="hidden" name="partyId" value=${assignPartyId?if_exists}> + <input type="hidden" name="roleTypeId" value=${assignRoleTypeId?if_exists}> + <input type="hidden" name="fromDate" value=${fromDate?if_exists}> + </form> <#elseif currentStatus.statusId == "ORDER_APPROVED"> - <li><a href="<@ofbizUrl>changeOrderStatus/orderview?statusId=ORDER_HOLD&${paramString}</@ofbizUrl>">${uiLabelMap.OrderHold}</a></li> + <li><a href="javascript:document.OrderHold.submit()">${uiLabelMap.OrderHold}</a></li> + <form name="OrderHold" method="post" action="<@ofbizUrl>changeOrderStatus/orderview</@ofbizUrl>"> + <input type="hidden" name="statusId" value="ORDER_HOLD"> + <input type="hidden" name="workEffortId" value=${workEffortId?if_exists}> + <input type="hidden" name="orderId" value=${orderId?if_exists}> + <input type="hidden" name="partyId" value=${assignPartyId?if_exists}> + <input type="hidden" name="roleTypeId" value=${assignRoleTypeId?if_exists}> + <input type="hidden" name="fromDate" value=${fromDate?if_exists}> + </form> <#elseif currentStatus.statusId == "ORDER_HOLD"> - <li><a href="<@ofbizUrl>changeOrderStatus/orderview?statusId=ORDER_APPROVED&setItemStatus=Y&${paramString}</@ofbizUrl>">${uiLabelMap.OrderApproveOrder}</a></li> + <li><a href="javascript:document.OrderApproveOrder.submit()">${uiLabelMap.OrderApproveOrder}</a></li> + <form name="OrderApproveOrder" method="post" action="<@ofbizUrl>changeOrderStatus/orderview</@ofbizUrl>"> + <input type="hidden" name="statusId" value="ORDER_APPROVED"> + <input type="hidden" name="setItemStatus" value="Y"> + <input type="hidden" name="workEffortId" value=${workEffortId?if_exists}> + <input type="hidden" name="orderId" value=${orderId?if_exists}> + <input type="hidden" name="partyId" value=${assignPartyId?if_exists}> + <input type="hidden" name="roleTypeId" value=${assignRoleTypeId?if_exists}> + <input type="hidden" name="fromDate" value=${fromDate?if_exists}> + </form> </#if> <#if setOrderCompleteOption> - <li><a href="<@ofbizUrl>changeOrderStatus?orderId=${orderId}&statusId=ORDER_COMPLETED</@ofbizUrl>">${uiLabelMap.OrderCompleteOrder}</a></li> + <li><a href="javascript:document.OrderCompleteOrder.submit()">${uiLabelMap.OrderCompleteOrder}</a></li> + <form name="OrderCompleteOrder" method="post" action="<@ofbizUrl>changeOrderStatus</@ofbizUrl>"> + <input type="hidden" name="statusId" value="ORDER_COMPLETED"> + <input type="hidden" name="orderId" value=${orderId?if_exists}> + </form> </#if> </ul> <br class="clear"/> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |