OFBiz OFBiz - Commits

svn commit: r759044 - /ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r759044 - /ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl

jleroux@apache.org
Author: jleroux
Date: Fri Mar 27 07:47:31 2009
New Revision: 759044

URL: http://svn.apache.org/viewvc?rev=759044&view=rev
Log:
A patch from Bruno Busco "Security update (Link to hidden form change) for Visual Theme selection" https://issues.apache.org/jira/browse/OFBIZ-2255

Modified:
    ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl

Modified: ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl?rev=759044&r1=759043&r2=759044&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl (original)
+++ ofbiz/trunk/framework/common/webcommon/includes/listVisualThemes.ftl Fri Mar 27 07:47:31 2009
@@ -40,9 +40,12 @@
                                         "resourceTypeEnumId", "VT_SCREENSHOT"), orderByList)>
         <tr<#if visualTheme.visualThemeId == visualThemeId> class="selected"</#if>>
           <td>
-            <#-- Not too sure about displaying the theme ID - it might confuse the users -->
-            <#-- <a href="<@ofbizUrl>updateVisualTheme?userPrefGroupTypeId=GLOBAL_PREFERENCES&amp;userPrefTypeId=VISUAL_THEME&amp;userPrefValue=${visualTheme.visualThemeId}</@ofbizUrl>">${visualTheme.description} [${visualTheme.visualThemeId}]</a> -->
-            <a href="<@ofbizUrl>setUserPreference?userPrefGroupTypeId=GLOBAL_PREFERENCES&amp;userPrefTypeId=VISUAL_THEME&amp;userPrefValue=${visualTheme.visualThemeId}</@ofbizUrl>">${visualTheme.description}</a>
+            <form name="SetUserPreferences_${visualTheme.visualThemeId}" method="post" action="<@ofbizUrl>setUserPreference</@ofbizUrl>">
+              <input type="hidden" name="userPrefGroupTypeId" value="GLOBAL_PREFERENCES"/>
+              <input type="hidden" name="userPrefTypeId" value="VISUAL_THEME"/>
+              <input type="hidden" name="userPrefValue" value="${visualTheme.visualThemeId}"/>
+            </form>
+            <a href="javascript:document.SetUserPreferences_${visualTheme.visualThemeId}.submit()">${visualTheme.description}</a>
           </td>
           <td>
             <#if visualTheme.visualThemeId == visualThemeId>${uiLabelMap.CommonVisualThemeSelected}<#else>&nbsp;</#if>


Free forum by Nabble Edit this page