OFBiz › OFBiz - Commits

svn commit: r778815 - /ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

mor-2

svn commit: r778815 - /ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl

Author: mor
Date: Tue May 26 17:57:15 2009
New Revision: 778815

URL: http://svn.apache.org/viewvc?rev=778815&view=rev
Log:
Securing URLs in FTL. Patch from Pranay Pandey, part of OFBIZ-2523 (https://issues.apache.org/jira/browse/OFBIZ-2523)

Modified:
ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl

Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl?rev=778815&r1=778814&r2=778815&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentPackages.ftl Tue May 26 17:57:15 2009
@@ -75,9 +75,13 @@
<input type="text" size="5" name="insuredValue" value="${shipmentPackage.insuredValue?if_exists}"/>
</td>
<td><a href="javascript:document.updateShipmentPackageForm${shipmentPackageData_index}.submit();" class="buttontext">${uiLabelMap.CommonUpdate}</a></td>
- <td><a href="<@ofbizUrl>deleteShipmentPackage?shipmentId=${shipmentId}&shipmentPackageSeqId=${shipmentPackage.shipmentPackageSeqId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
+ <td><a href="javascript:document.deleteShipmentPackage_${shipmentPackageData_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
</tr>
</form>
+ <form name="deleteShipmentPackage_${shipmentPackageData_index}" method="post" action="<@ofbizUrl>deleteShipmentPackage</@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+ <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackage.shipmentPackageSeqId}"/>
+ </form>
<#list shipmentPackageContents as shipmentPackageContent>
<tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
<td> </td>
@@ -86,12 +90,17 @@
<div>
<span class="label">${uiLabelMap.ProductQuantity}</span>
${shipmentPackageContent.quantity?if_exists}
- <a href="<@ofbizUrl>deleteShipmentPackageContent?shipmentId=${shipmentId}&shipmentPackageSeqId=${shipmentPackageContent.shipmentPackageSeqId}&shipmentItemSeqId=${shipmentPackageContent.shipmentItemSeqId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a href="javascript:document.deleteShipmentPackageContent${shipmentPackageData_index}${shipmentPackageContent_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a>
</div>
</td>
<td> </td>
<td> </td>
</tr>
+ <form name="deleteShipmentPackageContent${shipmentPackageData_index}${shipmentPackageContent_index}" method="post" action="<@ofbizUrl>deleteShipmentPackageContent</@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+ <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageContent.shipmentPackageSeqId}"/>
+ <input type="hidden" name="shipmentItemSeqId" value="${shipmentPackageContent.shipmentItemSeqId}"/>
+ </form>
</#list>
<tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
<form action="<@ofbizUrl>createShipmentPackageContent</@ofbizUrl>" name="createShipmentPackageContentForm${shipmentPackageData_index}">
@@ -120,7 +129,7 @@
</form>
</tr>
<#list shipmentPackageRouteSegs as shipmentPackageRouteSeg>
- <form action="<@ofbizUrl>updateShipmentPackageRouteSeg</@ofbizUrl>" name="updateShipmentPackageRouteSegForm${shipmentPackageData_index}${shipmentPackageRouteSeg_index}">
+ <form action="<@ofbizUrl>updateShipmentPackageRouteSeg</@ofbizUrl>" method="post" name="updateShipmentPackageRouteSegForm${shipmentPackageData_index}${shipmentPackageRouteSeg_index}">
<input type="hidden" name="shipmentId" value="${shipmentId}"/>
<input type="hidden" name="shipmentRouteSegmentId" value="${shipmentPackageRouteSeg.shipmentRouteSegmentId}"/>
<input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageRouteSeg.shipmentPackageSeqId}"/>
@@ -133,12 +142,17 @@
<span class="label">${uiLabelMap.ProductBox}</span>
<input type="text" size="5" name="boxNumber" value="${shipmentPackageRouteSeg.boxNumber?if_exists}"/>
<a href="javascript:document.updateShipmentPackageRouteSegForm${shipmentPackageData_index}${shipmentPackageRouteSeg_index}.submit();" class="buttontext">${uiLabelMap.CommonUpdate}</a>
- <a href="<@ofbizUrl>deleteShipmentPackageRouteSeg?shipmentId=${shipmentId}&shipmentPackageSeqId=${shipmentPackageRouteSeg.shipmentPackageSeqId}&shipmentRouteSegmentId=${shipmentPackageRouteSeg.shipmentRouteSegmentId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a href="javascript:document.deleteShipmentPackageRouteSeg${shipmentPackageData_index}${shipmentPackageRouteSeg_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a>
</div>
</td>
<td> </td>
</tr>
</form>
+ <form name="deleteShipmentPackageRouteSeg${shipmentPackageData_index}${shipmentPackageRouteSeg_index}" method="post" action="<@ofbizUrl>deleteShipmentPackageRouteSeg</@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+ <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageRouteSeg.shipmentPackageSeqId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentPackageRouteSeg.shipmentRouteSegmentId}"/>
+ </form>
</#list>
<#--
<tr valign="middle"<#if alt_row> class="alternate-row"</#if>>