OFBiz OFBiz - Commits

svn commit: r779099 - /ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
mor-2
Reply | Threaded
Open this post in threaded view
|

svn commit: r779099 - /ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl

mor-2
Author: mor
Date: Wed May 27 10:42:21 2009
New Revision: 779099

URL: http://svn.apache.org/viewvc?rev=779099&view=rev
Log:
Securing URLs in FTL. Patch from Pranay Pandey, part of OFBIZ-2528 (https://issues.apache.org/jira/browse/OFBIZ-2528)

Modified:
    ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl

Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl?rev=779099&r1=779098&r2=779099&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentItems.ftl Wed May 27 10:42:21 2009
@@ -50,8 +50,12 @@
                 <td colspan="2">${(product.internalName)?if_exists} <a href="/catalog/control/EditProduct?productId=${shipmentItem.productId?if_exists}" class="buttontext">${shipmentItem.productId?if_exists}</a></td>
                 <td>${shipmentItem.quantity?default("&nbsp;")}</td>
                 <td colspan="2">${shipmentItem.shipmentContentDescription?default("&nbsp;")}</td>
-                <td><a href="<@ofbizUrl>deleteShipmentItem?shipmentId=${shipmentId}&shipmentItemSeqId=${shipmentItem.shipmentItemSeqId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
+                <td><a href="javascript:document.deleteShipmentItem${shipmentItemData_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
             </tr>
+            <form name="deleteShipmentItem${shipmentItemData_index}" method="post" action="<@ofbizUrl>deleteShipmentItem</@ofbizUrl>">
+                <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+                <input type="hidden" name="shipmentItemSeqId" value=${shipmentItem.shipmentItemSeqId}"/>
+            </form>
             <#list orderShipments as orderShipment>
                 <tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
                     <td>&nbsp;</td>
@@ -85,12 +89,17 @@
                     <#else>
                     <td colspan="2">&nbsp;</td>
                     </#if>
-                    <td><a href="<@ofbizUrl>deleteShipmentItemPackageContent?shipmentId=${shipmentId}&shipmentItemSeqId=${shipmentPackageContent.shipmentItemSeqId}&shipmentPackageSeqId=${shipmentPackageContent.shipmentPackageSeqId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
+                    <td><a href="javascript:document.deleteShipmentItemPackageContent${shipmentItemData_index}${shipmentPackageContent_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a></td>
                 </tr>
+                <form name="deleteShipmentItemPackageContent${shipmentItemData_index}${shipmentPackageContent_index}" method="post" action="<@ofbizUrl>deleteShipmentItemPackageContent</@ofbizUrl>">
+                    <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+                    <input type="hidden" name="shipmentItemSeqId" value=${shipmentPackageContent.shipmentItemSeqId}"/>
+                    <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageContent.shipmentPackageSeqId}"/>
+                </form>
             </#list>
             <#if (totalQuantityToPackage > 0)>
                 <tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
-                    <form action="<@ofbizUrl>createShipmentItemPackageContent</@ofbizUrl>" name="createShipmentPackageContentForm${shipmentItemData_index}">
+                    <form action="<@ofbizUrl>createShipmentItemPackageContent</@ofbizUrl>" method="post" name="createShipmentPackageContentForm${shipmentItemData_index}">
                     <input type="hidden" name="shipmentId" value="${shipmentId}"/>
                     <input type="hidden" name="shipmentItemSeqId" value="${shipmentItem.shipmentItemSeqId}"/>
                     <td>&nbsp;</td>
@@ -119,7 +128,7 @@
             <#assign alt_row = !alt_row>
         </#list>
         <tr>
-            <form action="<@ofbizUrl>createShipmentItem</@ofbizUrl>" name="createShipmentItemForm">
+            <form action="<@ofbizUrl>createShipmentItem</@ofbizUrl>" method="post" name="createShipmentItemForm">
                 <input type="hidden" name="shipmentId" value="${shipmentId}"/>
                 <td><span class="label">${uiLabelMap.ProductNewItem}</span></td>
                 <td colspan="2"><span class="label">${uiLabelMap.ProductProductId}</span> <input type="text" name="productId" size="15" maxlength="20"/></td>


Free forum by Nabble Edit this page