OFBiz OFBiz - Commits

svn commit: r787968 - /ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
mor-2
Reply | Threaded
Open this post in threaded view
|

svn commit: r787968 - /ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl

mor-2
Author: mor
Date: Wed Jun 24 10:29:57 2009
New Revision: 787968

URL: http://svn.apache.org/viewvc?rev=787968&view=rev
Log:
Securing URLs in FTL. These changes were removed while doing a revert in rev. 781008.
Note: These changes are already moved in release09.04.

Modified:
    ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl

Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl?rev=787968&r1=787967&r2=787968&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl Wed Jun 24 10:29:57 2009
@@ -17,6 +17,19 @@
 under the License.
 -->
 
+<script language="JavaScript" type="text/javascript">
+    function clearLine(facilityId, orderId, orderItemSeqId, productId, shipGroupSeqId, inventoryItemId, packageSeqId) {
+        document.clearPackLineForm.facilityId.value = facilityId;
+        document.clearPackLineForm.orderId.value = orderId;
+        document.clearPackLineForm.orderItemSeqId.value = orderItemSeqId;
+        document.clearPackLineForm.productId.value = productId;
+        document.clearPackLineForm.shipGroupSeqId.value = shipGroupSeqId;
+        document.clearPackLineForm.inventoryItemId.value = inventoryItemId;
+        document.clearPackLineForm.packageSeqId.value = packageSeqId;
+        document.clearPackLineForm.submit();
+    }
+</script>
+
 <#if security.hasEntityPermission("FACILITY", "_VIEW", session)>
     <#assign showInput = requestParameters.showInput?default("Y")>
     <#assign hideGrid = requestParameters.hideGrid?default("N")>
@@ -115,6 +128,15 @@
               <input type="hidden" name="shipGroupSeqId" value="${shipGroupSeqId?if_exists}"/>
               <input type="hidden" name="facilityId" value="${facilityId?if_exists}"/>
             </form>
+            <form name="clearPackLineForm" method="post" action="<@ofbizUrl>ClearPackLine</@ofbizUrl>">
+                <input type="hidden" name="facilityId"/>
+                <input type="hidden" name="orderId"/>
+                <input type="hidden" name="orderItemSeqId"/>
+                <input type="hidden" name="productId"/>
+                <input type="hidden" name="shipGroupSeqId"/>
+                <input type="hidden" name="inventoryItemId"/>
+                <input type="hidden" name="packageSeqId"/>
+            </form>
         </div>
     </div>
 
@@ -429,7 +451,7 @@
                       <td align="right">${line.getQuantity()}</td>
                       <td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
                       <td align="right">${line.getPackageSeq()}</td>
-                      <td align="right"><a href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&amp;productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td>
+                      <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
                     </tr>
                   </#list>
                 </table>
@@ -473,7 +495,7 @@
                       <td align="right">${line.getQuantity()}</td>
                       <td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
                       <td align="right">${line.getPackageSeq()}</td>
-                      <td align="right"><a href="<@ofbizUrl>ClearPackLine?facilityId=${facilityId}&orderId=${line.getOrderId()}&orderItemSeqId=${line.getOrderItemSeqId()}&shipGroupSeqId=${line.getShipGroupSeqId()}&amp;productId=${line.getProductId()?default("")}&inventoryItemId=${line.getInventoryItemId()}&packageSeqId=${line.getPackageSeq()}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td>
+                      <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
                   </tr>
               </#list>
             </table>


Free forum by Nabble Edit this page