Author: mor
Date: Fri Aug 14 09:23:51 2009 New Revision: 804136 URL: http://svn.apache.org/viewvc?rev=804136&view=rev Log: Mask sensitive numbers on party profile page. Modified: ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl Modified: ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl?rev=804136&r1=804135&r2=804136&view=diff ============================================================================== --- ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl (original) +++ ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl Fri Aug 14 09:23:51 2009 @@ -17,6 +17,23 @@ under the License. --> +<#macro maskSensitiveNumber cardNumber> + <#assign cardNumberDisplay = ""> + <#if cardNumber?has_content> + <#assign size = cardNumber?length - 4> + <#if (size > 0)> + <#list 0 .. size-1 as foo> + <#assign cardNumberDisplay = cardNumberDisplay + "*"> + </#list> + <#assign cardNumberDisplay = cardNumberDisplay + cardNumber[size .. size + 3]> + <#else> + <#-- but if the card number has less than four digits (ie, it was entered incorrectly), display it in full --> + <#assign cardNumberDisplay = cardNumber> + </#if> + </#if> + ${cardNumberDisplay?if_exists} +</#macro> + <div id="partyPaymentMethod" class="screenlet"> <div class="screenlet-title-bar"> <ul> @@ -50,7 +67,7 @@ - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session)> ${creditCard.cardType} - ${creditCard.cardNumber} + <@maskSensitiveNumber cardNumber=creditCard.cardNumber?if_exists/> ${creditCard.expireDate} <#else> ${Static["org.ofbiz.party.contact.ContactHelper"].formatCreditCard(creditCard)} @@ -77,22 +94,8 @@ <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session)> ${giftCard.cardNumber?default("N/A")} [${giftCard.pinNumber?default("N/A")}] <#else> - <#if giftCard?has_content && giftCard.cardNumber?has_content> - <#assign giftCardNumber = ""> - <#assign pcardNumber = giftCard.cardNumber> - <#if pcardNumber?has_content> - <#assign psize = pcardNumber?length - 4> - <#if 0 < psize> - <#list 0 .. psize-1 as foo> - <#assign giftCardNumber = giftCardNumber + "*"> - </#list> - <#assign giftCardNumber = giftCardNumber + pcardNumber[psize .. psize + 3]> - <#else> - <#assign giftCardNumber = pcardNumber> - </#if> - </#if> - </#if> - ${giftCardNumber?default("N/A")} + <@maskSensitiveNumber cardNumber=giftCard.cardNumber?if_exists/> + <#if !cardNumberDisplay?has_content>N/A</#if> </#if> <#if paymentMethod.description?has_content>(${paymentMethod.description})</#if> <#if paymentMethod.glAccountId?has_content>(for GL Account ${paymentMethod.glAccountId})</#if> |
Free forum by Nabble | Edit this page |