svn commit: r814576 - /ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl

Author: jleroux
Date: Mon Sep 14 10:57:32 2009
New Revision: 814576

URL: http://svn.apache.org/viewvc?rev=814576&view=rev
Log:
A patch from Sumit Pandit "Setting default address in Ecommerce profile should be secure" (https://issues.apache.org/jira/browse/OFBIZ-2933) - OFBIZ-2933

Modified:
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl?rev=814576&r1=814575&r2=814576&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl Mon Sep 14 10:57:32 2009
@@ -133,7 +133,12 @@
                     <#if contactMechPurposeType.contactMechPurposeTypeId == "SHIPPING_LOCATION" && (profiledefs.defaultShipAddr)?default("") == contactMech.contactMechId>
                       <span class="buttontextdisabled">${uiLabelMap.EcommerceIsDefault}</span>
                     <#elseif contactMechPurposeType.contactMechPurposeTypeId == "SHIPPING_LOCATION">
-                      <a href="<@ofbizUrl>setprofiledefault/viewprofile?productStoreId=${productStoreId}&amp;defaultShipAddr=${contactMech.contactMechId}&amp;partyId=${party.partyId}</@ofbizUrl>" class="button">${uiLabelMap.EcommerceSetDefault}</a>
+                      <form name="defaultShippingAddressForm" method="post" action="<@ofbizUrl>setprofiledefault/viewprofile</@ofbizUrl>">
+                        <input type="hidden" name="productStoreId" value="${productStoreId}" />
+                        <input type="hidden" name="defaultShipAddr" value="${contactMech.contactMechId}" />
+                        <input type="hidden" name="partyId" value="${party.partyId}" />
+                        <input type="submit" value="${uiLabelMap.EcommerceSetDefault}" class="button" />
+                      </form>
                     </#if>
                   <#else>
                     ${uiLabelMap.PartyPurposeTypeNotFound}: "${partyContactMechPurpose.contactMechPurposeTypeId}"
@@ -309,8 +314,12 @@
                   <#if (profiledefs.defaultPayMeth)?default("") == paymentMethod.paymentMethodId>
                     <span class="buttontextdisabled">${uiLabelMap.EcommerceIsDefault}</span>
                   <#else>
-                    <a href="<@ofbizUrl>setprofiledefault/viewprofile?productStoreId=${productStoreId}&amp;defaultPayMeth=${paymentMethod.paymentMethodId}&amp;partyId=${party.partyId}</@ofbizUrl>" class="button">
-                          ${uiLabelMap.EcommerceSetDefault}</a>
+                    <form name="defaultPaymentMethodForm" method="post" action="<@ofbizUrl>setprofiledefault/viewprofile</@ofbizUrl>">
+                      <input type="hidden" name="productStoreId" value="${productStoreId}" />
+                      <input type="hidden" name="defaultPayMeth" value="=${paymentMethod.paymentMethodId}" />
+                      <input type="hidden" name="partyId" value="${party.partyId}" />
+                      <input type="submit" value="${uiLabelMap.EcommerceSetDefault}" class="button" />
+                    </form>
                   </#if>
                 </td>
               </tr>