Author: jleroux
Date: Sat Nov 7 16:01:37 2009
New Revision: 833703
URL:
http://svn.apache.org/viewvc?rev=833703&view=revLog:
Fix an FTL security bug "delete website from product store" reported by Mario Harnisch at
https://issues.apache.org/jira/browse/OFBIZ-2387 - OFBIZ-2387
Modified:
ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
Modified: ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl?rev=833703&r1=833702&r2=833703&view=diff==============================================================================
--- ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl Sat Nov 7 16:01:37 2009
@@ -37,7 +37,12 @@
<td>${webSite.httpHost?default(' ')}</td>
<td>${webSite.httpPort?default(' ')}</td>
<td align="center">
- <a href="<@ofbizUrl>storeUpdateWebSite?viewProductStoreId=${productStoreId}&productStoreId=&webSiteId=${webSite.webSiteId}</@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a href="javascript:document.storeUpdateWebSite_${webSite_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <form name="storeUpdateWebSite_${webSite_index}" method="post" action="<@ofbizUrl>storeUpdateWebSite</@ofbizUrl>">
+ <input type="hidden" name="viewProductStoreId" value="${productStoreId}"/>
+ <input type="hidden" name="productStoreId" value=""/>
+ <input type="hidden" name="webSiteId" value="${webSite.webSiteId}"/>
+ </form>
</td>
</tr>
<#-- toggle the row color -->
Locked
