svn commit: r922045 - in /ofbiz/branches/release09.04: ./ specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl

Author: jleroux
Date: Thu Mar 11 22:33:43 2010
New Revision: 922045

URL: http://svn.apache.org/viewvc?rev=922045&view=rev
Log:
"Applied fix from trunk for revision: 922042  " (Actually handled conflicts by hand)
------------------------------------------------------------------------
r922042 | jleroux | 2010-03-11 23:25:32 +0100 (jeu. 11 mars 2010) | 2 lignes

Fix a security issue reported by Heidi Dehaes at "unsubscribe from a contactlist in the "profile" screen in the ecommerce screens" (https://issues.apache.org/jira/browse/OFBIZ-3396) - OFBIZ-3396
Actually this commit fixes rather 2 security issues
------------------------------------------------------------------------

Modified:
    ofbiz/branches/release09.04/   (props changed)
    ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl

Propchange: ofbiz/branches/release09.04/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 11 22:33:43 2010
@@ -1 +1 @@
-/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770308,770997,771073,771477,772401,772464-772465,773076,773557,773628,773659,773697,774014,774632,774661,774995,775292,775667,776227,776594,776620,776922,777004,777020,777768,777792,777893,777947,778078,778094,778107,778273,778278,778280,778364,778374,778402,778576,778594,778628,779020,779477,779496,779639,779834,779856,779866,779873,780111,780138,780180,780199,780203,780906,780945,781201,781534,781549,781669,781680,781694,782663,783257,783266,783833,783913,783917,785123,785764,785967,786778,787126,787435-787436,787442,787520,788965,788983,788987,789329,789337,789506,789548,796769,799185,800461,800846,801023,802346,804364,805307,806127,806377,806914,808786-808787,808792,809141,810370,810438,810465,810
 807,810809,810814,810832,810836,810878,810917,811020,811280,811297,811419,811528,811708,811714,811716,811793,811838,811860,811865,811870,812159,812182,812192,812456,812540,813126,813131,813283,813672,813702,814168,814205,814251,814349,814531,814576,814681,814731,815158,815165,815350,815687,815977,816255,816863,818030,818049,818150,818494,818500,818716,818976,819275-819276,819282,819337,821263,821270,822659,823877-823878,823883,823888,823892,824511,825181-825182,826253,827730,828971,829085,829376,829412,829416,829527,830091,830112,830366,830528,830677,830874,830880,831238,831801,832361,832698,832776,832908,833324,833686,833703,834825,835161,835357,835585,836015,881194,881713,882072,882326,882918,883933,884023,884529,884546,884758,885122,885702,887916,888111,888559,888587,889666,890050,890107,890245,891378,891620,896649,899188,899833,900024,900026,900050,900217,900273,901628,907342-907343,910460,912587,915332,916252,916703,916925,917435
+/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770308,770997,771073,771477,772401,772464-772465,773076,773557,773628,773659,773697,774014,774632,774661,774995,775292,775667,776227,776594,776620,776922,777004,777020,777768,777792,777893,777947,778078,778094,778107,778273,778278,778280,778364,778374,778402,778576,778594,778628,779020,779477,779496,779639,779834,779856,779866,779873,780111,780138,780180,780199,780203,780906,780945,781201,781534,781549,781669,781680,781694,782663,783257,783266,783833,783913,783917,785123,785764,785967,786778,787126,787435-787436,787442,787520,788965,788983,788987,789329,789337,789506,789548,796769,799185,800461,800846,801023,802346,804364,805307,806127,806377,806914,808786-808787,808792,809141,810370,810438,810465,810
 807,810809,810814,810832,810836,810878,810917,811020,811280,811297,811419,811528,811708,811714,811716,811793,811838,811860,811865,811870,812159,812182,812192,812456,812540,813126,813131,813283,813672,813702,814168,814205,814251,814349,814531,814576,814681,814731,815158,815165,815350,815687,815977,816255,816863,818030,818049,818150,818494,818500,818716,818976,819275-819276,819282,819337,821263,821270,822659,823877-823878,823883,823888,823892,824511,825181-825182,826253,827730,828971,829085,829376,829412,829416,829527,830091,830112,830366,830528,830677,830874,830880,831238,831801,832361,832698,832776,832908,833324,833686,833703,834825,835161,835357,835585,836015,881194,881713,882072,882326,882918,883933,884023,884529,884546,884758,885122,885702,887916,888111,888559,888587,889666,890050,890107,890245,891378,891620,896649,899188,899833,900024,900026,900050,900217,900273,901628,907342-907343,910460,912587,915332,916252,916703,916925,917435,922042

Modified: ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl?rev=922045&r1=922044&r2=922045&view=diff
==============================================================================
--- ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl (original)
+++ ofbiz/branches/release09.04/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl Thu Mar 11 22:33:43 2010
@@ -503,22 +503,40 @@ under the License.
               <td width="15%"><div class="tabletext">${emailAddress.infoString?if_exists}</div></td>
               <td width="5">&nbsp;</td>
               <td width="20%" nowrap>
-              <#if (contactListParty.statusId?if_exists == "CLPT_ACCEPTED")>
-                <a href="<@ofbizUrl>updateContactListParty?partyId=${party.partyId}&amp;contactListId=${contactListParty.contactListId}&amp;fromDate=${contactListParty.fromDate}&amp;statusId=CLPT_REJECTED</@ofbizUrl>" class="buttontext">${uiLabelMap.EcommerceUnsubscribe}</a>
-              <#elseif (contactListParty.statusId?if_exists == "CLPT_PENDING")>
-                <form method="post" action="<@ofbizUrl>updateContactListParty</@ofbizUrl>" name="clistAcceptForm${contactListParty_index}">
-                  <input type="hidden" name="partyId" value="${party.partyId}"/>
-                  <input type="hidden" name="contactListId" value="${contactListParty.contactListId}"/>
-                  <input type="hidden" name="fromDate" value="${contactListParty.fromDate}"/>
-                  <input type="hidden" name="statusId" value="CLPT_ACCEPTED"/>
-                  <input type="text" size="10" name="optInVerifyCode" value="" class="inputBox"/>
-                  <input type="submit" value="${uiLabelMap.EcommerceVerifySubscription}" class="smallSubmit"/>
-                </form>
-              <#elseif (contactListParty.statusId?if_exists == "CLPT_REJECTED")>
-                <a href="<@ofbizUrl>updateContactListParty?partyId=${party.partyId}&amp;contactListId=${contactListParty.contactListId}&amp;fromDate=${contactListParty.fromDate}&amp;statusId=CLPT_PENDING</@ofbizUrl>" class="buttontext">${uiLabelMap.EcommerceSubscribe}</a>
-              </#if>
-              </td>
-            </tr>
+          <#if (contactListParty.statusId?if_exists == "CLPT_ACCEPTED")>            
+            <form method="post" action="<@ofbizUrl>updateContactListParty</@ofbizUrl>" name="clistRejectForm${contactListParty_index}">
+            <div>
+              <input type="hidden" name="partyId" value="${party.partyId}"/>
+              <input type="hidden" name="contactListId" value="${contactListParty.contactListId}"/>
+              <input type="hidden" name="fromDate" value="${contactListParty.fromDate}"/>
+              <input type="hidden" name="statusId" value="CLPT_REJECTED"/>
+              <input type="submit" value="${uiLabelMap.EcommerceUnsubscribe}" class="smallSubmit"/>
+              </div>
+            </form>
+          <#elseif (contactListParty.statusId?if_exists == "CLPT_PENDING")>
+            <form method="post" action="<@ofbizUrl>updateContactListParty</@ofbizUrl>" name="clistAcceptForm${contactListParty_index}">
+            <div>
+              <input type="hidden" name="partyId" value="${party.partyId}"/>
+              <input type="hidden" name="contactListId" value="${contactListParty.contactListId}"/>
+              <input type="hidden" name="fromDate" value="${contactListParty.fromDate}"/>
+              <input type="hidden" name="statusId" value="CLPT_ACCEPTED"/>
+              <input type="text" size="10" name="optInVerifyCode" value="" class="inputBox"/>
+              <input type="submit" value="${uiLabelMap.EcommerceVerifySubscription}" class="smallSubmit"/>
+              </div>
+            </form>
+          <#elseif (contactListParty.statusId?if_exists == "CLPT_REJECTED")>
+            <form method="post" action="<@ofbizUrl>updateContactListParty</@ofbizUrl>" name="clistPendForm${contactListParty_index}">
+            <div>
+              <input type="hidden" name="partyId" value="${party.partyId}"/>
+              <input type="hidden" name="contactListId" value="${contactListParty.contactListId}"/>
+              <input type="hidden" name="fromDate" value="${contactListParty.fromDate}"/>
+              <input type="hidden" name="statusId" value="CLPT_PENDING"/>
+              <input type="submit" value="${uiLabelMap.EcommerceSubscribe}" class="smallSubmit"/>
+              </div>
+            </form>
+          </#if>
+          </td>
+          </tr>
           </#list>
         </table>
         <hr/>