svn commit: r952119 - in /ofbiz/trunk: applications/accounting/widget/ applications/order/widget/ordermgr/ applications/party/widget/partymgr/ applications/product/widget/catalog/ applications/product/widget/facility/ specialpurpose/projectmgr/widget/f...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r952119 - in /ofbiz/trunk: applications/accounting/widget/ applications/order/widget/ordermgr/ applications/party/widget/partymgr/ applications/product/widget/catalog/ applications/product/widget/facility/ specialpurpose/projectmgr/widget/f...

jleroux@apache.org
Author: jleroux
Date: Mon Jun  7 07:02:02 2010
New Revision: 952119

URL: http://svn.apache.org/viewvc?rev=952119&view=rev
Log:
Secure some targets. Note that they have been introduced since OFBIZ-2243 has been closed.
Please committers use only target with parameter attribute (not in URL) for link and hyperlink fields when there is an action (ie DB modification)

Modified:
    ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml
    ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml
    ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml
    ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml
    ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml
    ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml
    ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml

Modified: ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml (original)
+++ ofbiz/trunk/applications/accounting/widget/InvoiceForms.xml Mon Jun  7 07:02:02 2010
@@ -215,7 +215,12 @@ under the License.
         <field name="paymentId"><hyperlink target="paymentOverview?paymentId=${paymentId}" description="${paymentId}"/></field>
         <field name="amount"><display type="currency" currency="${currencyUomId}"/></field>
         <field name="origAmount"><display type="currency" currency="${origCurrencyUomId}"/></field>
-        <field name="acctgTransId"><hyperlink description="${acctgTransId}" target="EditAcctgTrans?acctgTransId=${acctgTransId}&amp;organizationPartyId=${organizationPartyId}"/></field>
+        <field name="acctgTransId">
+            <hyperlink description="${acctgTransId}" target="EditAcctgTrans">
+                <parameter param-name="acctgTransId" from-field="acctgTransId"/>
+                <parameter param-name="organizationPartyId" from-field="organizationPartyId"/>
+            </hyperlink>
+        </field>
         <field name="acctgTransTypeId" title="${uiLabelMap.FormFieldTitle_acctgTransType}"><display-entity entity-name="AcctgTransType"/></field>
         <field name="glJournalId" title="${uiLabelMap.FormFieldTitle_glJournal}"><display-entity entity-name="GlJournal" description="${glJournalName}"/></field>
         <field name="glAccountTypeId" title="${uiLabelMap.FormFieldTitle_glAccountType}"><display-entity entity-name="GlAccountType"/></field>

Modified: ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml (original)
+++ ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigForms.xml Mon Jun  7 07:02:02 2010
@@ -50,7 +50,9 @@ under the License.
         <auto-fields-entity entity-name="PaymentGatewayConfig" default-field-type="display"/>
         <field name="paymentGatewayConfigId"><hidden/></field>
         <field name="description" title="${uiLabelMap.AccountingPaymentGatewayConfigDescription}">
-            <hyperlink description="${description}" target="EditPaymentGatewayConfig?paymentGatewayConfigId=${paymentGatewayConfigId}"/>
+            <hyperlink description="${description}" target="EditPaymentGatewayConfig">
+                <parameter param-name="paymentGatewayConfigId" from-field="paymentGatewayConfigId"/>
+            </hyperlink>
         </field>
         <field name="paymentGatewayConfigTypeId" title="${uiLabelMap.AccountingPaymentGatewayConfigTypeId}">
             <display-entity entity-name="PaymentGatewayConfigType" key-field-name="paymentGatewayConfigTypeId" description="${description}"/>
@@ -385,7 +387,9 @@ under the License.
         <auto-fields-entity entity-name="PaymentGatewayConfigType" default-field-type="display"/>
         <field name="paymentGatewayConfigTypeId"><hidden/></field>
         <field name="description" title="${uiLabelMap.AccountingPaymentGatewayConfigTypeDescription}">
-            <hyperlink description="${description}" target="EditPaymentGatewayConfigType?paymentGatewayConfigTypeId=${paymentGatewayConfigTypeId}"/>
+            <hyperlink description="${description}" target="EditPaymentGatewayConfigType">
+ <parameter param-name="paymentGatewayConfigTypeId" from-field="paymentGatewayConfigTypeId"/>
+ </hyperlink>
         </field>
     </form>
     

Modified: ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml (original)
+++ ofbiz/trunk/applications/order/widget/ordermgr/OrderEntryForms.xml Mon Jun  7 07:02:02 2010
@@ -199,7 +199,9 @@ under the License.
     <form name="LookupAssociatedProducts" type="multi" use-row-submit="true" list-name="productList" title="" target="BulkAddProducts"
         paginate-target="LookupAssociatedProducts" default-title-style="tableheadtext" default-widget-style="inputBox" default-tooltip-style="tabletext">
         <field name="productId"  title="${uiLabelMap.ProductProductId}" widget-style="buttontext">
-            <hyperlink description="${productId}" target="/catalog/control/EditProductInventoryItems?productId=${productId}" target-type="inter-app"/>
+            <hyperlink description="${productId}" target="/catalog/control/EditProductInventoryItems" target-type="inter-app">
+ <parameter param-name="productId" from-field="productId"/>
+ </hyperlink>
         </field>
         <field name="brandName" title="${uiLabelMap.ProductBrandName}"><display/></field>
         <field name="internalName"><display/></field>

Modified: ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml (original)
+++ ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventForms.xml Mon Jun  7 07:02:02 2010
@@ -287,7 +287,9 @@ under the License.
         <field name="communicationEventId"><display/></field>
         <field name="contactListId" use-when="contactListId!=null">
             <display-entity entity-name="ContactList" description="${contactListName}">
-                <sub-hyperlink target="/marketing/control/EditContactList?contactListId=${communicationEvent.contactListId}" description="[${communicationEvent.contactListId}]" target-type="inter-app"/>
+                <sub-hyperlink target="/marketing/control/EditContactList" description="[${communicationEvent.contactListId}]" target-type="inter-app">
+                <parameter param-name="contactListId" from-field="communicationEvent.contactListId"/>
+            </sub-hyperlink>
             </display-entity>
         </field>
         <field name="partyIdFrom" use-when="&quot;my&quot;==void" title="${uiLabelMap.PartyPartyFrom}">
@@ -470,7 +472,9 @@ under the License.
             </service>
         </actions>
         <field name="orderId" title="${uiLabelMap.FormFieldTitle_orderId}">
-            <hyperlink target="/ordermgr/control/orderview?orderId=${orderId}" description="${orderId}" target-type="inter-app"/>
+            <hyperlink target="/ordermgr/control/orderview" description="${orderId}" target-type="inter-app">
+                <parameter param-name="orderId" from-field="orderId"/>
+            </hyperlink>
         </field>
         <field name="communicationEventId">
             <hyperlink description="${communicationEventId}" target="ViewCommunicationEvent">
@@ -1022,7 +1026,9 @@ under the License.
             <set field="orderTypeId" from-field="orderHeader.orderTypeId"/>
         </row-actions>
         <field name="orderId" title="${uiLabelMap.FormFieldTitle_orderId}" widget-style="buttontext">
-            <hyperlink target="/ordermgr/control/orderview?orderId=${orderId}" description="${orderId}" target-type="inter-app"/>
+            <hyperlink target="/ordermgr/control/orderview" description="${orderId}" target-type="inter-app">
+                <parameter param-name="orderId" from-field="orderId"/>
+            </hyperlink>
         </field>
         <field name="communicationEventId"><hidden/></field>
         <field name="orderTypeId" title="${uiLabelMap.OrderOrderType}">

Modified: ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml (original)
+++ ofbiz/trunk/applications/product/widget/catalog/ProductForms.xml Mon Jun  7 07:02:02 2010
@@ -1997,7 +1997,9 @@ under the License.
 
     <form name="ListCommEvents" list-name="communicationEvents" type="list" header-row-style="header-row" default-table-style="basic-table">
         <field name="communicationEventId" widget-style="buttontext">
-            <hyperlink description="${communicationEventId}" target="/partymgr/control/EditCommunicationEvent?communicationEventId=${communicationEventId}" target-type="inter-app"/>
+            <hyperlink description="${communicationEventId}" target="/partymgr/control/EditCommunicationEvent" target-type="inter-app">
+ <parameter param-name="communicationEventId" from-field="communicationEventId"/>
+ </hyperlink>
         </field>
         <field name="subject"><display/></field>
         <field name="communicationEventTypeId"><display-entity description="${description}" entity-name="CommunicationEventType" key-field-name="communicationEventTypeId"/></field>

Modified: ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml (original)
+++ ofbiz/trunk/applications/product/widget/facility/ShipmentGatewayConfigForms.xml Mon Jun  7 07:02:02 2010
@@ -50,7 +50,9 @@ under the License.
         <auto-fields-entity entity-name="ShipmentGatewayConfig" default-field-type="display"/>
         <field name="shipmentGatewayConfigId"><hidden/></field>
         <field name="description" title="${uiLabelMap.FacilityShipmentGatewayConfigDescription}">
-            <hyperlink description="${description}" target="EditShipmentGatewayConfig?shipmentGatewayConfigId=${shipmentGatewayConfigId}"/>
+            <hyperlink description="${description}" target="EditShipmentGatewayConfig">
+                <parameter param-name="shipmentGatewayConfigId" from-field="shipmentGatewayConfigId"/>
+            </hyperlink>
         </field>
         <field name="shipmentGatewayConfTypeId" title="${uiLabelMap.FacilityShipmentGatewayConfigTypeId}">
             <display-entity entity-name="ShipmentGatewayConfigType" key-field-name="shipmentGatewayConfTypeId" description="${description}"/>
@@ -313,7 +315,9 @@ under the License.
         <auto-fields-entity entity-name="ShipmentGatewayConfigType" default-field-type="display"/>
         <field name="shipmentGatewayConfTypeId"><hidden/></field>
         <field name="description" title="${uiLabelMap.FacilityShipmentGatewayConfigTypeDescription}">
-            <hyperlink description="${description}" target="EditShipmentGatewayConfigType?shipmentGatewayConfTypeId=${shipmentGatewayConfTypeId}"/>
+            <hyperlink description="${description}" target="EditShipmentGatewayConfigType">
+                <parameter param-name="shipmentGatewayConfTypeId" from-field="shipmentGatewayConfTypeId"/>
+            </hyperlink>
         </field>
     </form>
     

Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml?rev=952119&r1=952118&r2=952119&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/widget/forms/ProjectForms.xml Mon Jun  7 07:02:02 2010
@@ -340,7 +340,9 @@
         <field name="estimatedStartDate" title="${uiLabelMap.WorkEffortEstimatedStartDate}"><date-time type="date"/></field>
         <field name="estimatedCompletionDate" title="${uiLabelMap.WorkEffortEstimatedCompletionDate}"><date-time type="date"/></field>
         <field name="edit" title=" ">
-            <hyperlink target="EditTask?workEffortId=${workEffortId}" description="${uiLabelMap.CommonEdit}"/>
+            <hyperlink target="EditTask" description="${uiLabelMap.CommonEdit"}>
+                <parameter param-name="workEffortId" from-field="workEffortId}"/>
+            </hyperlink>
         </field>
         <field name="submitButton" title="${uiLabelMap.CommonUpdate}"><submit button-type="button"/></field>
     </form>