svn commit: r963915 - in /ofbiz/trunk: applications/order/webapp/orde
Locked
 
|
Author: lektran
Date: Wed Jul 14 00:38:19 2010 New Revision: 963915 URL: http://svn.apache.org/viewvc?rev=963915&view=rev Log: URLs defined as javascript variables shouldn't be xhtml encoded because when they are assigned to an element's url attribute (action, href, etc.) the browser doesn't decode them before using them. Applied patch from Deepak Dixit OFBIZ-3860 and additionally fixed some others that I found. Modified: ofbiz/trunk/applications/order/webapp/ordermgr/entry/billsettings.ftl ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutoptions.ftl ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutshippingaddress.ftl ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutpayment.ftl ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutshippingoptions.ftl ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl Modified: ofbiz/trunk/applications/order/webapp/ordermgr/entry/billsettings.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/entry/billsettings.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/applications/order/webapp/ordermgr/entry/billsettings.ftl (original) +++ ofbiz/trunk/applications/order/webapp/ordermgr/entry/billsettings.ftl Wed Jul 14 00:38:19 2010 @@ -17,18 +17,20 @@ specific language governing permissions under the License. --> -<script language="JavaScript" type="text/javascript"> +<script type="text/javascript"> +//<![CDATA[ function shipBillAddr() { if (document.checkoutsetupform.useShipAddr.checked) { - window.location = "<@ofbizUrl>setBilling?createNew=Y&finalizeMode=payment&paymentMethodType=${paymentMethodType?if_exists}&useShipAddr=Y</@ofbizUrl>"; + window.location = "<@ofbizUrl>setBilling?createNew=Y&finalizeMode=payment&paymentMethodType=${paymentMethodType?if_exists}&useShipAddr=Y</@ofbizUrl>"; } else { - window.location = "<@ofbizUrl>setBilling?createNew=Y&finalizeMode=payment&paymentMethodType=${paymentMethodType?if_exists}</@ofbizUrl>"; + window.location = "<@ofbizUrl>setBilling?createNew=Y&finalizeMode=payment&paymentMethodType=${paymentMethodType?if_exists}</@ofbizUrl>"; } } function makeExpDate() { document.checkoutsetupform.expireDate.value = document.checkoutsetupform.expMonth.options[document.checkoutsetupform.expMonth.selectedIndex].value + "/" + document.checkoutsetupform.expYear.options[document.checkoutsetupform.expYear.selectedIndex].value; } +//]]> </script> <#if security.hasEntityPermission("ORDERMGR", "_CREATE", session) || security.hasEntityPermission("ORDERMGR", "_PURCHASE_CREATE", session)> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutoptions.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutoptions.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutoptions.ftl (original) +++ ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutoptions.ftl Wed Jul 14 00:38:19 2010 @@ -17,7 +17,8 @@ specific language governing permissions under the License. --> -<script language="javascript" type="text/javascript"> +<script type="text/javascript"> +//<![CDATA[ function submitForm(form, mode, value) { if (mode == "DN") { // done action; checkout @@ -29,31 +30,31 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "NA") { // new address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION</@ofbizUrl>"; form.submit(); } else if (mode == "EA") { // edit address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&contactMechId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&contactMechId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "NC") { // new credit card - form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}</@ofbizUrl>"; form.submit(); } else if (mode == "EC") { // edit credit card - form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "GC") { // edit gift card - form.action="<@ofbizUrl>updateCheckoutOptions/editgiftcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editgiftcard?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "NE") { // new eft account - form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}</@ofbizUrl>"; form.submit(); } else if (mode == "EE") { // edit eft account - form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=quickcheckout&partyId=${shoppingCart.getPartyId()}&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "SP") { // split payment @@ -69,7 +70,7 @@ function submitForm(form, mode, value) { form.submit(); } } - +//]]> </script> <#assign shipping = !shoppingCart.containAllWorkEffortCartItems()> <#-- contains items which need shipping? --> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutshippingaddress.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutshippingaddress.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutshippingaddress.ftl (original) +++ ofbiz/trunk/applications/order/webapp/ordermgr/entry/checkoutshippingaddress.ftl Wed Jul 14 00:38:19 2010 @@ -17,8 +17,8 @@ specific language governing permissions under the License. --> -<script language="javascript" type="text/javascript"> -<!-- +<script type="text/javascript"> +//<![CDATA[ function submitForm(form, mode, value) { if (mode == "DN") { // done action; checkout @@ -30,11 +30,11 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "NA") { // new address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION&DONE_PAGE=checkoutshippingaddress</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION&DONE_PAGE=checkoutshippingaddress</@ofbizUrl>"; form.submit(); } else if (mode == "EA") { // edit address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=checkoutshippingaddress&contactMechId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=checkoutshippingaddress&contactMechId="+value+"</@ofbizUrl>"; form.submit(); } } @@ -51,7 +51,7 @@ function toggleBillingAccount(box) { } } -// --> +//]]> </script> <#assign cart = shoppingCart?if_exists/> <form method="post" name="checkoutInfoForm" style="margin:0;"> Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutpayment.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutpayment.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutpayment.ftl (original) +++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutpayment.ftl Wed Jul 14 00:38:19 2010 @@ -36,7 +36,7 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "EC") { // edit credit card - form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "GC") { // edit gift card @@ -48,11 +48,11 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "EE") { // edit eft account - form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); }else if(mode = "EG") //edit gift card - form.action="<@ofbizUrl>updateCheckoutOptions/editgiftcard?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editgiftcard?DONE_PAGE=checkoutpayment&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } //]]> Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutshippingoptions.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutshippingoptions.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutshippingoptions.ftl (original) +++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/checkoutshippingoptions.ftl Wed Jul 14 00:38:19 2010 @@ -18,7 +18,7 @@ under the License. --> <script language="javascript" type="text/javascript"> -<!-- +//<![CDATA[ function submitForm(form, mode, value) { if (mode == "DN") { // done action; checkout @@ -30,11 +30,11 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "NA") { // new address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION&DONE_PAGE=checkoutoptions</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION&DONE_PAGE=checkoutoptions</@ofbizUrl>"; form.submit(); } else if (mode == "EA") { // edit address - form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=checkoutshippingaddress&contactMechId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcontactmech?DONE_PAGE=checkoutshippingaddress&contactMechId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "NC") { // new credit card @@ -42,7 +42,7 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "EC") { // edit credit card - form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=checkoutoptions&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editcreditcard?DONE_PAGE=checkoutoptions&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } else if (mode == "NE") { // new eft account @@ -50,12 +50,12 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "EE") { // edit eft account - form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=checkoutoptions&paymentMethodId="+value+"</@ofbizUrl>"; + form.action="<@ofbizUrl>updateCheckoutOptions/editeftaccount?DONE_PAGE=checkoutoptions&paymentMethodId="+value+"</@ofbizUrl>"; form.submit(); } } -// --> +//]]> </script> <form method="post" name="checkoutInfoForm" style="margin:0;"> Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl?rev=963915&r1=963914&r2=963915&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl (original) +++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl Wed Jul 14 00:38:19 2010 @@ -18,6 +18,7 @@ under the License. --> <script language="javascript" type="text/javascript"> +//<![CDATA[ function submitForm(form, mode, value) { if (mode == "DN") { // done action; payment info @@ -29,7 +30,7 @@ function submitForm(form, mode, value) { form.submit(); } else if (mode == "NA") { // new address - form.action="<@ofbizUrl>updateShippingOptions/editcontactmech?DONE_PAGE=splitship&preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION</@ofbizUrl>"; + form.action="<@ofbizUrl>updateShippingOptions/editcontactmech?DONE_PAGE=splitship&preContactMechTypeId=POSTAL_ADDRESS&contactMechPurposeTypeId=SHIPPING_LOCATION</@ofbizUrl>"; form.submit(); } else if (mode == "SV") { // save option; return to current screen @@ -41,6 +42,7 @@ function submitForm(form, mode, value) { form.submit(); } } +//]]> </script> <div class="screenlet"> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |