You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mo...@apache.org on 2009/06/24 12:29:57 UTC
svn commit: r787968 -
/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
Author: mor
Date: Wed Jun 24 10:29:57 2009
New Revision: 787968
URL: http://svn.apache.org/viewvc?rev=787968&view=rev
Log:
Securing URLs in FTL. These changes were removed while doing a revert in rev. 781008.
Note: These changes are already moved in release09.04.
Modified:
ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl?rev=787968&r1=787967&r2=787968&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl Wed Jun 24 10:29:57 2009
@@ -17,6 +17,19 @@
under the License.
-->
+<script language="JavaScript" type="text/javascript">
+ function clearLine(facilityId, orderId, orderItemSeqId, productId, shipGroupSeqId, inventoryItemId, packageSeqId) {
+ document.clearPackLineForm.facilityId.value = facilityId;
+ document.clearPackLineForm.orderId.value = orderId;
+ document.clearPackLineForm.orderItemSeqId.value = orderItemSeqId;
+ document.clearPackLineForm.productId.value = productId;
+ document.clearPackLineForm.shipGroupSeqId.value = shipGroupSeqId;
+ document.clearPackLineForm.inventoryItemId.value = inventoryItemId;
+ document.clearPackLineForm.packageSeqId.value = packageSeqId;
+ document.clearPackLineForm.submit();
+ }
+</script>
+
<#if security.hasEntityPermission("FACILITY", "_VIEW", session)>
<#assign showInput = requestParameters.showInput?default("Y")>
<#assign hideGrid = requestParameters.hideGrid?default("N")>
@@ -115,6 +128,15 @@
<input type="hidden" name="shipGroupSeqId" value="${shipGroupSeqId?if_exists}"/>
<input type="hidden" name="facilityId" value="${facilityId?if_exists}"/>
</form>
+ <form name="clearPackLineForm" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="facilityId"/>
+ <input type="hidden" name="orderId"/>
+ <input type="hidden" name="orderItemSeqId"/>
+ <input type="hidden" name="productId"/>
+ <input type="hidden" name="shipGroupSeqId"/>
+ <input type="hidden" name="inventoryItemId"/>
+ <input type="hidden" name="packageSeqId"/>
+ </form>
</div>
</div>
@@ -429,7 +451,7 @@
<td align="right">${line.getQuantity()}</td>
<td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
<td align="right">${line.getPackageSeq()}</td>
- <td align="right"><a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td>
+ <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
</tr>
</#list>
</table>
@@ -473,7 +495,7 @@
<td align="right">${line.getQuantity()}</td>
<td align="right">${line.getWeight()} (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
<td align="right">${line.getPackageSeq()}</td>
- <td align="right"><a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonClear}</a></td>
+ <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}', '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}', '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
</tr>
</#list>
</table>
Re: svn commit: r787968 - /ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
Posted by Jacques Le Roux <ja...@les7arts.com>.
Thanks for taking care of this Vikas!
Jacques
From: <mo...@apache.org>
> Author: mor
> Date: Wed Jun 24 10:29:57 2009
> New Revision: 787968
>
> URL: http://svn.apache.org/viewvc?rev=787968&view=rev
> Log:
> Securing URLs in FTL. These changes were removed while doing a revert in rev. 781008.
> Note: These changes are already moved in release09.04.
>
> Modified:
> ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
>
> Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl?rev=787968&r1=787967&r2=787968&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl (original)
> +++ ofbiz/trunk/applications/product/webapp/facility/shipment/PackOrder.ftl Wed Jun 24 10:29:57 2009
> @@ -17,6 +17,19 @@
> under the License.
> -->
>
> +<script language="JavaScript" type="text/javascript">
> + function clearLine(facilityId, orderId, orderItemSeqId, productId, shipGroupSeqId, inventoryItemId, packageSeqId) {
> + document.clearPackLineForm.facilityId.value = facilityId;
> + document.clearPackLineForm.orderId.value = orderId;
> + document.clearPackLineForm.orderItemSeqId.value = orderItemSeqId;
> + document.clearPackLineForm.productId.value = productId;
> + document.clearPackLineForm.shipGroupSeqId.value = shipGroupSeqId;
> + document.clearPackLineForm.inventoryItemId.value = inventoryItemId;
> + document.clearPackLineForm.packageSeqId.value = packageSeqId;
> + document.clearPackLineForm.submit();
> + }
> +</script>
> +
> <#if security.hasEntityPermission("FACILITY", "_VIEW", session)>
> <#assign showInput = requestParameters.showInput?default("Y")>
> <#assign hideGrid = requestParameters.hideGrid?default("N")>
> @@ -115,6 +128,15 @@
> <input type="hidden" name="shipGroupSeqId" value="${shipGroupSeqId?if_exists}"/>
> <input type="hidden" name="facilityId" value="${facilityId?if_exists}"/>
> </form>
> + <form name="clearPackLineForm" method="post" action="<@o...@ofbizUrl>">
> + <input type="hidden" name="facilityId"/>
> + <input type="hidden" name="orderId"/>
> + <input type="hidden" name="orderItemSeqId"/>
> + <input type="hidden" name="productId"/>
> + <input type="hidden" name="shipGroupSeqId"/>
> + <input type="hidden" name="inventoryItemId"/>
> + <input type="hidden" name="packageSeqId"/>
> + </form>
> </div>
> </div>
>
> @@ -429,7 +451,7 @@
> <td align="right">${line.getQuantity()}</td>
> <td align="right">${line.getWeight()}
> (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
> <td align="right">${line.getPackageSeq()}</td>
> - <td align="right"><a
> href="<@o...@ofbizUrl>"
> class="buttontext">${uiLabelMap.CommonClear}</a></td>
> + <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}',
> '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}',
> '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
> </tr>
> </#list>
> </table>
> @@ -473,7 +495,7 @@
> <td align="right">${line.getQuantity()}</td>
> <td align="right">${line.getWeight()}
> (${packingSession.getPackageWeight(line.getPackageSeq()?int)?if_exists})</td>
> <td align="right">${line.getPackageSeq()}</td>
> - <td align="right"><a
> href="<@o...@ofbizUrl>"
> class="buttontext">${uiLabelMap.CommonClear}</a></td>
> + <td align="right"><a href="javascript:clearLine('${facilityId}', '${line.getOrderId()}',
> '${line.getOrderItemSeqId()}', '${line.getProductId()?default("")}', '${line.getShipGroupSeqId()}',
> '${line.getInventoryItemId()}', '${line.getPackageSeq()}')" class="buttontext">${uiLabelMap.CommonClear}</a></td>
> </tr>
> </#list>
> </table>
>
>