You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mo...@apache.org on 2009/05/19 13:43:16 UTC
svn commit: r776280 -
/ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl
Author: mor
Date: Tue May 19 11:43:15 2009
New Revision: 776280
URL: http://svn.apache.org/viewvc?rev=776280&view=rev
Log:
Securing URLs in FTL. Patch from Pranay Pandey, part of OFBIZ-2492 (https://issues.apache.org/jira/browse/OFBIZ-2492)
Modified:
ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl
Modified: ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl?rev=776280&r1=776279&r2=776280&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl (original)
+++ ofbiz/trunk/applications/product/webapp/facility/shipment/EditShipmentRouteSegments.ftl Tue May 19 11:43:15 2009
@@ -70,7 +70,15 @@
<#assign currencyUom = shipmentRouteSegmentData.currencyUom?if_exists>
<#assign billingWeightUom = shipmentRouteSegmentData.billingWeightUom?if_exists>
<#assign carrierServiceStatusValidChangeToDetails = shipmentRouteSegmentData.carrierServiceStatusValidChangeToDetails?if_exists>
- <form action="<@o...@ofbizUrl>" name="updateShipmentRouteSegmentForm${shipmentRouteSegmentData_index}">
+ <form name="duplicateShipmentRouteSegment_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+ <form name="deleteShipmentRouteSegment_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+ <form action="<@o...@ofbizUrl>" method="post" name="updateShipmentRouteSegmentForm${shipmentRouteSegmentData_index}">
<input type="hidden" name="shipmentId" value="${shipmentId}"/>
<input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
<tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
@@ -80,9 +88,9 @@
<br/>
<a href="javascript:document.updateShipmentRouteSegmentForm${shipmentRouteSegmentData_index}.submit();" class="buttontext">${uiLabelMap.CommonUpdate}</a>
<br/>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDuplicate}</a>
+ <a href="javascript:document.duplicateShipmentRouteSegment_${shipmentRouteSegmentData_index}.submit();" class="buttontext">${uiLabelMap.CommonDuplicate}</a>
<br/>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a href="javascript:document.deleteShipmentRouteSegment_${shipmentRouteSegmentData_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a>
</div>
</td>
<td valign="top">
@@ -164,28 +172,28 @@
<div>
<#if "UPS" == shipmentRouteSegment.carrierPartyId?if_exists>
<#if !shipmentRouteSegment.carrierServiceStatusId?has_content || "SHRSCS_NOT_STARTED" == shipmentRouteSegment.carrierServiceStatusId?if_exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductConfirmShipmentUps}</a>
+ <a href="javascript:document.upsShipmentConfirm_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductConfirmShipmentUps}</a>
<br/>
${uiLabelMap.ProductShipmentUpsResidential}:
<input type="checkbox" name="homeDeliveryType" value="Y" ${(shipmentRouteSegment.homeDeliveryType?has_content)?string("checked=\"checked\"","")}>
<#elseif "SHRSCS_CONFIRMED" == shipmentRouteSegment.carrierServiceStatusId?if_exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductAcceptUpsShipmentConfirmation}</a>
+ <a href="javascript:document.upsShipmentAccept_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductAcceptUpsShipmentConfirmation}</a>
<br/>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductVoidUpsShipmentConfirmation}</a>
+ <a href="javascript:document.upsVoidShipment_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductVoidUpsShipmentConfirmation}</a>
<#elseif "SHRSCS_ACCEPTED" == shipmentRouteSegment.carrierServiceStatusId?if_exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductTrackUpsShipment}</a>
+ <a href="javascript:document.upsTrackShipment_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductTrackUpsShipment}</a>
<br/>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductVoidUpsShipment}</a>
+ <a href="javascript:document.upsVoidShipment_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductVoidUpsShipment}</a>
</#if>
</#if>
<#if "DHL" == shipmentRouteSegment.carrierPartyId?if_exists>
<#if !shipmentRouteSegment.carrierServiceStatusId?has_content || "SHRSCS_NOT_STARTED" == shipmentRouteSegment.carrierServiceStatusId?if_exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductConfirmShipmentDHL}</a>
+ <a href="javascript:document.dhlShipmentConfirm_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductConfirmShipmentDHL}</a>
</#if>
</#if>
<#if "FEDEX" == shipmentRouteSegment.carrierPartyId?if_exists>
<#if !shipmentRouteSegment.carrierServiceStatusId?has_content || "SHRSCS_NOT_STARTED" == shipmentRouteSegment.carrierServiceStatusId?if_exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductConfirmShipmentFedex}</a>
+ <a href="javascript:document.fedexShipmentConfirm_${shipmentRouteSegmentData_index}.submit()" class="buttontext">${uiLabelMap.ProductConfirmShipmentFedex}</a>
<br/>
<#if shipmentMethodType?exists && shipmentMethodType.shipmentMethodTypeId=="GROUND_HOME">
<select name="homeDeliveryType">
@@ -265,8 +273,34 @@
</td>
</tr>
</form>
+ <form name="upsShipmentConfirm_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+ <form name="upsShipmentAccept_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+ <form name="upsVoidShipment_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+ <form name="upsTrackShipment_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+
+ <form name="dhlShipmentConfirm_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
+
+ <form name="fedexShipmentConfirm_${shipmentRouteSegmentData_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentRouteSegment.shipmentId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentRouteSegment.shipmentRouteSegmentId}"/>
+ </form>
<#list shipmentPackageRouteSegs as shipmentPackageRouteSeg>
- <form action="<@o...@ofbizUrl>" name="updateShipmentPackageRouteSegForm${shipmentRouteSegmentData_index}${shipmentPackageRouteSeg_index}">
+ <form action="<@o...@ofbizUrl>" method="post" name="updateShipmentPackageRouteSegForm${shipmentRouteSegmentData_index}${shipmentPackageRouteSeg_index}">
<input type="hidden" name="shipmentId" value="${shipmentId}"/>
<input type="hidden" name="shipmentRouteSegmentId" value="${shipmentPackageRouteSeg.shipmentRouteSegmentId}"/>
<input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageRouteSeg.shipmentPackageSeqId}"/>
@@ -276,7 +310,7 @@
<div>
<span class="label">${uiLabelMap.ProductPackage}</span> ${shipmentPackageRouteSeg.shipmentPackageSeqId}
<#if shipmentPackageRouteSeg.labelImage?exists>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.ProductViewLabelImage}</a>
+ <a href="javascript:document.viewShipmentPackageRouteSegLabelImage_${shipmentRouteSegmentData_index}_${shipmentPackageRouteSeg_index}.submit();" target="_blank" class="buttontext">${uiLabelMap.ProductViewLabelImage}</a>
</#if>
<span class="label">${uiLabelMap.ProductTrack} #</span><input type="text" size="22" name="trackingCode" value="${shipmentPackageRouteSeg.trackingCode?if_exists}"/>
</div>
@@ -290,11 +324,21 @@
<td valign="top">
<div>
<a href="javascript:document.updateShipmentPackageRouteSegForm${shipmentRouteSegmentData_index}${shipmentPackageRouteSeg_index}.submit();" class="buttontext">${uiLabelMap.CommonUpdate}</a>
- <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a href="javascript:document.deleteRouteSegmentShipmentPackage_${shipmentRouteSegmentData_index}_${shipmentPackageRouteSeg_index}.submit();" class="buttontext">${uiLabelMap.CommonDelete}</a>
</div>
</td>
</tr>
</form>
+ <form name="viewShipmentPackageRouteSegLabelImage_${shipmentRouteSegmentData_index}_${shipmentPackageRouteSeg_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentPackageRouteSeg.shipmentId}"/>
+ <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageRouteSeg.shipmentPackageSeqId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentPackageRouteSeg.shipmentRouteSegmentId}"/>
+ </form>
+ <form name="deleteRouteSegmentShipmentPackage_${shipmentRouteSegmentData_index}_${shipmentPackageRouteSeg_index}" method="post" action="<@o...@ofbizUrl>">
+ <input type="hidden" name="shipmentId" value="${shipmentId}"/>
+ <input type="hidden" name="shipmentPackageSeqId" value="${shipmentPackageRouteSeg.shipmentPackageSeqId}"/>
+ <input type="hidden" name="shipmentRouteSegmentId" value="${shipmentPackageRouteSeg.shipmentRouteSegmentId}"/>
+ </form>
</#list>
<#--
<tr>
@@ -333,7 +377,7 @@
</div>
<div class="screenlet-body">
<table cellspacing="0" class="basic-table">
- <form action="<@o...@ofbizUrl>" name="createShipmentRouteSegmentForm">
+ <form action="<@o...@ofbizUrl>" method="post" name="createShipmentRouteSegmentForm">
<input type="hidden" name="shipmentId" value="${shipmentId}"/>
<tr>
<td valign="top">