You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by pr...@apache.org on 2016/06/13 09:44:57 UTC

svn commit: r1748163 - /ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Author: pranayp
Date: Mon Jun 13 09:44:57 2016
New Revision: 1748163

URL: http://svn.apache.org/viewvc?rev=1748163&view=rev
Log:
Manually applied fix from trunk revision 1748156.
[OFBIZ-7291] Applied patch from the ticket to fix security error on Remove Shopping List Item link in eCommerce. Thanks Mohammed Rehan Khan for the contribution.

Modified:
    ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl

Modified: ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl?rev=1748163&r1=1748162&r2=1748163&view=diff
==============================================================================
--- ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl (original)
+++ ofbiz/branches/release13.07/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl Mon Jun 13 09:44:57 2016
@@ -506,7 +506,13 @@ under the License.
                     </td>
                     <td align="right">
                         <a href="#" onclick="javascript:TimestampSubmit(listform_${shoppingListItem.shoppingListItemSeqId});" class="buttontext">${uiLabelMap.CommonUpdate}</a>
-                        <a href="<@o...@ofbizUrl>" class="buttontext">${uiLabelMap.CommonRemove}</a>
+                        <a href="javascript:document.removeFromShoppingList.submit();" class="buttontext">${uiLabelMap.CommonRemove}</a>
+                        <form name="removeFromShoppingList" method="post" action="<@o...@ofbizUrl>">
+                          <fieldset>
+                            <input type="hidden" name="shoppingListId" value="${shoppingListItem.shoppingListId!}">
+                            <input type="hidden" name="shoppingListItemSeqId" value="${shoppingListItem.shoppingListItemSeqId}">
+                          </fieldset>
+                        </form>
                       <#if isVirtual && productVariantAssocs?has_content>
                         <#assign replaceItemAction = "/replaceShoppingListItem/" + requestAttributes._CURRENT_VIEW_?if_exists>
                         <#assign addToCartAction = "/additem/" + requestAttributes._CURRENT_VIEW_?if_exists>