You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2012/05/11 21:26:19 UTC
svn commit: r1337341 - in /ofbiz/branches/release11.04: ./
specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/
specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/
specialpurpose/ecommerce/webapp/ecommerce/customer/
Author: jacopoc
Date: Fri May 11 19:26:18 2012
New Revision: 1337341
URL: http://svn.apache.org/viewvc?rev=1337341&view=rev
Log:
Applied fix from trunk for revision: 1337059
===
Changed the Anon Contact Us in ecommerce to use the improved captcha event. Also removed some bad code that would allow a user to impersonate another user and discover their name simply by entering that person's email address in the form.
Modified:
ofbiz/branches/release11.04/ (props changed)
ofbiz/branches/release11.04/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl
Propchange: ofbiz/branches/release11.04/
------------------------------------------------------------------------------
Merged /ofbiz/trunk:r1337059
Modified: ofbiz/branches/release11.04/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=1337341&r1=1337340&r2=1337341&view=diff
==============================================================================
--- ofbiz/branches/release11.04/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original)
+++ ofbiz/branches/release11.04/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Fri May 11 19:26:18 2012
@@ -1272,47 +1272,18 @@ under the License.
<add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressMissingError"/></add-error>
<else>
<if-validate-method field="parameters.emailAddress" method="isEmail" class="org.ofbiz.base.util.UtilValidate">
- <!-- Check existing email -->
- <entity-condition list="contacts" entity-name="PartyContactDetailByPurpose">
- <condition-list>
- <condition-expr field-name="infoString" from-field="parameters.emailAddress"/>
- <condition-expr field-name="contactMechTypeId" value="EMAIL_ADDRESS"/>
- <condition-expr field-name="contactMechPurposeTypeId" value="PRIMARY_EMAIL"/>
- </condition-list>
- </entity-condition>
- <if-not-empty field="contacts">
- <first-from-list entry="contact" list="contacts"/>
- <set field="isExistingEmail" type="Boolean" value="true"/>
- </if-not-empty>
<else>
<add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressNotFormattedCorrectly"/></add-error>
</else>
</if-validate-method>
</else>
</if-empty>
- <call-object-method obj-field="parameters.captcha" method-name="toLowerCase" ret-field="parameters.captcha"/>
- <call-object-method obj-field="parameters.captchaCode" method-name="toLowerCase" ret-field="parameters.captchaCode"/>
- <if-compare-field operator="not-equals" field="parameters.captcha" to-field="parameters.captchaCode">
+ <call-object-method obj-field="parameters.captcha" method-name="toLowerCase" ret-field="submittedCaptcha"/>
+ <script>groovy: context.actualCaptcha = request.getSession().getAttribute("_CAPTCHA_CODE_")?.toLowerCase()</script>
+ <if-compare-field operator="not-equals" field="submittedCaptcha" to-field="actualCaptcha">
<add-error><fail-property resource="MyPortalUiLabels" property="MyPortalCaptchaMissingError"/></add-error>
</if-compare-field>
<check-errors/>
- <!-- If email already exist, will go to confirm screen. -->
- <if>
- <condition>
- <and>
- <if-empty field="parameters.partyId"/>
- <if-compare operator="equals" value="true" field="isExistingEmail"/>
- </and>
- </condition>
- <then>
- <entity-one value-field="person" entity-name="Person">
- <field-map field-name="partyId" from-field="contact.partyId"/>
- </entity-one>
- <field-to-request field="person" request-name="person"/>
- <return response-code="confirm"/>
- </then>
- </if>
- <!-- If person doesn't exist, will create new person and contact. -->
<if-empty field="parameters.partyId">
<set-service-fields service-name="createPerson" to-map="newPerson" map="parameters"/>
<call-service service-name="createPerson" in-map-name="newPerson">
Modified: ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml?rev=1337341&r1=1337340&r2=1337341&view=diff
==============================================================================
--- ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml (original)
+++ ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml Fri May 11 19:26:18 2012
@@ -1307,7 +1307,6 @@ under the License.
</request-map>
<request-map uri="AnonContactus">
<security https="true" auth="false"/>
- <event type="java" invoke="getCodeCaptcha" path="org.ofbiz.common.Captcha"/>
<response name="success" type="view" value="AnonContactus"/>
</request-map>
<request-map uri="contactsubmit">
@@ -1320,7 +1319,6 @@ under the License.
<security https="true" auth="false"/>
<event type="simple" invoke="createAnonContact" path="component://ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml"/>
<response name="success" type="request-redirect" value="main"/>
- <response name="confirm" type="request" value="AnonContactus"/>
<response name="error" type="request" value="AnonContactus"/>
</request-map>
Modified: ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl?rev=1337341&r1=1337340&r2=1337341&view=diff
==============================================================================
--- ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl (original)
+++ ofbiz/branches/release11.04/specialpurpose/ecommerce/webapp/ecommerce/customer/AnonContactus.ftl Fri May 11 19:26:18 2012
@@ -21,66 +21,16 @@ under the License.
<div class="screenlet-title-bar">
<h3>${uiLabelMap.CommonContactUs}</h3>
</div>
-<#if parameters.person?has_content>
- <#assign person = parameters.person/>
- <div class="screenlet-body">
- <form name="contactForm" method="post" action="<@o...@ofbizUrl>">
- <input type="hidden" name="partyIdFrom" value="${(userLogin.partyId)?if_exists}" />
- <input type="hidden" name="partyIdTo" value="${productStore.payToPartyId?if_exists}"/>
- <input type="hidden" name="contactMechTypeId" value="WEB_ADDRESS" />
- <input type="hidden" name="communicationEventTypeId" value="WEB_SITE_COMMUNICATI" />
- <input type="hidden" name="productStoreId" value="${productStore.productStoreId}" />
- <input type="hidden" name="emailType" value="CONT_NOTI_EMAIL" />
- <input type="hidden" name="captchaCode" value="${requestParameters.captchaCode?if_exists}"/>
- <input type="hidden" name="captcha" value="${requestParameters.captcha?if_exists}"/>
- <input type="hidden" name="partyId" value="${person.partyId?if_exists}"/>
- <input type="hidden" name="emailAddress" value="${requestParameters.emailAddress?if_exists}"/>
- <table class="basic-table" cellspacing="0">
- <tbody>
- <tr>
- <td class="label">${uiLabelMap.EcommerceSubject}</td>
- <td><input type="text" name="subject" id="subject" class="required" value="${requestParameters.subject?if_exists}"/>*</td>
- </tr>
- <tr>
- <td class="label">${uiLabelMap.CommonMessage}</td>
- <td><textarea name="content" id="message" class="required" cols="50" rows="5">${requestParameters.content?if_exists}</textarea>*</td>
- </tr>
- <tr>
- <td class="label">${uiLabelMap.FormFieldTitle_emailAddress}</td>
- <td>${requestParameters.emailAddress?if_exists} (${uiLabelMap.CommonEmailAlreadyExist})</td>
- </tr>
- <tr>
- <td class="label">${uiLabelMap.CommonFrom}</td>
- <td>${person.firstName?if_exists} ${person.lastName?if_exists} (${uiLabelMap.FormFieldTitle_existingCustomer})</td>
- </tr>
- <tr>
- <td class="label"></td>
- <td><a class="smallsubmit" href="javascript: void(0)" onclick="document.contactForm.submit();">${uiLabelMap.CommonConfirm}</a><a href="<@o...@ofbizUrl>" class="smallsubmit">${uiLabelMap.CommonCancel}</a></td>
- </tr>
- </tbody>
- </table>
- </form>
- </div>
-<#else>
-<script type="text/javascript" language="JavaScript">
-<!--
- function reloadCaptcha(){
- var submitToUri = "<@o...@ofbizUrl>";
- $.post(submitToUri, null,
- function(data){
- document.getElementById("captchaImage").innerHTML = data;
- });
- reloadCaptchaCode();
- }
- function reloadCaptchaCode(){
- var submitToUri = "<@o...@ofbizUrl>";
- $.post(submitToUri, null,
- function(data){
- document.getElementById("captchaCode").innerHTML = data;
- });
- }
+ <script type="text/javascript" language="JavaScript">
+ <!--
+ function reloadCaptcha() {
+ var captchaUri = "<@o...@ofbizUrl>";
+ var unique = Date.now();
+ captchaUri = captchaUri.replace("_PLACEHOLDER_", unique);
+ document.getElementById("captchaImage").src = captchaUri;
+ }
//-->
-</script>
+ </script>
<div class="screenlet-body">
<form id="contactForm" method="post" action="<@o...@ofbizUrl>">
<input type="hidden" name="partyIdFrom" value="${(userLogin.partyId)?if_exists}" />
@@ -92,10 +42,6 @@ under the License.
<table class="basic-table" cellspacing="0">
<tbody>
<tr>
- <td></td>
- <td><div id="captchaCode"><input type="hidden" value="${parameters.ID_KEY}" name="captchaCode"/></div></td>
- </tr>
- <tr>
<td class="label">${uiLabelMap.EcommerceSubject}</td>
<td><input type="text" name="subject" id="subject" class="required" value="${requestParameters.subject?if_exists}"/>*</td>
</tr>
@@ -117,7 +63,7 @@ under the License.
</tr>
<tr>
<td class="label">${uiLabelMap.CommonCaptchaCode}</td>
- <td><div id="captchaImage"><img src="${parameters.captchaFileName}" alt="" /></div><a href="javascript:reloadCaptcha();">${uiLabelMap.CommonReloadCaptchaCode}</a></td>
+ <td><div><img id="captchaImage" src="<@o...@ofbizUrl>" alt="" /></div><a href="javascript:reloadCaptcha();">${uiLabelMap.CommonReloadCaptchaCode}</a></td>
</tr>
<tr>
<td class="label">${uiLabelMap.CommonVerifyCaptchaCode}</td>
@@ -131,5 +77,4 @@ under the License.
</table>
</form>
</div>
-</#if>
</div>