You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mo...@apache.org on 2009/04/24 10:37:20 UTC

svn commit: r768220 - /ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl

Author: mor
Date: Fri Apr 24 08:37:19 2009
New Revision: 768220

URL: http://svn.apache.org/viewvc?rev=768220&view=rev
Log:
Securing URLs in FTL. Patch from Ashish Nagar, part of OFBIZ-2350 (https://issues.apache.org/jira/browse/OFBIZ-2350)

Modified:
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl?rev=768220&r1=768219&r2=768220&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/editcontactmech.ftl Fri Apr 24 08:37:19 2009
@@ -80,12 +80,24 @@
                       (${uiLabelMap.CommonSince}:${partyContactMechPurpose.fromDate.toString()})
                       <#if partyContactMechPurpose.thruDate?exists>(${uiLabelMap.CommonExpires}:${partyContactMechPurpose.thruDate.toString()})</#if>
                     &nbsp;</div></td>
-                  <td bgcolor='white'><div><a href='<@o...@ofbizUrl>' class='buttontext'>&nbsp;${uiLabelMap.CommonDelete}&nbsp;</a></div></td>
+                  <td bgcolor='white'>
+                    <div>
+                      <form name= "deletePartyContactMechPurpose_${partyContactMechPurpose.contactMechPurposeTypeId}" method= "post" action= "<@o...@ofbizUrl>">
+                        <input type= "hidden" name= "contactMechId" value= "${contactMechId}"/>
+                        <input type= "hidden" name= "contactMechPurposeTypeId" value= "${partyContactMechPurpose.contactMechPurposeTypeId}"/>
+                        <input type= "hidden" name= "fromDate" value= "${partyContactMechPurpose.fromDate}"/>
+                        <input type= "hidden" name= "useValues" value= "true"/>
+                        <a href='javascript:document.deletePartyContactMechPurpose_${partyContactMechPurpose.contactMechPurposeTypeId}.submit()' class='buttontext'>&nbsp;${uiLabelMap.CommonDelete}&nbsp;</a>
+                      </form> 
+                    </div>
+                  </td>
                 </tr>
               </#list>
               <#if purposeTypes?has_content>
               <tr>
-                <form method="post" action='<@o...@ofbizUrl>' name='newpurposeform'>
+                <form method="post" action='<@o...@ofbizUrl>' name='newpurposeform'>
+                  <input type= "hidden" name= "contactMechId" value= "${contactMechId}"/>
+                  <input type= "hidden" name= "useValues" value= "true"/>
                   <td bgcolor='white'>
                     <select name='contactMechPurposeTypeId' class='selectBox'>
                       <option></option>