You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2016/06/06 18:57:48 UTC
Re: svn commit: r1746820 -
/ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.f
tl
This is right Deeak,
Moreover this is what says the "HTML Validator" plugin in Firefox (http://users.skynet.be/mgueury/mozilla/) on demo trunk (HEAD)
Result: 61 erreurs / 0 avertissements
Info: W3c Online Validation
line 286 column 49 - Erreur: The \u201ccellspacing\u201d attribute on the \u201ctable\u201d element is obsolete. Use CSS instead.
line 299 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 299 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 300 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 300 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 394 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 394 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 407 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 407 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 408 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 408 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 502 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 502 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 515 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 515 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 516 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 516 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 610 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 610 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 623 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 623 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 624 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 624 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 718 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 718 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 731 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 731 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 732 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 732 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 826 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 826 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 839 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 839 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 840 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 840 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 934 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 934 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 947 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 947 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 948 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 948 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1042 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1042 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1055 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 1055 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1056 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 1056 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1150 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1150 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1163 column 133 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 1163 column 133 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1164 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 1164 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1258 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1258 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1271 column 134 - Erreur: Start tag \u201cform\u201d seen in \u201ctable\u201d.
line 1271 column 134 - Erreur: Element \u201cform\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1272 column 76 - Erreur: Start tag \u201cinput\u201d seen in \u201ctable\u201d.
line 1272 column 76 - Erreur: Element \u201cinput\u201d not allowed as child of element \u201ctr\u201d in this context. (Suppressing further errors from this subtree.)
line 1366 column 19 - Erreur: Stray end tag \u201cform\u201d.
line 1366 column 19 - Erreur: Stray end tag \u201cform\u201d.
So 2 same are not from Arjun's patch. So I guess he simply followed the "trend" in this page. I guess we have still a lot like that in all OFBiz. Some
maybe introduced with subtasks of OFBIZ-2330...
I'd not call them bugs since so far browsers are accepting and rendering them. But I agree it would be good to get rid of (all of) them. This would be
another Jira ;)
Jacques
Le 06/06/2016 � 08:57, Deepak Dixit a �crit :
> Hi Arjun,
>
> Its incorrect markup, form tag is not valid child for table, you can't put
> form between td tag, You need to put this inside td.
>
> Thanks & Regards
> --
> Deepak Dixit
> www.hotwaxsystems.com
>
> On Sat, Jun 4, 2016 at 6:50 PM, <pr...@apache.org> wrote:
>
>> Author: pranayp
>> Date: Sat Jun 4 13:20:58 2016
>> New Revision: 1746820
>>
>> URL: http://svn.apache.org/viewvc?rev=1746820&view=rev
>> Log:
>> [OFBIZ-7162] Fixed security issue with delete child period in
>> EditCustomTimePeriod.
>>
>> Thanks Montalbano Florian for reporting the issue and thanks Arjun Kaushal
>> for providing the patch.
>>
>> Modified:
>>
>> ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.ftl
>>
>> Modified:
>> ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.ftl
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.ftl?rev=1746820&r1=1746819&r2=1746820&view=diff
>>
>> ==============================================================================
>> ---
>> ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.ftl
>> (original)
>> +++
>> ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.ftl
>> Sat Jun 4 13:20:58 2016
>> @@ -60,7 +60,7 @@ under the License.
>> <td>${uiLabelMap.AccountingPeriodName}</td>
>> <td>${uiLabelMap.CommonFromDate}</td>
>> <td>${uiLabelMap.CommonThruDate}</td>
>> - <td> </td>
>> + <td colspan="2"> </td>
>> </tr>
>> <tr>
>> <td>${currentCustomTimePeriod.customTimePeriodId}</td>
>> @@ -124,12 +124,16 @@ under the License.
>> </td>
>> <td class="button-col">
>> <input type="submit" value='${uiLabelMap.CommonUpdate}'/>
>> - <a
>> href='<@o...@ofbizUrl>'>
>> - ${uiLabelMap.CommonDelete}</a>
>> + </td>
>> + </form>
>> + <td class="button-col">
>> + <form method="post"
>> action='<@o...@ofbizUrl>'
>> name='deleteCustomTimePeriodForm'>
>> + <input type="hidden" name="customTimePeriodId"
>> value="${currentCustomTimePeriod.customTimePeriodId!}" />
>> + <input type="submit" value='${uiLabelMap.CommonDelete}'/>
>> + </form>
>> </td>
>> </tr>
>> </table>
>> - </form>
>> <#else>
>> <div
>> class="screenlet-body">${uiLabelMap.AccountingNoCurrentCustomTimePeriodSelected}</div>
>> </#if>
>> @@ -152,7 +156,7 @@ under the License.
>> <td>${uiLabelMap.AccountingPeriodName}</td>
>> <td>${uiLabelMap.CommonFromDate}</td>
>> <td>${uiLabelMap.CommonThruDate}</td>
>> - <td> </td>
>> + <td colspan="3"> </td>
>> </tr>
>> <#assign line = 0>
>> <#list customTimePeriods as customTimePeriod>
>> @@ -213,15 +217,21 @@ under the License.
>> <#if nowTimestamp.after(compareDate)><#assign hasExpired
>> = true></#if>
>> </#if>
>> <input type="text" size='13' name="thruDate"
>> value="${customTimePeriod.thruDate?string("yyyy-MM-dd")}"<#if hasExpired>
>> class="alert"</#if> />
>> - </td>
>> - <td class="button-col">
>> + </td>
>> + <td class="button-col">
>> <input type="submit" value='${uiLabelMap.CommonUpdate}'/>
>> - <a
>> href='<@o...@ofbizUrl>'>
>> - ${uiLabelMap.CommonDelete}</a>
>> + </td>
>> + </form>
>> + <td class="button-col">
>> + <form method="post"
>> action='<@o...@ofbizUrl>'
>> name='lineForm${line}'>
>> + <input type="hidden" name="customTimePeriodId"
>> value="${customTimePeriod.customTimePeriodId!}" />
>> + <input type="submit" value='${uiLabelMap.CommonDelete}'/>
>> + </form>
>> + </td>
>> + <td class="button-col">
>> <a
>> href='<@o...@ofbizUrl>'>
>> ${uiLabelMap.CommonSetAsCurrent}</a>
>> </td>
>> - </form>
>> </tr>
>> </#list>
>> </table>
>>
>>
>>
Re: svn commit: r1746820 -
/ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.f
tl
Posted by Jacques Le Roux <ja...@les7arts.com>.
Le 06/06/2016 � 20:57, Jacques Le Roux a �crit :
> So 2 same are not from Arjun's patch. So I guess he simply followed the "trend" in this page. I guess we have still a lot like that in all OFBiz.
> Some maybe introduced with subtasks of OFBIZ-2330...
I was maybe too fast on that, I checked 2 subtasks of OFBIZ-2330 and found nothing like that, remain 80- subtasks to check and certainly more in the
wide ;)
Actually we all know that using tables for layout is not a good thing, but most of OFBiz dates from 2001 to 2010...
Jacques
Re: svn commit: r1746820 - /ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.f
tl
Posted by Deepak Dixit <de...@hotwaxsystems.com>.
No Problem Jacques :)
Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com
On Tue, Jun 7, 2016 at 12:31 AM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> Le 06/06/2016 à 20:57, Jacques Le Roux a écrit :
>
>> This is right Deeak,
>>
> Sorry Deepak!
>
> Jacques
>
>
Re: svn commit: r1746820 -
/ofbiz/trunk/applications/accounting/template/period/EditCustomTimePeriod.f
tl
Posted by Jacques Le Roux <ja...@les7arts.com>.
Le 06/06/2016 � 20:57, Jacques Le Roux a �crit :
> This is right Deeak,
Sorry Deepak!
Jacques