You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by pr...@apache.org on 2016/06/13 09:35:41 UTC

svn commit: r1748156 - /ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl

Author: pranayp
Date: Mon Jun 13 09:35:41 2016
New Revision: 1748156

URL: http://svn.apache.org/viewvc?rev=1748156&view=rev
Log:
[OFBIZ-7291] Applied slightly modified patch from the ticket to fix security error on Remove Shopping List Item link in eCommerce.

Thanks Mohammed Rehan Khan for the contribution.

Modified:
    ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl

Modified: ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl?rev=1748156&r1=1748155&r2=1748156&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/template/shoppinglist/EditShoppingList.ftl Mon Jun 13 09:35:41 2016
@@ -490,7 +490,13 @@ under the License.
                     </td>
                     <td>
                         <a href="javascript:TimestampSubmit(listform_${shoppingListItem.shoppingListItemSeqId});" class="button">${uiLabelMap.CommonUpdate}</a>
-                        <a href="<@o...@ofbizUrl>" class="button">${uiLabelMap.CommonRemove}</a>
+                        <form name="removeFromShoppingList" method="post" action="<@o...@ofbizUrl>">
+                          <fieldset>
+                            <input type="hidden" name="shoppingListId" value="${shoppingListItem.shoppingListId!}">
+                            <input type="hidden" name="shoppingListItemSeqId" value="${shoppingListItem.shoppingListItemSeqId}">
+                          </fieldset>
+                        </form>
+                        <a href="javascript:document.removeFromShoppingList.submit();" class="button">${uiLabelMap.CommonRemove}</a>
                       <#if isVirtual && productVariantAssocs?has_content>
                         <#assign replaceItemAction = "/replaceShoppingListItem/" + requestAttributes._CURRENT_VIEW_?if_exists />
                         <#assign addToCartAction = "/additem/" + requestAttributes._CURRENT_VIEW_?if_exists />