You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by David E Jones <jo...@undersunconsulting.com> on 2007/08/20 10:50:42 UTC
Re: svn commit: r567553 - in /ofbiz/trunk/applications/ecommerce:
script/org/ofbiz/ecommerce/customer/CustomerEvents.xml webapp/ecommerce/customer/newcustomer.ftl
webapp/ecommerce/login.ftl
I move for reverting this commit as a security measure. With this a user could create a URL to add themselves to whatever role they desire and sometimes security code uses unattached roles (even though it's not the best of security code practices).
-David
hansbak@apache.org wrote:
> Author: hansbak
> Date: Sun Aug 19 23:25:02 2007
> New Revision: 567553
>
> URL: http://svn.apache.org/viewvc?rev=567553&view=rev
> Log:
> small change to optionally allow other roleTypes in the customer registration process
>
> Modified:
> ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
> ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
> ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl
>
> Modified: ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original)
> +++ ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Sun Aug 19 23:25:02 2007
> @@ -39,7 +39,7 @@
> <property-to-field resource="security" property="password.lowercase" default="false" field-name="password_lowercase"/>
>
> <now-timestamp-to-env env-name="nowStamp"/>
> - <set value="CUSTOMER" field="parameters.roleTypeId"/>
> + <set field="parameters.roleTypeId" from-field="parameters.ROLETYPEID" default-value="CUSTOMER"/>
>
> <if-compare field-name="allowPassword" operator="not-equals" value="Y">
> <set from-field="defaultPassword" field="parameters.PASSWORD"/>
>
> Modified: ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl (original)
> +++ ofbiz/trunk/applications/ecommerce/webapp/ecommerce/customer/newcustomer.ftl Sun Aug 19 23:25:02 2007
> @@ -86,6 +86,7 @@
>
> <form method="post" action="<@o...@ofbizUrl>" name="newuserform" style="margin: 0;">
> <input type="hidden" name="emailProductStoreId" value="${productStoreId}"/>
> +<input type="hidden" name="ROLETYPEID" value="${parameters.ROLETYPEID?if_exists}"/>
>
> <div class="screenlet">
> <div class="screenlet-header">
>
> Modified: ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl?rev=567553&r1=567552&r2=567553&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl (original)
> +++ ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl Sun Aug 19 23:25:02 2007
> @@ -75,6 +75,8 @@
> </div>
> <div class="screenlet-body" style="text-align: center;">
> <form method="post" action="<@o...@ofbizUrl>" style="margin: 0;">
> + <#-- optional field, default is 'CUSTOMER' -->
> + <#--input type="hidden" name="ROLETYPEID" value="--enter roletypeId here--"/-->
> <div class="tabletext">${uiLabelMap.CommonMayCreateNewAccountHere}:</div>
> <div><input type="submit" class="smallSubmit" value="${uiLabelMap.CommonMayCreate}"/></div>
> </form>
>
>