You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by pr...@apache.org on 2016/06/04 13:23:02 UTC
svn commit: r1746821 -
/ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl
Author: pranayp
Date: Sat Jun 4 13:23:02 2016
New Revision: 1746821
URL: http://svn.apache.org/viewvc?rev=1746821&view=rev
Log:
Manually applied fix from trunk revision 1746820.
---------------------------------------------------------------------
[OFBIZ-7162] Fixed security issue with delete child period in EditCustomTimePeriod.
Thanks Montalbano Florian for reporting the issue and thanks Arjun Kaushal for providing the patch.
---------------------------------------------------------------------
Modified:
ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl
Modified: ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl?rev=1746821&r1=1746820&r2=1746821&view=diff
==============================================================================
--- ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl (original)
+++ ofbiz/branches/release15.12/applications/accounting/webapp/accounting/period/EditCustomTimePeriod.ftl Sat Jun 4 13:23:02 2016
@@ -60,7 +60,7 @@ under the License.
<td>${uiLabelMap.AccountingPeriodName}</td>
<td>${uiLabelMap.CommonFromDate}</td>
<td>${uiLabelMap.CommonThruDate}</td>
- <td> </td>
+ <td colspan="2"> </td>
</tr>
<tr>
<td>${currentCustomTimePeriod.customTimePeriodId}</td>
@@ -124,12 +124,16 @@ under the License.
</td>
<td class="button-col">
<input type="submit" value='${uiLabelMap.CommonUpdate}'/>
- <a href='<@o...@ofbizUrl>'>
- ${uiLabelMap.CommonDelete}</a>
+ </td>
+ </form>
+ <td class="button-col">
+ <form method="post" action='<@o...@ofbizUrl>' name='deleteCustomTimePeriodForm'>
+ <input type="hidden" name="customTimePeriodId" value="${currentCustomTimePeriod.customTimePeriodId!}" />
+ <input type="submit" value='${uiLabelMap.CommonDelete}'/>
+ </form>
</td>
</tr>
</table>
- </form>
<#else>
<div class="screenlet-body">${uiLabelMap.AccountingNoCurrentCustomTimePeriodSelected}</div>
</#if>
@@ -152,7 +156,7 @@ under the License.
<td>${uiLabelMap.AccountingPeriodName}</td>
<td>${uiLabelMap.CommonFromDate}</td>
<td>${uiLabelMap.CommonThruDate}</td>
- <td> </td>
+ <td colspan="3"> </td>
</tr>
<#assign line = 0>
<#list customTimePeriods as customTimePeriod>
@@ -216,12 +220,18 @@ under the License.
</td>
<td class="button-col">
<input type="submit" value='${uiLabelMap.CommonUpdate}'/>
- <a href='<@o...@ofbizUrl>'>
- ${uiLabelMap.CommonDelete}</a>
- <a href='<@o...@ofbizUrl>'>
- ${uiLabelMap.CommonSetAsCurrent}</a>
- </td>
- </form>
+ </td>
+ </form>
+ <td class="button-col">
+ <form method="post" action='<@o...@ofbizUrl>' name='lineForm${line}'>
+ <input type="hidden" name="customTimePeriodId" value="${customTimePeriod.customTimePeriodId!}" />
+ <input type="submit" value='${uiLabelMap.CommonDelete}'/>
+ </form>
+ </td>
+ <td class="button-col">
+ <a href='<@o...@ofbizUrl>'>
+ ${uiLabelMap.CommonSetAsCurrent}</a>
+ </td>
</tr>
</#list>
</table>