Author: jleroux
Date: Sat Nov 7 16:01:37 2009
New Revision: 833703
URL: http://svn.apache.org/viewvc?rev=833703&view=rev
Log:
Fix an FTL security bug "delete website from product store" reported by Mario
Harnisch at https://issues.apache.org/jira/browse/OFBIZ-2387 - OFBIZ-2387
Modified:
ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
Modified:
ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl?rev=833703&r1=833702&r2=833703&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
(original)
+++
ofbiz/trunk/applications/product/webapp/catalog/store/EditProductStoreWebSites.ftl
Sat Nov 7 16:01:37 2009
@@ -37,7 +37,12 @@
<td>${webSite.httpHost?default(' ')}</td>
<td>${webSite.httpPort?default(' ')}</td>
<td align="center">
- <a
href="<@ofbizUrl>storeUpdateWebSite?viewProductStoreId=${productStoreId}&productStoreId=&webSiteId=${webSite.webSiteId}</@ofbizUrl>"
class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <a
href="javascript:document.storeUpdateWebSite_${webSite_index}.submit();"
class="buttontext">${uiLabelMap.CommonDelete}</a>
+ <form name="storeUpdateWebSite_${webSite_index}"
method="post" action="<@ofbizUrl>storeUpdateWebSite</@ofbizUrl>">
+ <input type="hidden" name="viewProductStoreId"
value="${productStoreId}"/>
+ <input type="hidden" name="productStoreId" value=""/>
+ <input type="hidden" name="webSiteId"
value="${webSite.webSiteId}"/>
+ </form>
</td>
</tr>
<#-- toggle the row color -->
