svn commit: r1860599 - in /ofbiz/ofbiz-framework/branches/release17.12/themes: common/template/macro/ rainbowstone/template/ rainbowstone/template/macro/

deepak Tue, 04 Jun 2019 03:54:55 -0700

Author: deepak
Date: Tue Jun  4 10:54:31 2019
New Revision: 1860599

URL: http://svn.apache.org/viewvc?rev=1860599&view=rev
Log:
Applied fix from trunk for revision: 1860597 
===


Fixed: Html escaping missing for renderLink parameters
(OFBIZ-11090)
Parameters vlaue should be escaped to avoid any kind of corss site scripting 
issue.

Modified:
    
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
    
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
    
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
    
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
    
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl

Modified: 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlFormMacroLibrary.ftl
 Tue Jun  4 10:54:31 2019
@@ -788,7 +788,7 @@ Parameter: delegatorName, String, option
 <#macro makeHiddenFormLinkForm actionUrl name parameters targetWindow="">
   <form method="post" action="${actionUrl}" <#if 
targetWindow?has_content>target="${targetWindow}"</#if> 
onsubmit="javascript:submitFormDisableSubmits(this)" name="${name}">
     <#list parameters as parameter>
-      <input name="${parameter.name}" value="${parameter.value}" 
type="hidden"/>
+      <input name="${parameter.name}" value="${parameter.value?html}" 
type="hidden"/>
     </#list>
   </form>
 </#macro>

Modified: 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlMenuMacroLibrary.ftl
 Tue Jun  4 10:54:31 2019
@@ -50,7 +50,7 @@ under the License.
   <#if linkType?has_content && "hidden-form" == linkType>
 <form method="post" action="${actionUrl}"<#if targetWindow?has_content> 
target="${targetWindow}"</#if> 
onsubmit="javascript:submitFormDisableSubmits(this)" 
name="${uniqueItemName}"><#rt/>
     <#list parameterList as parameter>
-<input name="${parameter.name}" value="${parameter.value}" 
type="hidden"/><#rt/>
+<input name="${parameter.name}" value="${parameter.value?html}" 
type="hidden"/><#rt/>
     </#list>
 </form><#rt/>
   </#if>
@@ -63,7 +63,7 @@ under the License.
     function ${uniqueItemName}_data() {
         var data =  {
                    <#list parameterList as parameter>
-                    "${parameter.name}": "${parameter.value}",
+                    "${parameter.name}": "${parameter.value?html}",
                     </#list>
                     "presentation": "layer"
                 };

Modified: 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/macro/HtmlScreenMacroLibrary.ftl
 Tue Jun  4 10:54:31 2019
@@ -95,7 +95,7 @@ under the License.
         <#if "hidden-form" == linkType>
             <form method="post" action="${actionUrl}" <#if 
targetWindow?has_content>target="${targetWindow}"</#if> 
onsubmit="javascript:submitFormDisableSubmits(this)" 
name="${uniqueItemName}"><#rt/>
                 <#list parameterList as parameter>
-                <input name="${parameter.name}" value="${parameter.value}" 
type="hidden"/><#rt/>
+                <input name="${parameter.name}" 
value="${parameter.value?html}" type="hidden"/><#rt/>
                 </#list>
             </form><#rt/>
         </#if>
@@ -116,7 +116,7 @@ under the License.
             function ${uniqueItemName}_data() {
                 var data =  {
                     <#list parameterList as parameter>
-                        "${parameter.name}": "${parameter.value}",
+                        "${parameter.name}": "${parameter.value?html}",
                     </#list>
                     "presentation": "layer"
                 };

Modified: 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl
 Tue Jun  4 10:54:31 2019
@@ -50,7 +50,7 @@ under the License.
     <#if linkType?has_content && "hidden-form" == linkType>
     <form method="post" action="${actionUrl}"<#if targetWindow?has_content> 
target="${targetWindow}"</#if> 
onsubmit="javascript:submitFormDisableSubmits(this)" 
name="${uniqueItemName}"><#rt/>
         <#list parameterList as parameter>
-            <input name="${parameter.name}" value="${parameter.value}" 
type="hidden"/><#rt/>
+            <input name="${parameter.name}" value="${parameter.value?html}" 
type="hidden"/><#rt/>
         </#list>
     </form><#rt/>
     </#if>
@@ -63,7 +63,7 @@ under the License.
         function ${uniqueItemName}_data() {
             var data =  {
             <#--list parameterList as parameter>
-                 "${parameter.name}": "${parameter.value}",
+                 "${parameter.name}": "${parameter.value?html}",
              </#list-->
                 "presentation": "layer"
             };

Modified: 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860599&r1=1860598&r2=1860599&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl
 Tue Jun  4 10:54:31 2019
@@ -23,7 +23,7 @@ under the License.
     <#if linkType?has_content && "hidden-form" == linkType>
     <form method="post" action="${actionUrl}"<#if targetWindow?has_content> 
target="${targetWindow}"</#if> 
onsubmit="javascript:submitFormDisableSubmits(this)" 
name="${uniqueItemName}"><#rt/>
         <#list parameterList as parameter>
-            <input name="${parameter.name}" value="${parameter.value}" 
type="hidden"/><#rt/>
+            <input name="${parameter.name}" value="${parameter.value?html}" 
type="hidden"/><#rt/>
         </#list>
     </form><#rt/>
     </#if>
@@ -36,7 +36,7 @@ under the License.
         function ${uniqueItemName}_data() {
             var data =  {
             <#--list parameterList as parameter>
-                 "${parameter.name}": "${parameter.value}",
+                 "${parameter.name}": "${parameter.value?html}",
              </#list-->
                 "presentation": "layer"
             };

svn commit: r1860599 - in /ofbiz/ofbiz-framework/branches/release17.12/themes: common/template/macro/ rainbowstone/template/ rainbowstone/template/macro/

Reply via email to