From 5c2f0e9e5c93cd76188761f210f7575ae91dbfa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois-Xavier=20Algrain?= <fxalgrain@tiolive.com>
Date: Tue, 21 Dec 2010 10:44:53 +0000
Subject: [PATCH] Prevent call of the script by the url.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41576 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../erp5_commerce/SaleOrder_setShoppingCartBuyer.xml         | 5 ++++-
 bt5/erp5_commerce/bt/revision                                | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml b/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml
index 065ebc89a0..7fc0e004b1 100644
--- a/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml
+++ b/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml
@@ -51,6 +51,9 @@
         <item>
             <key> <string>_body</string> </key>
             <value> <string>"""Set connected user as shopping cart customer"""\n
+if REQUEST is not None:\n
+  raise RuntimeError, "You can not call this script from the URL"\n
+\n
 shopping_cart = context.SaleOrder_getShoppingCart()\n
 \n
 if person is None:\n
@@ -61,7 +64,7 @@ shopping_cart.edit(destination_decision_value=person)\n
         </item>
         <item>
             <key> <string>_params</string> </key>
-            <value> <string>person=None</string> </value>
+            <value> <string>person=None, REQUEST=None</string> </value>
         </item>
         <item>
             <key> <string>id</string> </key>
diff --git a/bt5/erp5_commerce/bt/revision b/bt5/erp5_commerce/bt/revision
index ac7cd1ac70..c2567dc4fb 100644
--- a/bt5/erp5_commerce/bt/revision
+++ b/bt5/erp5_commerce/bt/revision
@@ -1 +1 @@
-279
\ No newline at end of file
+280
\ No newline at end of file
-- 
2.30.9