From 5c2f0e9e5c93cd76188761f210f7575ae91dbfa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois-Xavier=20Algrain?= <fxalgrain@tiolive.com> Date: Tue, 21 Dec 2010 10:44:53 +0000 Subject: [PATCH] Prevent call of the script by the url. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41576 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../erp5_commerce/SaleOrder_setShoppingCartBuyer.xml | 5 ++++- bt5/erp5_commerce/bt/revision | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml b/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml index 065ebc89a0..7fc0e004b1 100644 --- a/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml +++ b/bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_setShoppingCartBuyer.xml @@ -51,6 +51,9 @@ <item> <key> <string>_body</string> </key> <value> <string>"""Set connected user as shopping cart customer"""\n +if REQUEST is not None:\n + raise RuntimeError, "You can not call this script from the URL"\n +\n shopping_cart = context.SaleOrder_getShoppingCart()\n \n if person is None:\n @@ -61,7 +64,7 @@ shopping_cart.edit(destination_decision_value=person)\n </item> <item> <key> <string>_params</string> </key> - <value> <string>person=None</string> </value> + <value> <string>person=None, REQUEST=None</string> </value> </item> <item> <key> <string>id</string> </key> diff --git a/bt5/erp5_commerce/bt/revision b/bt5/erp5_commerce/bt/revision index ac7cd1ac70..c2567dc4fb 100644 --- a/bt5/erp5_commerce/bt/revision +++ b/bt5/erp5_commerce/bt/revision @@ -1 +1 @@ -279 \ No newline at end of file +280 \ No newline at end of file -- 2.30.9