added some http-only configuration to avoid common XSS

[pizzaservice-war.git] / web / admin / category.xhtml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
          xmlns:ui="http://java.sun.com/jsf/facelets"
          xmlns:h="http://xmlns.jcp.org/jsf/html"
          xmlns:f="http://xmlns.jcp.org/jsf/core"
          >

        <ui:composition template="/WEB-INF/templates/admin/admin_base.tpl">
                <ui:define name="admin_title">#{msg.PAGE_TITLE_ADMIN_CATEGORIES}</ui:define>

                <ui:define name="content_header">
                        #{msg.CONTENT_TITLE_ADMIN_CATEGORIES}
                </ui:define>

                <ui:define name="content">
                        <div class="para">
                                <h:form id="form">
                                        <h:dataTable id="categories" var="cat" value="#{controller.allCategories}" styleClass="table" headerClass="table_header_column" summary="#{msg.TABLE_SUMMARY_ADMIN_CATEGORY}">
                                                <h:column>
                                                        <f:facet name="header">#{msg.SELECT_ENTRY}</f:facet>
                                                        #{cat.categoryId}:
                                                        <h:selectBooleanCheckbox class="input" value="true" />
                                                </h:column>

                                                <h:column>
                                                        <f:facet name="header">#{msg.ADMIN_ENTER_CATEGORY_TITLE}</f:facet>
                                                                #{cat.categoryTitle}
                                                </h:column>

                                                <h:column>
                                                        <f:facet name="header">#{msg.ADMIN_PARENT_CATEGORY}</f:facet>
                                                                #{cat.parentCategory.categoryId}
                                                </h:column>
                                        </h:dataTable>

                                        <div class="table_footer">
                                                <h:commandButton class="reset" type="reset" value="#{msg.BUTTON_RESET_FORM}" />
                                                <h:commandButton class="submit" type="submit" id="edit" action="#{admin_category.editCategory(cat)}" value="#{msg.ADMIN_BUTTON_EDIT_ENTRIES}" />
                                                <h:commandButton class="delete" type="submit" id="delete" action="#{admin_category.deleteCategory(cat)}" value="#{msg.ADMIN_BUTTON_DELETE_ENTRIES}" />
                                        </div>
                                </h:form>
                        </div>

                        <div class="para">
                                <h:form id="add_category">
                                        <div class="table">
                                                <div class="table_header">
                                                        #{msg.ADMIN_ADD_CATEGORY_TITLE}
                                                </div>

                                                <fieldset id="product_data">
                                                        <legend>#{msg.PLEASE_FILL_ALL_FIELDS}</legend>

                                                        <div class="table_row">
                                                                <div class="table_left">
                                                                        #{msg.ADMIN_ENTER_CATEGORY_TITLE}
                                                                        <div class="tiny">#{msg.ADMIN_ENTER_CATEGORY_TITLE_EXAMPLE}</div>
                                                                </div>

                                                                <div class="table_right">
                                                                        <h:inputText class="input" id="guest_title" value="#{admin_category.categoryTitle}" size="10" maxlength="255" required="true" />
                                                                </div>

                                                                <div class="clear"></div>
                                                        </div>

                                                        <div class="table_row">
                                                                <div class="table_left">
                                                                        #{msg.ADMIN_PARENT_CATEGORY}
                                                                </div>

                                                                <div class="table_right">
                                                                        <ui:include src="/WEB-INF/templates/admin/admin_parent_category_selection_box.tpl" />
                                                                </div>

                                                                <div class="clear"></div>
                                                        </div>
                                                </fieldset>

                                                <div class="table_footer">
                                                        <h:commandButton class="reset" type="reset" value="#{msg.BUTTON_RESET_FORM}" />
                                                        <h:commandButton class="submit" type="submit" action="#{admin_category.addCategory()}" value="#{msg.ADMIN_BUTTON_ADD_CATEGORY}" />
                                                </div>
                                        </div>
                                </h:form>
                        </div>
                </ui:define>
        </ui:composition>
</html>