[ https://issues.apache.org/jira/browse/OFBIZ-2333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato updated OFBIZ-2333: ------------------------------------- Component/s: order Affects Version/s: SVN trunk Release Branch 9.04 Fix Version/s: SVN trunk Release Branch 9.04 Summary: createOrderAdjustment security related error (was: Another one in error.log ) > createOrderAdjustment security related error > -------------------------------------------- > > Key: OFBIZ-2333 > URL: https://issues.apache.org/jira/browse/OFBIZ-2333 > Project: OFBiz > Issue Type: Sub-task > Components: order > Affects Versions: Release Branch 9.04, SVN trunk > Reporter: Jacques Le Roux > Fix For: Release Branch 9.04, SVN trunk > > > Another one in error.log > 2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR] > Request createOrderAdjustment caused an error with the following message: > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [orderId] passed to secure (https) request-map with uri > [createOrderAdjustment] with an event that calls service > [createOrderAdjustment]; this is not allowed for security reasons! The data > should be encrypted by making it part of the request body (a form field) > instead of the request URL. > but this one is another exception : (paramString contains orderId...) > <form name="addAdjustmentForm" method="post" > action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>"> > [ Afficher ยป ] > Jacques Le Roux added a comment - 20/avr./09 12:19 PM Another one in > error.log 2009-04-19 13:49:51,262 (TP-Processor17) [ > RequestHandler.java:399:ERROR] Request createOrderAdjustment caused an error > with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [orderId] > passed to secure (https) request-map with uri [createOrderAdjustment] with an > event that calls service [createOrderAdjustment]; this is not allowed for > security reasons! The data should be encrypted by making it part of the > request body (a form field) instead of the request URL. but this one is > another exception : (paramString contains orderId...) <form > name="addAdjustmentForm" method="post" > action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>"> -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.