[jira] Updated: (OFBIZ-2333) createOrderAdjustment security related error

Wed, 22 Apr 2009 08:01:12 -0700 

     [ 
https://issues.apache.org/jira/browse/OFBIZ-2333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacopo Cappellato updated OFBIZ-2333:
-------------------------------------

          Component/s: order
    Affects Version/s: SVN trunk
                       Release Branch 9.04
        Fix Version/s: SVN trunk
                       Release Branch 9.04
              Summary: createOrderAdjustment security related error  (was: 
Another one in error.log  )

> createOrderAdjustment security related error
> --------------------------------------------
>
>                 Key: OFBIZ-2333
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-2333
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: order
>    Affects Versions: Release Branch 9.04, SVN trunk
>            Reporter: Jacques Le Roux
>             Fix For: Release Branch 9.04, SVN trunk
>
>
> Another one in error.log
> 2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR] 
> Request createOrderAdjustment caused an error with the following message: 
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL 
> parameter [orderId] passed to secure (https) request-map with uri 
> [createOrderAdjustment] with an event that calls service 
> [createOrderAdjustment]; this is not allowed for security reasons! The data 
> should be encrypted by making it part of the request body (a form field) 
> instead of the request URL.
> but this one is another exception : (paramString contains orderId...)
> <form name="addAdjustmentForm" method="post" 
> action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
> [ Afficher ยป ]
> Jacques Le Roux added a comment - 20/avr./09 12:19 PM Another one in 
> error.log 2009-04-19 13:49:51,262 (TP-Processor17) [ 
> RequestHandler.java:399:ERROR] Request createOrderAdjustment caused an error 
> with the following message: Error calling event: 
> org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [orderId] 
> passed to secure (https) request-map with uri [createOrderAdjustment] with an 
> event that calls service [createOrderAdjustment]; this is not allowed for 
> security reasons! The data should be encrypted by making it part of the 
> request body (a form field) instead of the request URL. but this one is 
> another exception : (paramString contains orderId...) <form 
> name="addAdjustmentForm" method="post" 
> action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to