[
https://issues.apache.org/jira/browse/OFBIZ-2333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-2333:
-----------------------------------
Description:
Another one found in error.log
2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
Request createOrderAdjustment caused an error with the following message: Error
calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [orderId] passed to secure (https) request-map with uri
[createOrderAdjustment] with an event that calls service
[createOrderAdjustment]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.
but this one is another exception : (paramString contains orderId...)
<form name="addAdjustmentForm" method="post"
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
The decision on ML is to rewrite all (upstream). More work but certainly the
better solution...
was:
Another one in error.log
2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
Request createOrderAdjustment caused an error with the following message: Error
calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [orderId] passed to secure (https) request-map with uri
[createOrderAdjustment] with an event that calls service
[createOrderAdjustment]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.
but this one is another exception : (paramString contains orderId...)
<form name="addAdjustmentForm" method="post"
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
[ Afficher ยป ]
Jacques Le Roux added a comment - 20/avr./09 12:19 PM Another one in error.log
2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
Request createOrderAdjustment caused an error with the following message: Error
calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [orderId] passed to secure (https) request-map with uri
[createOrderAdjustment] with an event that calls service
[createOrderAdjustment]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL. but this one is another exception : (paramString
contains orderId...) <form name="addAdjustmentForm" method="post"
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
> createOrderAdjustment security related error
> --------------------------------------------
>
> Key: OFBIZ-2333
> URL: https://issues.apache.org/jira/browse/OFBIZ-2333
> Project: OFBiz
> Issue Type: Sub-task
> Components: order
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Fix For: Release Branch 9.04, SVN trunk
>
>
> Another one found in error.log
> 2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
> Request createOrderAdjustment caused an error with the following message:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [orderId] passed to secure (https) request-map with uri
> [createOrderAdjustment] with an event that calls service
> [createOrderAdjustment]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL.
> but this one is another exception : (paramString contains orderId...)
> <form name="addAdjustmentForm" method="post"
> action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
> The decision on ML is to rewrite all (upstream). More work but certainly the
> better solution...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
