[
https://issues.apache.org/jira/browse/OFBIZ-2415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705243#action_12705243
]
Ashish Nagar commented on OFBIZ-2415:
-------------------------------------
Hello Amit,
This is not correct way to solve this issue. I guess you have forgotten
*paramString*. You will have to include values of the variables present in the
*paramString*, i.e. workEffortId, partyId, roleTypeId and fromDate in the form.
{quote}
<form name="addAdjustmentForm" method="post"
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
{quote}
The following line is deleted unnecessary {quote}<input type="hidden"
name="comments" value="Added manually by [${userLogin.userLoginId}]"/>{quote}
Also, I cannot think reason for removing exiting submit button with anchor e.g.
{quote}<input class="smallSubmit" type="submit"
value="${uiLabelMap.CommonAdd}"/>{quote} with {quote}<a
href='javascript:document.addAdjustmentForm.submit()'
class='buttontext'> ${uiLabelMap.CommonAdd} </a>{quote}
This patch needs improvement. For more reference you can refer to OFBIZ-2260.
Please do the needful.
Thanks,
--
Ashish Nagar
> createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment
> security related error
> ---------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2415
> URL: https://issues.apache.org/jira/browse/OFBIZ-2415
> Project: OFBiz
> Issue Type: Sub-task
> Components: order
> Reporter: Amit Sharma
> Fix For: Release Branch 9.04, SVN trunk
>
> Attachments: editorderitems.patch
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [orderAdjustmentId] passed to secure (https) request-map with uri
> [createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment].
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
