[
https://issues.apache.org/jira/browse/OFBIZ-2415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705269#action_12705269
]
Ashish Nagar commented on OFBIZ-2415:
-------------------------------------
Thanks Amit,
Here are some suggestions,
i) Value must be ${orderId?if_exists} {quote}<input type="hidden"
name="orderId" value="${orderId}"/>{quote}.
ii) No need to put * * here, {quote}<a
href='javascript:document.deleteOrderAdjustment_${orderAdjustmentId}.submit()'
class='buttontext'> ${uiLabelMap.CommonDelete} </a>{quote}.
iii) There are also some more links on this page whose parameters should be
sent encrypted.
Although, improving for i) and ii), your patch will be complete for this issue
(createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment), but
finalizing the patch for iii) as well, will be highly appreciated :-).
Thanks & Regards,
--
Ashish Nagar
> createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment
> security related error
> ---------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2415
> URL: https://issues.apache.org/jira/browse/OFBIZ-2415
> Project: OFBiz
> Issue Type: Sub-task
> Components: order
> Reporter: Amit Sharma
> Fix For: Release Branch 9.04, SVN trunk
>
> Attachments: editorderitems.patch, editorderitems.patch
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [orderAdjustmentId] passed to secure (https) request-map with uri
> [createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment].
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
