[ https://issues.apache.org/jira/browse/OFBIZ-2333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-2333. ---------------------------------- Resolution: Duplicate This issue is now contained in OFBIZ-2415 > createOrderAdjustment security related error > -------------------------------------------- > > Key: OFBIZ-2333 > URL: https://issues.apache.org/jira/browse/OFBIZ-2333 > Project: OFBiz > Issue Type: Sub-task > Components: order > Affects Versions: Release Branch 9.04, SVN trunk > Reporter: Jacques Le Roux > Fix For: Release Branch 9.04, SVN trunk > > > Another one found in error.log > 2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR] > Request createOrderAdjustment caused an error with the following message: > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [orderId] passed to secure (https) request-map with uri > [createOrderAdjustment] with an event that calls service > [createOrderAdjustment]; this is not allowed for security reasons! The data > should be encrypted by making it part of the request body (a form field) > instead of the request URL. > but this one is another exception : (paramString contains orderId...) > <form name="addAdjustmentForm" method="post" > action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>"> > The decision on ML is to rewrite all (upstream). More work but certainly the > better solution... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.