[
https://issues.apache.org/jira/browse/OFBIZ-2333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux closed OFBIZ-2333.
----------------------------------
Resolution: Duplicate
This issue is now contained in OFBIZ-2415
> createOrderAdjustment security related error
> --------------------------------------------
>
> Key: OFBIZ-2333
> URL: https://issues.apache.org/jira/browse/OFBIZ-2333
> Project: OFBiz
> Issue Type: Sub-task
> Components: order
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Fix For: Release Branch 9.04, SVN trunk
>
>
> Another one found in error.log
> 2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
> Request createOrderAdjustment caused an error with the following message:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [orderId] passed to secure (https) request-map with uri
> [createOrderAdjustment] with an event that calls service
> [createOrderAdjustment]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL.
> but this one is another exception : (paramString contains orderId...)
> <form name="addAdjustmentForm" method="post"
> action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
> The decision on ML is to rewrite all (upstream). More work but certainly the
> better solution...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
