Montalbano Florian created OFBIZ-7162:
-----------------------------------------
Summary: Delete Child Period in EditCustomTimePeriod not secure
Key: OFBIZ-7162
URL: https://issues.apache.org/jira/browse/OFBIZ-7162
Project: OFBiz
Issue Type: Sub-task
Components: accounting
Affects Versions: Trunk
Reporter: Montalbano Florian
Priority: Minor
When deleting a Child Periods here :
https://localhost:8443/accounting/control/EditCustomTimePeriod . The following
error shows up :
"The Following Errors Occurred:
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [customTimePeriodId] passed to secure (https) request-map with uri
[deleteCustomTimePeriod] with an event that calls service
[deleteCustomTimePeriod]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL. Moreover it would be kind if you could create a
Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before
if a sub-task for this error does not exist). If you are not sure how to create
a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help."
I checked the sub task of OFBIZ-2330 and didn't see this one yet.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
