[ https://issues.apache.org/jira/browse/OFBIZ-7162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pranay Pandey resolved OFBIZ-7162. ---------------------------------- Resolution: Fixed Fix Version/s: 13.07.04 15.12.01 14.12.01 Thanks [~Florian M] for reporting the issue and thanks [~Arjun_Kaushal] for providing the patch. Issue fixed in- Trunk at r1746820, R15.12 at r1746821, R14.12 at r1746823, R13.07 at r1746824. > Delete Child Period in EditCustomTimePeriod not secure > ------------------------------------------------------ > > Key: OFBIZ-7162 > URL: https://issues.apache.org/jira/browse/OFBIZ-7162 > Project: OFBiz > Issue Type: Sub-task > Components: accounting > Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, > Release Branch 15.12 > Reporter: Montalbano Florian > Assignee: Pranay Pandey > Priority: Minor > Fix For: 14.12.01, 15.12.01, 13.07.04 > > Attachments: OFBIZ-7162-13_07.patch, OFBIZ-7162-14_12.patch, > OFBIZ-7162-15_12.patch, OFBIZ-7162.patch > > > When deleting a Child Periods here : > https://localhost:8443/accounting/control/EditCustomTimePeriod . The > following error shows up : > "The Following Errors Occurred: > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [customTimePeriodId] passed to secure (https) request-map with uri > [deleteCustomTimePeriod] with an event that calls service > [deleteCustomTimePeriod]; this is not allowed for security reasons! The data > should be encrypted by making it part of the request body (a form field) > instead of the request URL. Moreover it would be kind if you could create a > Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check > before if a sub-task for this error does not exist). If you are not sure how > to create a Jira issue please have a look before at > http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help." > I checked the sub task of OFBIZ-2330 and didn't see this one yet. -- This message was sent by Atlassian JIRA (v6.3.4#6332)