[jira] [Comment Edited] (OFBIZ-7270) Create New Shopping List - Security Error

Thu, 09 Jun 2016 23:31:06 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15322609#comment-15322609
 ] 

Mohammed Rehan Khan edited comment on OFBIZ-7270 at 6/10/16 6:29 AM:
---------------------------------------------------------------------

Thanks [~deepak.dixit] for reviewing the patch. I will check and update it 
accordingly.

One question: If I use input type submit instead of anchor tag then "Create  
New" is getting displayed as button. I also tried to find out CSS property to 
make button to link. But I didn't find it.
I took the reference from this issue [OFBIZ-3001] which has been committed at 
-r r907342.
Please let me know if there is any better fix available for this. 

--
Thanks     


was (Author: rehan.khan):
Thanks [~deepak.dixit] for reviewing the patch. I will check and update it 
accordingly.

One question: If I use input type submit instead of anchor tag then "Create  
New" is getting displayed as button. I also tried to find out CSS property to 
make button to link. But I didn't find it.
Also Jacques has been fixed similar type of issue at -r r907342. Here is the 
link for the issue [OFBIZ-3001].

--
Thanks     

> Create New Shopping List - Security Error 
> ------------------------------------------
>
>                 Key: OFBIZ-7270
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7270
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: specialpurpose/ecommerce
>    Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, 
> Release Branch 15.12
>            Reporter: Mohammed Rehan Khan
>            Assignee: Pranay Pandey
>         Attachments: OFBIZ-7270.patch
>
>
> Steps to reproduce:
> 1) Go to eCommerce
> 2) Click on shopping list tab
> 3) Click on create new link   
> Getting following security error:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL 
> parameter [productStoreId] passed to secure (https) request-map with uri 
> [createEmptyShoppingList] with an event that calls service 
> [createShoppingList]; this is not allowed for security reasons! The data 
> should be encrypted by making it part of the request body (a form field) 
> instead of the request URL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to