[ https://issues.apache.org/jira/browse/OFBIZ-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15322609#comment-15322609 ]
Mohammed Rehan Khan edited comment on OFBIZ-7270 at 6/10/16 6:29 AM: --------------------------------------------------------------------- Thanks [~deepak.dixit] for reviewing the patch. I will check and update it accordingly. One question: If I use input type submit instead of anchor tag then "Create New" is getting displayed as button. I also tried to find out CSS property to make button to link. But I didn't find it. I took the reference from this issue [OFBIZ-3001] which has been committed at -r r907342. Please let me know if there is any better fix available for this. -- Thanks was (Author: rehan.khan): Thanks [~deepak.dixit] for reviewing the patch. I will check and update it accordingly. One question: If I use input type submit instead of anchor tag then "Create New" is getting displayed as button. I also tried to find out CSS property to make button to link. But I didn't find it. Also Jacques has been fixed similar type of issue at -r r907342. Here is the link for the issue [OFBIZ-3001]. -- Thanks > Create New Shopping List - Security Error > ------------------------------------------ > > Key: OFBIZ-7270 > URL: https://issues.apache.org/jira/browse/OFBIZ-7270 > Project: OFBiz > Issue Type: Sub-task > Components: specialpurpose/ecommerce > Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, > Release Branch 15.12 > Reporter: Mohammed Rehan Khan > Assignee: Pranay Pandey > Attachments: OFBIZ-7270.patch > > > Steps to reproduce: > 1) Go to eCommerce > 2) Click on shopping list tab > 3) Click on create new link > Getting following security error: > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [productStoreId] passed to secure (https) request-map with uri > [createEmptyShoppingList] with an event that calls service > [createShoppingList]; this is not allowed for security reasons! The data > should be encrypted by making it part of the request body (a form field) > instead of the request URL. -- This message was sent by Atlassian JIRA (v6.3.4#6332)