[
https://issues.apache.org/jira/browse/OFBIZ-12363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17442790#comment-17442790
]
ASF subversion and git services commented on OFBIZ-12363:
---------------------------------------------------------
Commit d6af7a19077e192bff94ac844650f9e54a1006e5 in ofbiz-framework's branch
refs/heads/release18.12 from Wiebke Pätzold
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d6af7a1 ]
Fixed: Error while executing generateBlogRssFeed (OFBIZ-12363)
removes ServiceEventHandler.checkSecureParameter related to OFBIZ-11260
Thanks: Jacques Le Roux for report
> Error while executing generateBlogRssFeed
> -----------------------------------------
>
> Key: OFBIZ-12363
> URL: https://issues.apache.org/jira/browse/OFBIZ-12363
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: 18.12.01
> Reporter: Wiebke Pätzold
> Assignee: Wiebke Pätzold
> Priority: Major
>
> As [~jleroux] mentioned on the dev-Mailinglist there is an error while
> executing the generateBlogRssFeed.
> To reproduce go to:
> https://demo-trunk.ofbiz.apache.org/ecomseo/ViewBlogRss?entryLinkReq=ViewBlogArticle&mainLinkReq=MainBlog&blogContentId=BLOGROOTBIGAL
> on the Release18.12 Branch
>
> Logged Error:
> Found URL parameter [blogContentId] passed to secure (https) request-map with
> uri [ViewBlogRss] with an event that calls service [generateBl
> ogRssFeed]; this is not allowed for security reasons! The data should be
> encrypted by making it part of the request body (a form field) instead of the
> request URL.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
