;javax.servlet.request.cipher_suite":"DHE-RSA-AES256-SHA","thisRequestUri":"getConfigDetailsEvent","_ERROR_MESSAGE_":"configWrapper
>> is null"}
>>
>> 4. Use your imagination :)
>>
>> -Original Message- Fro
uot;:"configWrapper
is null"}
4. Use your imagination :)
-Original Message-
From: Jacques Le Roux
Date: 04 април 2012 г. 20:43 ч.
To: user@ofbiz.apache.org
Subject: Re: Dangerous security hole?
From trunk demo, I get only
{"targetRequestUri":"/getConfigDeta
lt;https://demo-old.ofbiz.apache.org>**
> ","_CONTROL_PATH_":"/**ecommerce/control","javax.**
> servlet.request.cipher_suite":**"DHE-RSA-AES256-SHA","**thisRequestUri":"*
> *getConfigDetailsEvent","_**ERROR_MESSAGE_":&
t;_CONTROL_PATH_":"/ecommerce/control","javax.servlet.request.cipher_suite":"DHE-RSA-AES256-SHA","thisRequestUri":"getConfigDetailsEvent","_ERROR_MESSAGE_":"configWrapper
is null"}
4. Use your imagination :)
-O
From trunk demo, I get only
{"targetRequestUri":"/getConfigDetailsEvent","_CONTEXT_ROOT_":"/home/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/","_FORWARDED_FROM_SERVLET_":true,"_SERVER_ROOT_URL_":"http://demo-trunk.ofbiz.apache.org","_CONTROL_PATH_":"/ecommerce/control","thisRequestUri":"
hmmm. no result on my public shop setups (but I tend to clean up
control.xml for unused stuff).
Can you reproduce on the demo sites ? Your tests seems to be on localhost.
Regards
Carsten
2012/4/4 Mike :
> Wouldn't you need to know the session id? If you call it, it would only
> return the data
Wouldn't you need to know the session id? If you call it, it would only
return the data of your own session. Maybe someone else with more
experience can comment.
On Tue, Apr 3, 2012 at 12:44 PM, Boris Hamanov wrote:
> This one is in ecommerce controller.xml
>
>
>
> path="org.ofbiz.order.sho