Re: [VOTE] Apache OFBiz 18.12.02

Wed, 03 Nov 2021 08:40:27 -0700 

Le 03/11/2021 à 16:05, Jacques Le Roux a écrit :

Not sure it's related (I'll try now w/o patch)


The same problem exists running R18 (similar to 18.12.2)

Note that, despite not having applied the patch, R18 works using "gradlew cleanAll 
loadAll ofbiz"

The error in log starts with. I'll have a look (since it's OK in trunk)


2021-11-03 16:26:24,132 |jsse-nio-8443-exec-4 |ControlServlet                |T| [[[ViewBlogRss(Domain:https://localhost)] Request Begun, 
encoding=[UTF-8]- total:0.0,since last(Begin):0.0]]
2021-11-03 16:26:24,134 |jsse-nio-8443-exec-4 |ServiceEventHandler           |E| =============== Found URL parameter [blogContentId] passed to secure 
(https) request-map with uri [ViewBlogRss] with an event that calls service [generateBl
ogRssFeed]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the 
request URL. Moreover it would be kind if you could create a Jira sub-task of https://
issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue 
please have a look before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Cont
ributors+Best+Practices Thank you in advance for your help.; In session [ hidden sessionId by default.]; Note that this can be changed using the 
service.http.parameters.require.encrypted property in the url.properties file
2021-11-03 16:26:24,199 |jsse-nio-8443-exec-4 |UtilProperties                |I| ResourceBundle WebappUiLabels (en_US) created in 0.064s with 27 
properties
2021-11-03 16:26:24,199 |jsse-nio-8443-exec-4 |RequestHandler                |E| Request ViewBlogRss caused an error with the following message: Error 
calling event: org.apache.ofbiz.webapp.event.EventHandlerException: Found URL paramete
r [blogContentId] passed to secure (https) request-map with uri [ViewBlogRss] with an event that calls service [generateBlogRssFeed]; this is not 
allowed for security reasons! The data should be encrypted by making it part of the request
 body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of 
https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not
 sure how to create a Jira issue please have a look before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Contributors+Best+Practices 
Thank you in advance for your help.

2021-11-03 16:26:24,199 |jsse-nio-8443-exec-4 |RequestHandler                
|I| Rendering View [error].  Hidden sessionId by default.























					Reply via email to