:-) ok, ok, understood... I will find out those information already available...and try to fix it... Please do not regret having done this change...it has been a great value added... ;-) -Bruno
2009/3/26 David E Jones <[email protected]>: > > Yes, thank you. I've actually answered this a half-dozen times, plus the > messages in the discussions about security and the proposed change, and then > descriptions of the actual change, and then descriptions of backing out the > strict enforcement because it was an issue in so many places, and then > discussion of the changes to help with this in the various widgets, and then > putting the strict enforcement back in, and then work with a contributor in > a Jira issue with a couple of revisions to a patch to fix links on the order > detail page in the order manger, and then more examples of the manual > changes needed in FTL files, and then answers to a few questions about it on > the mailing lists... > > If I had known it would be this much trouble... :( > > -David > > > On Mar 26, 2009, at 1:58 PM, Adrian Crum wrote: > >> In fact, David answered this question when it was brought up the last >> time. >> >> -Adrian >> >> David E Jones wrote: >>> >>> On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote: >>>> >>>> Hi, >>>> when trying to select a different theme in the backoffice I get this. >>>> >>>> The Following Errors Occurred: >>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: >>>> Found URL parameter [userPrefTypeId] passed to secure (https) >>>> request-map with uri [setUserPreference] with an event that calls >>>> service [setUserPreference]; this is not allowed for security reasons! >>>> The data should be encrypted by making it part of the request body >>>> instead of the request URL. >>>> >>>> I know it is related to the recent secure url parameters passing >>>> change but I do not know the new system enough to fix it. >>> >>> The fix is easy, as has been discussed a bit, just change the link into a >>> hidden form that is submitted with a link. >>> For some examples of this done in FTL files checkout my recent commits in >>> the orderpaymentinfo.ftl file, like SVN rev 758512. >>> -David > >
