[
https://issues.apache.org/jira/browse/OFBIZ-2260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12700897#action_12700897
]
Jacques Le Roux commented on OFBIZ-2260:
----------------------------------------
Another one in error.log
2009-04-19 13:49:51,262 (TP-Processor17) [ RequestHandler.java:399:ERROR]
Request createOrderAdjustment caused an error with the following message: Error
calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [orderId] passed to secure (https) request-map with uri
[createOrderAdjustment] with an event that calls service
[createOrderAdjustment]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.
but this one is another exception : (paramString contains orderId...)
<form name="addAdjustmentForm" method="post"
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
> Secure URLs in Freemarker templates files
> -----------------------------------------
>
> Key: OFBIZ-2260
> URL: https://issues.apache.org/jira/browse/OFBIZ-2260
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: Release Branch 4.0, Release Branch 9.04
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Fix For: Release Branch 4.0, Release Branch 9.04
>
> Attachments: EditCustomTimePeriod.ftl.patch,
> EditProductFeatures.ftl.patch, listPortalPortlets.patch, OFBIZ-2256.patch,
> OFBIZ-2260.patch, OFBIZ-2260.patch, orderitems.patch, UpdateLabelsFiles.patch
>
>
> Follow OFBIZ-2256 but for FTL files only
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
