[
https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12758229#action_12758229
]
Simon Hutchinson commented on OFBIZ-2929:
-----------------------------------------
I can still reproduce with trunk at r817603
Firebug NET panel shows that a GET is being made upon "Submit Order" to
quickAnonEnterCreditCard - hence the security violation.
A very quick look at quickAnonPaymentInformation.ftl shows a good starting
point.
<form id="setPaymentInformation" type="POST"
action="<@ofbizUrl>quickAnonAddGiftCardToCart</@ofbizUrl>"
name="setPaymentInformation">
type="POST"
Changed to
method="POST"
Submits the form without error, however the checkout still doesn't complete
..... will continue investigating time allowing
> Trying to do a quick check out in Ecommerce application and facing error when
> clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [cardType] passed to secure (https) request-map with uri
> [quickAnonEnterCreditCard] with an event that calls service
> [createCreditCard]; this is not allowed for security reasons! The data should
> be encrypted by making it part of the request body (a form field) instead of
> the request URL. Moreover it would be kind if you could create a Jira
> sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if
> a sub-task for this error does not exist). If you are not sure how to create
> a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank
> you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill
> credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
