[jira] Commented: (OFBIZ-3982) Exception in CRUD operations using minilang

[Adrian Crum (JIRA)]

    [ 
https://issues.apache.org/jira/browse/OFBIZ-3982?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918964#action_12918964
 ] 

Adrian Crum commented on OFBIZ-3982:
------------------------------------

Jacques,

I believe the reason Shereen created this issue is because the error message 
instructed him/her to do so.


> Exception in CRUD operations using minilang
> -------------------------------------------
>
>                 Key: OFBIZ-3982
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3982
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: Release 09.04
>         Environment: LINUX
>            Reporter: Shereen Ashraf
>            Assignee: Jacques Le Roux
>
> I'm trying to use the minilang to delete a record in an entity. I faced the 
> following exception
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL 
> parameter [reviewId] passed to secure (https) request-map with uri 
> [RemovePlanetReview] with an event that calls service 
> [learningRemovePlanetReview]; this is not allowed for security reasons! The 
> data should be encrypted by making it part of the request body (a form field) 
> instead of the request URL. Moreover it would be kind if you could create a 
> Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check 
> before if a sub-task for this error does not exist). If you are not sure how 
> to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r.
> Does anyone know what's this? I've done this experiment in  release10.04
> this is how I wrote the delete button in the form
> <field name="delete">
> <hyperlink target="RemovePlanetReview?reviewId=${reviewId}" 
> description="Delete"/></field>
> this is the service
>  <simple-method method-name="removePlantetReview" short-description="Delete a 
> Planet Review">
>      <entity-one entity-name="PlanetReview" value-name="lookedUpValue"/>
>      <remove-value value-name="lookedUpValue"/>
> </simple-method>
> this is the request
> <request-map uri="RemovePlanetReview">
>   <security auth="true" https="true"/>
>    <event type="service" invoke="learningRemovePlanetReview"/>
>   <response name="success" type="view" value="ListPlanetReviews"/>
>   <response name="error" type="view" value="ListPlanetReviews"/>
> </request-map>
> would anyone please tell what's going on?
> Am I going to face the same trouble in 10.04 ?
> Thanks in advance to anyone who can help 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.