[jira] [Commented] (OFBIZ-4558) Verify subscription email requires form submit

Thu, 17 Nov 2011 16:16:16 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13152489#comment-13152489
 ] 

Kiran Gawde commented on OFBIZ-4558:
------------------------------------

OK. I tried changing it to url but it gives following error. Does anyone have 
better idea?

Request updateContactListPartyNoUserLogin caused an error with the following 
message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: 
Found URL parameter [contactListId] passed to secure (https) request-map with 
uri [updateContactListPartyNoUserLogin] with an event that calls service 
[updateContactListPartyNoUserLogin]; this is not allowed for security reasons! 
The data should be encrypted by making it part of the request body (a form 
field) instead of the request URL. Moreover it would be kind if you could 
create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 
(check before if a sub-task for this error does not exist). If you are not sure 
how to create a Jira issue please have a look before at 
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.
                
> Verify subscription email requires form submit
> ----------------------------------------------
>
>                 Key: OFBIZ-4558
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4558
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/ecommerce
>    Affects Versions: Release Branch 11.04, SVN trunk
>            Reporter: Kiran Gawde
>
> ContactListVerifyEmail.ftl used for sending verify subscription email, uses 
> form submit for the confirmation. Instead it should be hyperlink. Form submit 
> from email may not be supported by some email clients. If email clients 
> support it, it would be prompt a warning message. And user may cancel the 
> confirmation.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to