[
https://issues.apache.org/jira/browse/OFBIZ-7162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pranay Pandey reassigned OFBIZ-7162:
------------------------------------
Assignee: Pranay Pandey
> Delete Child Period in EditCustomTimePeriod not secure
> ------------------------------------------------------
>
> Key: OFBIZ-7162
> URL: https://issues.apache.org/jira/browse/OFBIZ-7162
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Trunk
> Reporter: Montalbano Florian
> Assignee: Pranay Pandey
> Priority: Minor
>
> When deleting a Child Periods here :
> https://localhost:8443/accounting/control/EditCustomTimePeriod . The
> following error shows up :
> "The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [customTimePeriodId] passed to secure (https) request-map with uri
> [deleteCustomTimePeriod] with an event that calls service
> [deleteCustomTimePeriod]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL. Moreover it would be kind if you could create a
> Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check
> before if a sub-task for this error does not exist). If you are not sure how
> to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help."
> I checked the sub task of OFBIZ-2330 and didn't see this one yet.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
