[
https://issues.apache.org/jira/browse/OFBIZ-7162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317004#comment-15317004
]
Jacques Le Roux commented on OFBIZ-7162:
----------------------------------------
For the sake of completeness here an answer I made to Deepak after his message
on dev ML http://markmail.org/message/vq53356tr4hmeale
Here it is for convenience
{quote}
Hi Arjun,
Its incorrect markup, form tag is not valid child for table, you can't put
form between td tag, You need to put this inside td.
Thanks & Regards
--
Deepak Dixit
{quote}
{quote}
This is right Deepak,
Moreover this is what says the "HTML Validator" plugin in Firefox
(http://users.skynet.be/mgueury/mozilla/) on demo trunk (HEAD)
Result: 61 erreurs / 0 avertissements
Info: W3c Online Validation
line 286 column 49 - Erreur: The “cellspacing” attribute on the “table” element
is obsolete. Use CSS instead.
line 299 column 133 - Erreur: Start tag “form” seen in “table”.
line 299 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 300 column 76 - Erreur: Start tag “input” seen in “table”.
line 300 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 394 column 19 - Erreur: Stray end tag “form”.
line 394 column 19 - Erreur: Stray end tag “form”.
line 407 column 133 - Erreur: Start tag “form” seen in “table”.
line 407 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 408 column 76 - Erreur: Start tag “input” seen in “table”.
line 408 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 502 column 19 - Erreur: Stray end tag “form”.
line 502 column 19 - Erreur: Stray end tag “form”.
line 515 column 133 - Erreur: Start tag “form” seen in “table”.
line 515 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 516 column 76 - Erreur: Start tag “input” seen in “table”.
line 516 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 610 column 19 - Erreur: Stray end tag “form”.
line 610 column 19 - Erreur: Stray end tag “form”.
line 623 column 133 - Erreur: Start tag “form” seen in “table”.
line 623 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 624 column 76 - Erreur: Start tag “input” seen in “table”.
line 624 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 718 column 19 - Erreur: Stray end tag “form”.
line 718 column 19 - Erreur: Stray end tag “form”.
line 731 column 133 - Erreur: Start tag “form” seen in “table”.
line 731 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 732 column 76 - Erreur: Start tag “input” seen in “table”.
line 732 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 826 column 19 - Erreur: Stray end tag “form”.
line 826 column 19 - Erreur: Stray end tag “form”.
line 839 column 133 - Erreur: Start tag “form” seen in “table”.
line 839 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 840 column 76 - Erreur: Start tag “input” seen in “table”.
line 840 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 934 column 19 - Erreur: Stray end tag “form”.
line 934 column 19 - Erreur: Stray end tag “form”.
line 947 column 133 - Erreur: Start tag “form” seen in “table”.
line 947 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 948 column 76 - Erreur: Start tag “input” seen in “table”.
line 948 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1042 column 19 - Erreur: Stray end tag “form”.
line 1042 column 19 - Erreur: Stray end tag “form”.
line 1055 column 133 - Erreur: Start tag “form” seen in “table”.
line 1055 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1056 column 76 - Erreur: Start tag “input” seen in “table”.
line 1056 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1150 column 19 - Erreur: Stray end tag “form”.
line 1150 column 19 - Erreur: Stray end tag “form”.
line 1163 column 133 - Erreur: Start tag “form” seen in “table”.
line 1163 column 133 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1164 column 76 - Erreur: Start tag “input” seen in “table”.
line 1164 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1258 column 19 - Erreur: Stray end tag “form”.
line 1258 column 19 - Erreur: Stray end tag “form”.
line 1271 column 134 - Erreur: Start tag “form” seen in “table”.
line 1271 column 134 - Erreur: Element “form” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1272 column 76 - Erreur: Start tag “input” seen in “table”.
line 1272 column 76 - Erreur: Element “input” not allowed as child of element
“tr” in this context. (Suppressing further errors from this subtree.)
line 1366 column 19 - Erreur: Stray end tag “form”.
line 1366 column 19 - Erreur: Stray end tag “form”.
So 2 same are not from Arjun's patch. So I guess he simply followed the "trend"
in this page. I guess we have still a lot like that in all OFBiz. Some
maybe introduced with subtasks of OFBIZ-2330...
I'd not call them bugs since so far browsers are accepting and rendering them.
But I agree it would be good to get rid of (all of) them. This would be
another Jira ;)
Jacques
{quote}
> Delete Child Period in EditCustomTimePeriod not secure
> ------------------------------------------------------
>
> Key: OFBIZ-7162
> URL: https://issues.apache.org/jira/browse/OFBIZ-7162
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk,
> Release Branch 15.12
> Reporter: Montalbano Florian
> Assignee: Pranay Pandey
> Priority: Minor
> Fix For: 14.12.01, 15.12.01, 13.07.04
>
> Attachments: OFBIZ-7162-13_07.patch, OFBIZ-7162-14_12.patch,
> OFBIZ-7162-15_12.patch, OFBIZ-7162.patch
>
>
> When deleting a Child Periods here :
> https://localhost:8443/accounting/control/EditCustomTimePeriod . The
> following error shows up :
> "The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [customTimePeriodId] passed to secure (https) request-map with uri
> [deleteCustomTimePeriod] with an event that calls service
> [deleteCustomTimePeriod]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL. Moreover it would be kind if you could create a
> Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check
> before if a sub-task for this error does not exist). If you are not sure how
> to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help."
> I checked the sub task of OFBIZ-2330 and didn't see this one yet.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
