[
https://issues.apache.org/jira/browse/OFBIZ-12363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17438753#comment-17438753
]
Jacques Le Roux edited comment on OFBIZ-12363 at 11/10/21, 4:40 PM:
--------------------------------------------------------------------
This Problem does not occure on trunk because two years ago there was a change
in ServiceEventHandler#checkSecureParameter.
See: OFBIZ-11260
I will provide a PR with this solution for the Release18.12 Branch
was (Author: wpaetzold):
This Problem does not occure on trunk because two years ago there was a change
in ServiceEventHandler#checkSecureParameter.
See:
https://issues.apache.org/jira/browse/OFBIZ-11260
I will provide a PR with this solution for the Release18.12 Branch
> Error while executing generateBlogRssFeed
> -----------------------------------------
>
> Key: OFBIZ-12363
> URL: https://issues.apache.org/jira/browse/OFBIZ-12363
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: 18.12.01
> Reporter: Wiebke Pätzold
> Assignee: Wiebke Pätzold
> Priority: Major
>
> As [~jleroux] mentioned on the dev-Mailinglist there is an error while
> executing the generateBlogRssFeed.
> To reproduce go to:
> https://demo-trunk.ofbiz.apache.org/ecomseo/ViewBlogRss?entryLinkReq=ViewBlogArticle&mainLinkReq=MainBlog&blogContentId=BLOGROOTBIGAL
> on the Release18.12 Branch
>
> Logged Error:
> Found URL parameter [blogContentId] passed to secure (https) request-map with
> uri [ViewBlogRss] with an event that calls service [generateBl
> ogRssFeed]; this is not allowed for security reasons! The data should be
> encrypted by making it part of the request body (a form field) instead of the
> request URL.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
