Hi BJ,
Did you create a sub-task of OFBIZ-2330 ?
Thanks
Jacques
From: "Jacques Le Roux" <[email protected]>
I just had a look at this error. The error msg states it clearly
Found URL parameter [productStoreId] passed to secure (https) request-map with uri [promo_deleteProductStorePromoAppl] with an
event that calls service [deleteProductStorePromoAppl]; this is not allowed for security reasons! The data should be encrypted by
making it part of the request body (a form field) instead of the request URL.
Moreover it would be kind if you could create a Jira sub-task of
https://issues.apache.org/jira/browse/OFBIZ-2330
(check before if a sub-task for this error does not exist).
If you are not sure how to create a Jira issue please have a look before at
http://docs.ofbiz.org/x/r.
Thank you in advance for your help.
Is a sub-task of OFBIZ-2330 created ?
Thanks
Jacques
PS : BTW we have an issue with the new theme : the error msg dissapear too quickly you can't read it. In a general I don't like
much how error messages are rendered in BizznesTime theme. I have added that at
https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970
From: "Pranay Pandey" <[email protected]>
If this is release 9.04 and its a bug then we should not forget this.
Thanks
--
Pranay Pandey
On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote:
forgot this is release 9.04
BJ Freeman sent the following on 4/28/2009 11:20 AM:
I know this has been discussed on the dev list. I would love to provide
patches. I am guessing this has to be changed to a post, if I understand
right.
it seems most of the delete button in catalog section come up with
similar messages.
https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
URL parameter [productStoreId] passed to secure (https) request-map with
uri [promo_deleteProductStorePromoAppl] with an event that calls service
[deleteProductStorePromoAppl]; this is not allowed for security reasons!
The data should be encrypted by making it part of the request body (a
form field) instead of the request URL.
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.
