From trunk demo, I get only
{"targetRequestUri":"/getConfigDetailsEvent","_CONTEXT_ROOT_":"/home/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/","_FORWARDED_FROM_SERVLET_":true,"_SERVER_ROOT_URL_":"http://demo-trunk.ofbiz.apache.org","_CONTROL_PATH_":"/ecommerce/control","thisRequestUri":"json","_ERROR_MESSAGE_":"configWrapper
is null"}
Could you reproduce there?
Jacques
From: "Boris Hamanov" <[email protected]>
This one is in ecommerce controller.xml
<request-map uri="getConfigDetailsEvent">
<security https="false" auth="false"/>
<event type="jsonjava" path="org.ofbiz.order.shoppingcart.ShoppingCartEvents"
invoke="getConfigDetailsEvent"/>
<response name="success" type="none"/>
<response name="error" type="none"/>
</request-map>
I believe it is very severe security thread as it does not require
authentication and returns the session amongst many other things:
{"targetRequestUri":"/ViewSimpleContent","javax.servlet.request.key_size":128,"_CONTEXT_ROOT_":"C:\\apache-ofbiz-09.04.01\\hot-deploy\\ofbec\\webapp\\husastore\\","javax.servlet.request.ssl_session":"4f7b4cdfbe32ebf5a5017336a8cab96cdd23161038c8b0c132fab3cb67d01d92","_SERVER_ROOT_URL_":"https://localhost:8443","_CONTROL_PATH_":"/husastore/control","javax.servlet.request.cipher_suite":"TLS_DHE_RSA_WITH_AES_128_CBC_SHA","thisRequestUri":"getConfigDetailsEvent","_ERROR_MESSAGE_":"configWrapper
is null"}
