You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Shereen <sh...@hotmail.com> on 2010/10/07 16:46:06 UTC

CRUD using minilang

I'm trying to use the minilang to delete a record in an entity. I faced the
following exception

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [reviewId] passed to secure (https) request-map with uri
[RemovePlanetReview] with an event that calls service
[learningRemovePlanetReview]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL. Moreover it would be kind if you could
create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
(check before if a sub-task for this error does not exist). If you are not
sure how to create a Jira issue please have a look before at
http://docs.ofbiz.org/x/r.

Does anyone know what's this? I've done this experiment in  release10.04

this is how I wrote the delete button in the form

<field name="delete">
<hyperlink target="RemovePlanetReview?reviewId=${reviewId}"
description="Delete"/></field>

this is the service
 <simple-method method-name="removePlantetReview" short-description="Delete
a Planet Review">
     <entity-one entity-name="PlanetReview" value-name="lookedUpValue"/>
     <remove-value value-name="lookedUpValue"/>
</simple-method>

this is the request

<request-map uri="RemovePlanetReview">
  <security auth="true" https="true"/>
   <event type="service" invoke="learningRemovePlanetReview"/>
  <response name="success" type="view" value="ListPlanetReviews"/>
  <response name="error" type="view" value="ListPlanetReviews"/>
</request-map>

would anyone please tell what's going on? 
Am I going to face the same trouble in 10.04 ?
Thanks in advance to anyone who can help

-- 
View this message in context: http://ofbiz.135035.n4.nabble.com/CRUD-using-minilang-tp2966908p2966908.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: CRUD using minilang

Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.

Hi Shereen,

you will resolve this issue if, instead of passing the parameter in the url (get) you will post it as part of a form.
So, instead of:

<field name="delete">
    <hyperlink target="RemovePlanetReview?reviewId=${reviewId}" description="Delete"/>
</field>

use:

<field name="delete">
    <hyperlink target="RemovePlanetReview" description="Delete">
        <parameter param-name="reviewId"/>
    </hyperlink>
</field>

I hope it helps,

Jacopo

On Oct 7, 2010, at 4:46 PM, Shereen wrote:

> 
> I'm trying to use the minilang to delete a record in an entity. I faced the
> following exception
> 
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [reviewId] passed to secure (https) request-map with uri
> [RemovePlanetReview] with an event that calls service
> [learningRemovePlanetReview]; this is not allowed for security reasons! The
> data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
> (check before if a sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://docs.ofbiz.org/x/r.
> 
> Does anyone know what's this? I've done this experiment in  release10.04
> 
> this is how I wrote the delete button in the form
> 
> <field name="delete">
> <hyperlink target="RemovePlanetReview?reviewId=${reviewId}"
> description="Delete"/></field>
> 
> this is the service
> <simple-method method-name="removePlantetReview" short-description="Delete
> a Planet Review">
>     <entity-one entity-name="PlanetReview" value-name="lookedUpValue"/>
>     <remove-value value-name="lookedUpValue"/>
> </simple-method>
> 
> this is the request
> 
> <request-map uri="RemovePlanetReview">
>  <security auth="true" https="true"/>
>   <event type="service" invoke="learningRemovePlanetReview"/>
>  <response name="success" type="view" value="ListPlanetReviews"/>
>  <response name="error" type="view" value="ListPlanetReviews"/>
> </request-map>
> 
> would anyone please tell what's going on? 
> Am I going to face the same trouble in 10.04 ?
> Thanks in advance to anyone who can help
> 
> -- 
> View this message in context: http://ofbiz.135035.n4.nabble.com/CRUD-using-minilang-tp2966908p2966908.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.