You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Pranay Pandey (JIRA)" <ji...@apache.org> on 2016/06/04 13:30:59 UTC

[jira] [Resolved] (OFBIZ-7162) Delete Child Period in EditCustomTimePeriod not secure

     [ https://issues.apache.org/jira/browse/OFBIZ-7162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pranay Pandey resolved OFBIZ-7162.
----------------------------------
       Resolution: Fixed
    Fix Version/s: 13.07.04
                   15.12.01
                   14.12.01

Thanks [~Florian M] for reporting the issue and thanks [~Arjun_Kaushal] for providing the patch.

Issue fixed in-
Trunk at r1746820, 
R15.12 at r1746821,
R14.12 at r1746823,
R13.07 at r1746824.

> Delete Child Period in EditCustomTimePeriod not secure
> ------------------------------------------------------
>
>                 Key: OFBIZ-7162
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7162
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: accounting
>    Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, Release Branch 15.12
>            Reporter: Montalbano Florian
>            Assignee: Pranay Pandey
>            Priority: Minor
>             Fix For: 14.12.01, 15.12.01, 13.07.04
>
>         Attachments: OFBIZ-7162-13_07.patch, OFBIZ-7162-14_12.patch, OFBIZ-7162-15_12.patch, OFBIZ-7162.patch
>
>
> When deleting a Child Periods here : https://localhost:8443/accounting/control/EditCustomTimePeriod . The following error shows up :
> "The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [customTimePeriodId] passed to secure (https) request-map with uri [deleteCustomTimePeriod] with an event that calls service [deleteCustomTimePeriod]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help."
> I checked the sub task of OFBIZ-2330 and didn't see this one yet.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)