You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2009/05/07 18:21:10 UTC
Re: Security error in Catalog. Trying to delete
I just had a look at this error. The error msg states it clearly
Found URL parameter [productStoreId] passed to secure (https) request-map with uri [promo_deleteProductStorePromoAppl] with an event
that calls service [deleteProductStorePromoAppl]; this is not allowed for security reasons! The data should be encrypted by making
it part of the request body (a form field) instead of the request URL.
Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
(check before if a sub-task for this error does not exist).
If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r.
Thank you in advance for your help.
Is a sub-task of OFBIZ-2330 created ?
Thanks
Jacques
PS : BTW we have an issue with the new theme : the error msg dissapear too quickly you can't read it. In a general I don't like much
how error messages are rendered in BizznesTime theme. I have added that at
https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970
From: "Pranay Pandey" <pr...@hotwaxmedia.com>
> If this is release 9.04 and its a bug then we should not forget this.
>
> Thanks
> --
> Pranay Pandey
>
>
>
>
> On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote:
>
>> forgot this is release 9.04
>>
>> BJ Freeman sent the following on 4/28/2009 11:20 AM:
>>> I know this has been discussed on the dev list. I would love to provide
>>> patches. I am guessing this has to be changed to a post, if I understand
>>> right.
>>>
>>> it seems most of the delete button in catalog section come up with
>>> similar messages.
>>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0
>>>
>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
>>> URL parameter [productStoreId] passed to secure (https) request-map with
>>> uri [promo_deleteProductStorePromoAppl] with an event that calls service
>>> [deleteProductStorePromoAppl]; this is not allowed for security reasons!
>>> The data should be encrypted by making it part of the request body (a
>>> form field) instead of the request URL.
>>
>> --
>> BJ Freeman
>> http://www.businessesnetwork.com/automation
>> http://bjfreeman.elance.com
>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
>> Systems Integrator.
>>
>
>
Re: Security error in Catalog. Trying to delete
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi BJ,
Did you create a sub-task of OFBIZ-2330 ?
Thanks
Jacques
From: "Jacques Le Roux" <ja...@les7arts.com>
>I just had a look at this error. The error msg states it clearly
>
> Found URL parameter [productStoreId] passed to secure (https) request-map with uri [promo_deleteProductStorePromoAppl] with an
> event that calls service [deleteProductStorePromoAppl]; this is not allowed for security reasons! The data should be encrypted by
> making it part of the request body (a form field) instead of the request URL.
>
> Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
> (check before if a sub-task for this error does not exist).
> If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r.
>
> Thank you in advance for your help.
>
> Is a sub-task of OFBIZ-2330 created ?
>
> Thanks
>
> Jacques
> PS : BTW we have an issue with the new theme : the error msg dissapear too quickly you can't read it. In a general I don't like
> much how error messages are rendered in BizznesTime theme. I have added that at
> https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970
>
> From: "Pranay Pandey" <pr...@hotwaxmedia.com>
>> If this is release 9.04 and its a bug then we should not forget this.
>>
>> Thanks
>> --
>> Pranay Pandey
>>
>>
>>
>>
>> On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote:
>>
>>> forgot this is release 9.04
>>>
>>> BJ Freeman sent the following on 4/28/2009 11:20 AM:
>>>> I know this has been discussed on the dev list. I would love to provide
>>>> patches. I am guessing this has to be changed to a post, if I understand
>>>> right.
>>>>
>>>> it seems most of the delete button in catalog section come up with
>>>> similar messages.
>>>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0
>>>>
>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
>>>> URL parameter [productStoreId] passed to secure (https) request-map with
>>>> uri [promo_deleteProductStorePromoAppl] with an event that calls service
>>>> [deleteProductStorePromoAppl]; this is not allowed for security reasons!
>>>> The data should be encrypted by making it part of the request body (a
>>>> form field) instead of the request URL.
>>>
>>> --
>>> BJ Freeman
>>> http://www.businessesnetwork.com/automation
>>> http://bjfreeman.elance.com
>>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
>>> Systems Integrator.
>>>
>>
>>
>
>
Re: Security error in Catalog. Trying to delete
Posted by BJ Freeman <bj...@free-man.net>.
Just Did thanks.
I was looking where to hook this in
Jacques Le Roux sent the following on 5/9/2009 1:36 PM:
> Hi BJ,
>
> Did you create a sub-task of OFBIZ-2330 ?
>
> Thanks
>
> Jacques
>
> From: "Jacques Le Roux" <ja...@les7arts.com>
>> I just had a look at this error. The error msg states it clearly
>>
>> Found URL parameter [productStoreId] passed to secure (https)
>> request-map with uri [promo_deleteProductStorePromoAppl] with an event
>> that calls service [deleteProductStorePromoAppl]; this is not allowed
>> for security reasons! The data should be encrypted by making it part
>> of the request body (a form field) instead of the request URL.
>>
>> Moreover it would be kind if you could create a Jira sub-task of
>> https://issues.apache.org/jira/browse/OFBIZ-2330
>> (check before if a sub-task for this error does not exist).
>> If you are not sure how to create a Jira issue please have a look
>> before at http://docs.ofbiz.org/x/r.
>>
>> Thank you in advance for your help.
>>
>> Is a sub-task of OFBIZ-2330 created ?
>>
>> Thanks
>>
>> Jacques
>> PS : BTW we have an issue with the new theme : the error msg dissapear
>> too quickly you can't read it. In a general I don't like much how
>> error messages are rendered in BizznesTime theme. I have added that at
>> https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970
>>
>>
>> From: "Pranay Pandey" <pr...@hotwaxmedia.com>
>>> If this is release 9.04 and its a bug then we should not forget this.
>>>
>>> Thanks
>>> --
>>> Pranay Pandey
>>>
>>>
>>>
>>>
>>> On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote:
>>>
>>>> forgot this is release 9.04
>>>>
>>>> BJ Freeman sent the following on 4/28/2009 11:20 AM:
>>>>> I know this has been discussed on the dev list. I would love to
>>>>> provide
>>>>> patches. I am guessing this has to be changed to a post, if I
>>>>> understand
>>>>> right.
>>>>>
>>>>> it seems most of the delete button in catalog section come up with
>>>>> similar messages.
>>>>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0
>>>>>
>>>>>
>>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
>>>>> Found
>>>>> URL parameter [productStoreId] passed to secure (https)
>>>>> request-map with
>>>>> uri [promo_deleteProductStorePromoAppl] with an event that calls
>>>>> service
>>>>> [deleteProductStorePromoAppl]; this is not allowed for security
>>>>> reasons!
>>>>> The data should be encrypted by making it part of the request body (a
>>>>> form field) instead of the request URL.
>>>>
>>>> --
>>>> BJ Freeman
>>>> http://www.businessesnetwork.com/automation
>>>> http://bjfreeman.elance.com
>>>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
>>>>
>>>> Systems Integrator.
>>>>
>>>
>>>
>>
>>
>
>
>
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.