You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2009/09/11 14:06:58 UTC
[jira] Created: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
------------------------------------------------------------------------------------------------------------------------------------------
Key: OFBIZ-2929
URL: https://issues.apache.org/jira/browse/OFBIZ-2929
Project: OFBiz
Issue Type: Sub-task
Components: specialpurpose/ecommerce
Affects Versions: Release Branch 9.04, SVN trunk
Reporter: Jacques Le Roux
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
Steps to reproduce:
1.Go to Ecommerce Home Page
2. Select Some items and add to Cart
3. Click Quick Checkout
4. Page goes to Login Page and there also select Quick Chekout
5. Fill User details for quick check out
6. Goes to next page and there select payment type as Credit Card and fill credit card details
7. Select some shipping method type in the same page at right hand menu
8. Click Submit Order button in the same page at the end
9. then getting the mentioned error.
Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12757986#action_12757986 ]
Jacques Le Roux commented on OFBIZ-2929:
----------------------------------------
This is a problem with anonymous checkout only
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Simon Hutchinson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12758229#action_12758229 ]
Simon Hutchinson commented on OFBIZ-2929:
-----------------------------------------
I can still reproduce with trunk at r817603
Firebug NET panel shows that a GET is being made upon "Submit Order" to quickAnonEnterCreditCard - hence the security violation.
A very quick look at quickAnonPaymentInformation.ftl shows a good starting point.
<form id="setPaymentInformation" type="POST" action="<@o...@ofbizUrl>" name="setPaymentInformation">
type="POST"
Changed to
method="POST"
Submits the form without error, however the checkout still doesn't complete ..... will continue investigating time allowing
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (OFBIZ-2929) Trying to do a quick
check out in Ecommerce application and facing error when clicking Submit
Order after filling the credit card details.
Posted by "Simon Hutchinson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12758230#action_12758230 ]
Simon Hutchinson edited comment on OFBIZ-2929 at 9/22/09 5:41 AM:
------------------------------------------------------------------
Patch to change form attribute from type to method
was (Author: si@springyweb.com):
Path to change form attribute from type to method
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Attachments: paymentInfoPatch.diff
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-2929.
----------------------------------
Resolution: Fixed
Fix Version/s: SVN trunk
Release Branch 9.04
Assignee: Jacques Le Roux
Thanks Simon and Scott,
Actually it fixed the issue for me. I commited in trunk at r818494, and R9.04 at r818507
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Fix For: Release Branch 9.04, SVN trunk
>
> Attachments: paymentInfoPatch.diff
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12758004#action_12758004 ]
Jacques Le Roux commented on OFBIZ-2929:
----------------------------------------
Actually I did not reproduce with trunk at r817344 nor with R9.04 at r817156
I wait confirmation by Simon Hutchinson before closing.
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Simon Hutchinson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Simon Hutchinson updated OFBIZ-2929:
------------------------------------
Attachment: paymentInfoPatch.diff
Path to change form attribute from type to method
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Attachments: paymentInfoPatch.diff
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2929) Trying to do a quick check out in
Ecommerce application and facing error when clicking Submit Order after
filling the credit card details.
Posted by "Scott Gray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12758232#action_12758232 ]
Scott Gray commented on OFBIZ-2929:
-----------------------------------
A real minor comment but "POST" should be "post" for xhtml.
> Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-2929
> URL: https://issues.apache.org/jira/browse/OFBIZ-2929
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 9.04, SVN trunk
> Reporter: Jacques Le Roux
> Attachments: paymentInfoPatch.diff
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [cardType] passed to secure (https) request-map with uri [quickAnonEnterCreditCard] with an event that calls service [createCreditCard]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help.
> Steps to reproduce:
> 1.Go to Ecommerce Home Page
> 2. Select Some items and add to Cart
> 3. Click Quick Checkout
> 4. Page goes to Login Page and there also select Quick Chekout
> 5. Fill User details for quick check out
> 6. Goes to next page and there select payment type as Credit Card and fill credit card details
> 7. Select some shipping method type in the same page at right hand menu
> 8. Click Submit Order button in the same page at the end
> 9. then getting the mentioned error.
> Reported by Hemanth Kumar Kanamarlapudi on user ML
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.