You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Krishan Babbar <kr...@paxcel.net> on 2012/05/31 14:06:44 UTC
Error while deleting an email under "Promo Code Emails"
Hi,
I am working on Promos under Catalog Manager (Admin side).
I am uploading a text file having email ids. I am able to upload file under
"Promo Code Emails" at
https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
After uploading text file i can see each email id with cross (delete) icon.
When clicking on this icon i am getting following error message.
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
URL parameter [productPromoCodeId] passed to secure (https) request-map
with uri [deleteProductPromoCodeEmail] with an event that calls service
[deleteProductPromoCodeEmail]; this is not allowed for security reasons!
The data should be encrypted by making it part of the request body (a form
field) instead of the request URL. Moreover it would be kind if you could
create a Jira sub-task of
https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
sub-task for this error does not exist). If you are not
sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
help.
Please let me know if it has been fixed or still an error in current trunk
code.
Thanks
Krishan Babbar
Re: Error while deleting an email under "Promo Code Emails"
Posted by Jacques Le Roux <ja...@les7arts.com>.
Thanks for report Krishan,
Fixed in
trunk r1355859
R12.04 r1355860
R11.04 r1355861
R10.04 r1355862
Jacques
From: <kr...@paxcel.net>
> Yes Jacques,
>
> It is giving error over there also.
>
> Just to cross check, I tried at below given URL:
> https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@paxcel.net&productPromoId=9000
>
> Actually at above URL, I am unable to upload file due to error sent by Nandani earlier
> "https://issues.apache.org/jira/browse/OFBIZ-4919". So I added a single email id using textbox given there and then tried to
> delete that, but unable to delete and getting following message:
>
> The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productPromoCodeId] passed to secure
> (https) request-map with uri [deleteProductPromoCodeEmail] with an event that calls service [deleteProductPromoCodeEmail]; this is
> not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the
> request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
> (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look
> before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.
>
>
> Thanks,
> Krishan Babbar
> ----------------------------------------------------------------------------------------------------------------------------
> Disclaimer: This email and any files transmitted with it may contain privileged or confidential information. It is solely for use
> by the individual for whom it is intended even if addressed incorrectly. If you received this email in error please notify the
> sender, do not disclose, copy, distribute or take any action in reliance on the contents of this information; and delete it from
> your system. Any other use of this email is prohibited. Thank you for your compliance.
> -----Original Message-----
> From: Jacques Le Roux
> Sent: Saturday, June 02, 2012 3:25 PM
> To: user@ofbiz.apache.org
> Subject: Re: Error while deleting an email under "Promo Code Emails"
>
> Did you try to reproduce on trunk demo server?
> https://localhost:8443/catalog/control/FindProductPromo
>
> Jacques
>
> From: "Krishan Babbar" <kr...@paxcel.net>
>> Hi,
>>
>> I am working on Promos under Catalog Manager (Admin side).
>>
>> I am uploading a text file having email ids. I am able to upload file under
>> "Promo Code Emails" at
>> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>>
>> After uploading text file i can see each email id with cross (delete) icon.
>> When clicking on this icon i am getting following error message.
>>
>>
>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
>> URL parameter [productPromoCodeId] passed to secure (https) request-map
>> with uri [deleteProductPromoCodeEmail] with an event that calls service
>> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
>> The data should be encrypted by making it part of the request body (a form
>> field) instead of the request URL. Moreover it would be kind if you could
>> create a Jira sub-task of
>> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
>> sub-task for this error does not exist). If you are not
>> sure how to create a Jira issue please have a look before at
>> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
>> help.
>>
>>
>> Please let me know if it has been fixed or still an error in current trunk
>> code.
>>
>> Thanks
>> Krishan Babbar
>>
>
Re: Error while deleting an email under "Promo Code Emails"
Posted by kr...@paxcel.net.
Yes Jacques,
It is giving error over there also.
Just to cross check, I tried at below given URL:
https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@paxcel.net&productPromoId=9000
Actually at above URL, I am unable to upload file due to error sent by
Nandani earlier "https://issues.apache.org/jira/browse/OFBIZ-4919". So I
added a single email id using textbox given there and then tried to delete
that, but unable to delete and getting following message:
The Following Errors Occurred:
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [productPromoCodeId] passed to secure (https) request-map with uri
[deleteProductPromoCodeEmail] with an event that calls service
[deleteProductPromoCodeEmail]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL. Moreover it would be kind if you could
create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
(check before if a sub-task for this error does not exist). If you are not
sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
help.
Thanks,
Krishan Babbar
----------------------------------------------------------------------------------------------------------------------------
Disclaimer: This email and any files transmitted with it may contain
privileged or confidential information. It is solely for use by the
individual for whom it is intended even if addressed incorrectly. If you
received this email in error please notify the sender, do not disclose,
copy, distribute or take any action in reliance on the contents of this
information; and delete it from your system. Any other use of this email is
prohibited. Thank you for your compliance.
-----Original Message-----
From: Jacques Le Roux
Sent: Saturday, June 02, 2012 3:25 PM
To: user@ofbiz.apache.org
Subject: Re: Error while deleting an email under "Promo Code Emails"
Did you try to reproduce on trunk demo server?
https://localhost:8443/catalog/control/FindProductPromo
Jacques
From: "Krishan Babbar" <kr...@paxcel.net>
> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file
> under
> "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete)
> icon.
> When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of
> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
> sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>
Re: Error while deleting an email under "Promo Code Emails"
Posted by Jacques Le Roux <ja...@les7arts.com>.
Did you try to reproduce on trunk demo server?
https://localhost:8443/catalog/control/FindProductPromo
Jacques
From: "Krishan Babbar" <kr...@paxcel.net>
> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file under
> "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete) icon.
> When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of
> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
> sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>
Re: Error while deleting an email under "Promo Code Emails"
Posted by Krishan Babbar <kr...@paxcel.net>.
Hi,
Fixed by replacing following code in file EditProductPromoCode.ftl
<div><a
href="<@o...@ofbizUrl>"
class="buttontext">X</a> ${productPromoCodeEmail.emailAddress}</div>-->
with
<div>
<form method="post"
action="<@o...@ofbizUrl>">
<input type="hidden" name="productPromoCodeId"
value="${productPromoCodeEmail.productPromoCodeId}"/>
<input type="hidden" name="emailAddress"
value="${productPromoCodeEmail.emailAddress}"/>
<input type="hidden" name="productPromoId"
value="${productPromoId}"/>
<input type="submit" class="buttontext" value="X"
/> ${productPromoCodeEmail.emailAddress}
</form>
</div>
We can change following code (for deleting a party under "Promo Code
Parties") also in similar way..
<div><a
href="<@o...@ofbizUrl>"
class="buttontext">X</a> ${productPromoCodeParty.partyId}</div>
Thanks
Krishan Babbar
On Thu, May 31, 2012 at 5:36 PM, Krishan Babbar
<kr...@paxcel.net>wrote:
> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file
> under "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete)
> icon. When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>