ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mohammed Rehan Khan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-7270) Create New Shopping List - Security Error
Date Mon, 13 Jun 2016 08:26:21 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mohammed Rehan Khan updated OFBIZ-7270:
---------------------------------------
    Attachment: OFBIZ-7270-Releases.patch

FTL file location has been changed. So providing the patch for releases.   

> Create New Shopping List - Security Error 
> ------------------------------------------
>
>                 Key: OFBIZ-7270
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7270
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: specialpurpose/ecommerce
>    Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, Release Branch
15.12
>            Reporter: Mohammed Rehan Khan
>            Assignee: Pranay Pandey
>         Attachments: OFBIZ-7270-Releases.patch, OFBIZ-7270.patch, OFBIZ-7270.patch
>
>
> Steps to reproduce:
> 1) Go to eCommerce
> 2) Click on shopping list tab
> 3) Click on create new link   
> Getting following security error:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter
[productStoreId] passed to secure (https) request-map with uri [createEmptyShoppingList] with
an event that calls service [createShoppingList]; this is not allowed for security reasons!
The data should be encrypted by making it part of the request body (a form field) instead
of the request URL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message