CRUD using minilang

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CRUD using minilang

Shereen
I'm trying to use the minilang to delete a record in an entity. I faced the following exception

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [reviewId] passed to secure (https) request-map with uri [RemovePlanetReview] with an event that calls service [learningRemovePlanetReview]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r.

Does anyone know what's this? I've done this experiment in  release10.04

this is how I wrote the delete button in the form

<field name="delete">
<hyperlink target="RemovePlanetReview?reviewId=${reviewId}" description="Delete"/></field>

this is the service
 <simple-method method-name="removePlantetReview" short-description="Delete a Planet Review">
     <entity-one entity-name="PlanetReview" value-name="lookedUpValue"/>
     <remove-value value-name="lookedUpValue"/>
</simple-method>

this is the request

<request-map uri="RemovePlanetReview">
  <security auth="true" https="true"/>
   <event type="service" invoke="learningRemovePlanetReview"/>
  <response name="success" type="view" value="ListPlanetReviews"/>
  <response name="error" type="view" value="ListPlanetReviews"/>
</request-map>

would anyone please tell what's going on?
Am I going to face the same trouble in 10.04 ?
Thanks in advance to anyone who can help
Reply | Threaded
Open this post in threaded view
|

Re: CRUD using minilang

Jacopo Cappellato-4
Hi Shereen,

you will resolve this issue if, instead of passing the parameter in the url (get) you will post it as part of a form.
So, instead of:

<field name="delete">
    <hyperlink target="RemovePlanetReview?reviewId=${reviewId}" description="Delete"/>
</field>

use:

<field name="delete">
    <hyperlink target="RemovePlanetReview" description="Delete">
        <parameter param-name="reviewId"/>
    </hyperlink>
</field>

I hope it helps,

Jacopo

On Oct 7, 2010, at 4:46 PM, Shereen wrote:

>
> I'm trying to use the minilang to delete a record in an entity. I faced the
> following exception
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [reviewId] passed to secure (https) request-map with uri
> [RemovePlanetReview] with an event that calls service
> [learningRemovePlanetReview]; this is not allowed for security reasons! The
> data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330
> (check before if a sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://docs.ofbiz.org/x/r.
>
> Does anyone know what's this? I've done this experiment in  release10.04
>
> this is how I wrote the delete button in the form
>
> <field name="delete">
> <hyperlink target="RemovePlanetReview?reviewId=${reviewId}"
> description="Delete"/></field>
>
> this is the service
> <simple-method method-name="removePlantetReview" short-description="Delete
> a Planet Review">
>     <entity-one entity-name="PlanetReview" value-name="lookedUpValue"/>
>     <remove-value value-name="lookedUpValue"/>
> </simple-method>
>
> this is the request
>
> <request-map uri="RemovePlanetReview">
>  <security auth="true" https="true"/>
>   <event type="service" invoke="learningRemovePlanetReview"/>
>  <response name="success" type="view" value="ListPlanetReviews"/>
>  <response name="error" type="view" value="ListPlanetReviews"/>
> </request-map>
>
> would anyone please tell what's going on?
> Am I going to face the same trouble in 10.04 ?
> Thanks in advance to anyone who can help
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/CRUD-using-minilang-tp2966908p2966908.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.