Create Quote from request - error

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Create Quote from request - error

aswath narayana
Hello,
In the ordermgr,
* I create a Request.
* Then, I perform 'Create Quote from request'

The Following Errors Occurred:

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [custRequestId] passed to secure (https) request-map with uri
[createQuoteFromCustRequest] with an event that calls service
[createQuoteFromCustRequest]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL.

-Aswath
Reply | Threaded
Open this post in threaded view
|

Re: Create Quote from request - error

Jacques Le Roux
Administrator
Thanks for report,

I have a plan for <link elements in menus and screens xml files, like the one I used at
https://issues.apache.org/jira/browse/OFBIZ-2243
Be patient or do the change yourself waiting for the largest changes...

Jacques

From: "aswath narayana" <[hidden email]>

> Hello,
> In the ordermgr,
> * I create a Request.
> * Then, I perform 'Create Quote from request'
>
> The Following Errors Occurred:
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [custRequestId] passed to secure (https) request-map with uri
> [createQuoteFromCustRequest] with an event that calls service
> [createQuoteFromCustRequest]; this is not allowed for security reasons! The
> data should be encrypted by making it part of the request body (a form
> field) instead of the request URL.
>
> -Aswath
>


Reply | Threaded
Open this post in threaded view
|

Re: Create Quote from request - error

Jacques Le Roux
Administrator
In reply to this post by aswath narayana
There is also this issue https://issues.apache.org/jira/browse/OFBIZ-2260 for everybody wanting to participate at this effort in
order to deliver a 9.4 release better version (secured)
The orignal need comes from https://issues.apache.org/jira/browse/OFBIZ-1959

Jacques

From: "Jacques Le Roux" <[hidden email]>

> Thanks for report,
>
> I have a plan for <link elements in menus and screens xml files, like the one I used at
> https://issues.apache.org/jira/browse/OFBIZ-2243
> Be patient or do the change yourself waiting for the largest changes...
>
> Jacques
>
> From: "aswath narayana" <[hidden email]>
>> Hello,
>> In the ordermgr,
>> * I create a Request.
>> * Then, I perform 'Create Quote from request'
>>
>> The Following Errors Occurred:
>>
>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
>> parameter [custRequestId] passed to secure (https) request-map with uri
>> [createQuoteFromCustRequest] with an event that calls service
>> [createQuoteFromCustRequest]; this is not allowed for security reasons! The
>> data should be encrypted by making it part of the request body (a form
>> field) instead of the request URL.
>>
>> -Aswath
>>
>


Reply | Threaded
Open this post in threaded view
|

Re: Create Quote from request - error

matarazzo angelo
In reply to this post by aswath narayana
Hi,Aswath
perhaps the  error is occured because you have called service "createQuoteFromCustRequest"
 in this way: <hyperlink target="createQuoteFromCustRequest?custRequestId={****}"/>

You attempt to use
<hyperlink target="createQuoteFromCustRequest> 
    <parameter param-name="custRequestId" value="{****}"/>           
</hyperlink> 
This is the new security improvement of Ofbiz.
For more details search "secure urls"
aswath wrote
Hello,
In the ordermgr,
* I create a Request.
* Then, I perform 'Create Quote from request'

The Following Errors Occurred:

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [custRequestId] passed to secure (https) request-map with uri
[createQuoteFromCustRequest] with an event that calls service
[createQuoteFromCustRequest]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL.

-Aswath
Reply | Threaded
Open this post in threaded view
|

Re: Create Quote from request - error

aswath narayana
Hi,
I am trying to do this type of change,as I saw similar change done by
Jacques in r760363
The requestForms.xml does not have this hyperlink. But it has the following
   <form name="EditQuoteItemForRequest" type="single"
target="updateQuoteItemForRequest" title="" default-map-name="quoteItem"
        header-row-style="header-row" default-table-style="basic-table">
        <alt-target use-when="quoteItem==null"
target="createQuoteItemForRequest"/>
        <auto-fields-entity entity-name="QuoteItem"
default-field-type="edit"/>
....

Is this the place to look for...

Thanks
-Aswath
On Wed, Apr 1, 2009 at 12:34 AM, Angelo Matarazzo <[hidden email]
> wrote:

>
> Hi,Aswath
> perhaps the  error is occured because you have called service
> "createQuoteFromCustRequest"
>  in this way: <hyperlink
> target="createQuoteFromCustRequest?custRequestId={****}"/>
>
> You attempt to use
> <hyperlink target="createQuoteFromCustRequest>
>    <parameter param-name="custRequestId" value="{****}"/>
> </hyperlink>
> This is the new security improvement of Ofbiz.
> For more details search "secure urls"
>
> aswath wrote:
> >
> > Hello,
> > In the ordermgr,
> > * I create a Request.
> > * Then, I perform 'Create Quote from request'
> >
> > The Following Errors Occurred:
> >
> > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> > URL
> > parameter [custRequestId] passed to secure (https) request-map with uri
> > [createQuoteFromCustRequest] with an event that calls service
> > [createQuoteFromCustRequest]; this is not allowed for security reasons!
> > The
> > data should be encrypted by making it part of the request body (a form
> > field) instead of the request URL.
> >
> > -Aswath
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Create-Quote-from-request---error-tp22805028p22807134.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
>