OFBiz › OFBiz - User

Create Quote from request - error

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

5 messages Options

aswath narayana

Create Quote from request - error

Hello,
In the ordermgr,
* I create a Request.
* Then, I perform 'Create Quote from request'

The Following Errors Occurred:

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [custRequestId] passed to secure (https) request-map with uri
[createQuoteFromCustRequest] with an event that calls service
[createQuoteFromCustRequest]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL.

-Aswath

Jacques Le Roux

Re: Create Quote from request - error

Administrator

Thanks for report,

I have a plan for <link elements in menus and screens xml files, like the one I used at
https://issues.apache.org/jira/browse/OFBIZ-2243
Be patient or do the change yourself waiting for the largest changes...

Jacques

From: "aswath narayana" <[hidden email]>

> Hello,
> In the ordermgr,
> * I create a Request.
> * Then, I perform 'Create Quote from request'
>
> The Following Errors Occurred:
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
> parameter [custRequestId] passed to secure (https) request-map with uri
> [createQuoteFromCustRequest] with an event that calls service
> [createQuoteFromCustRequest]; this is not allowed for security reasons! The
> data should be encrypted by making it part of the request body (a form
> field) instead of the request URL.
>
> -Aswath
>

Jacques Le Roux

Re: Create Quote from request - error

Administrator

In reply to this post by aswath narayana

There is also this issue https://issues.apache.org/jira/browse/OFBIZ-2260 for everybody wanting to participate at this effort in
order to deliver a 9.4 release better version (secured)
The orignal need comes from https://issues.apache.org/jira/browse/OFBIZ-1959

Jacques

From: "Jacques Le Roux" <[hidden email]>

> Thanks for report,
>
> I have a plan for <link elements in menus and screens xml files, like the one I used at
> https://issues.apache.org/jira/browse/OFBIZ-2243
> Be patient or do the change yourself waiting for the largest changes...
>
> Jacques
>
> From: "aswath narayana" <[hidden email]>
>> Hello,
>> In the ordermgr,
>> * I create a Request.
>> * Then, I perform 'Create Quote from request'
>>
>> The Following Errors Occurred:
>>
>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
>> parameter [custRequestId] passed to secure (https) request-map with uri
>> [createQuoteFromCustRequest] with an event that calls service
>> [createQuoteFromCustRequest]; this is not allowed for security reasons! The
>> data should be encrypted by making it part of the request body (a form
>> field) instead of the request URL.
>>
>> -Aswath
>>
>

matarazzo angelo

Re: Create Quote from request - error

In reply to this post by aswath narayana

Hi,Aswath
perhaps the error is occured because you have called service "createQuoteFromCustRequest"
in this way: <hyperlink target="createQuoteFromCustRequest?custRequestId={****}"/>

You attempt to use
<hyperlink target="createQuoteFromCustRequest>
<parameter param-name="custRequestId" value="{****}"/>
</hyperlink>
This is the new security improvement of Ofbiz.
For more details search "secure urls"

aswath wrote

Hello,
In the ordermgr,
* I create a Request.
* Then, I perform 'Create Quote from request'

The Following Errors Occurred:

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [custRequestId] passed to secure (https) request-map with uri
[createQuoteFromCustRequest] with an event that calls service
[createQuoteFromCustRequest]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL.

-Aswath

aswath narayana

Re: Create Quote from request - error

Hi,
I am trying to do this type of change,as I saw similar change done by
Jacques in r760363
The requestForms.xml does not have this hyperlink. But it has the following
<form name="EditQuoteItemForRequest" type="single"
target="updateQuoteItemForRequest" title="" default-map-name="quoteItem"
header-row-style="header-row" default-table-style="basic-table">
<alt-target use-when="quoteItem==null"
target="createQuoteItemForRequest"/>
<auto-fields-entity entity-name="QuoteItem"
default-field-type="edit"/>
....

Is this the place to look for...

Thanks
-Aswath
On Wed, Apr 1, 2009 at 12:34 AM, Angelo Matarazzo <[hidden email]
> wrote:

>
> Hi,Aswath
> perhaps the error is occured because you have called service
> "createQuoteFromCustRequest"
> in this way: <hyperlink
> target="createQuoteFromCustRequest?custRequestId={****}"/>
>
> You attempt to use
> <hyperlink target="createQuoteFromCustRequest>
> <parameter param-name="custRequestId" value="{****}"/>
> </hyperlink>
> This is the new security improvement of Ofbiz.
> For more details search "secure urls"
>
> aswath wrote:
> >
> > Hello,
> > In the ordermgr,
> > * I create a Request.
> > * Then, I perform 'Create Quote from request'
> >
> > The Following Errors Occurred:
> >
> > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> > URL
> > parameter [custRequestId] passed to secure (https) request-map with uri
> > [createQuoteFromCustRequest] with an event that calls service
> > [createQuoteFromCustRequest]; this is not allowed for security reasons!
> > The
> > data should be encrypted by making it part of the request body (a form
> > field) instead of the request URL.
> >
> > -Aswath
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Create-Quote-from-request---error-tp22805028p22807134.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
>