Error while deleting an email under "Promo Code Emails"

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Error while deleting an email under "Promo Code Emails"

krishan.babbar
Hi,

I am working on Promos under Catalog Manager (Admin side).

I am uploading a text file having email ids. I am able to upload file under
"Promo Code Emails" at
https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO

After uploading text file i can see each email id with cross (delete) icon.
When clicking on this icon i am getting following error message.


Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
URL parameter [productPromoCodeId] passed to secure (https) request-map
with uri [deleteProductPromoCodeEmail] with an event that calls service
[deleteProductPromoCodeEmail]; this is not allowed for security reasons!
The data should be encrypted by making it part of the request body (a form
field) instead of the request URL. Moreover it would be kind if you could
create a Jira sub-task of
https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
sub-task for this error does not exist). If you are not
sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
help.


Please let me know if it has been fixed or still an error in current trunk
code.

Thanks
Krishan Babbar
Reply | Threaded
Open this post in threaded view
|

Re: Error while deleting an email under "Promo Code Emails"

krishan.babbar
Hi,

Fixed by replacing following code in file EditProductPromoCode.ftl

<div><a
href="<@ofbizUrl>deleteProductPromoCodeEmail?productPromoCodeId=${productPromoCodeEmail.productPromoCodeId}&amp;emailAddress=${productPromoCodeEmail.emailAddress}&amp;productPromoId=${productPromoId}</@ofbizUrl>"
class="buttontext">X</a>&nbsp;${productPromoCodeEmail.emailAddress}</div>-->


with

<div>
                <form method="post"
action="<@ofbizUrl>deleteProductPromoCodeEmail</@ofbizUrl>">
                <input type="hidden" name="productPromoCodeId"
value="${productPromoCodeEmail.productPromoCodeId}"/>
                <input type="hidden" name="emailAddress"
value="${productPromoCodeEmail.emailAddress}"/>
                <input type="hidden" name="productPromoId"
value="${productPromoId}"/>
                <input type="submit" class="buttontext" value="X"
/>&nbsp;${productPromoCodeEmail.emailAddress}
</form>
                </div>


We can change following code (for deleting a party under "Promo Code
Parties") also in similar way..
<div><a
href="<@ofbizUrl>deleteProductPromoCodeParty?productPromoCodeId=${productPromoCodeParty.productPromoCodeId}&amp;partyId=${productPromoCodeParty.partyId}&amp;productPromoId=${productPromoId}</@ofbizUrl>"
class="buttontext">X</a>&nbsp;${productPromoCodeParty.partyId}</div>


Thanks
Krishan Babbar


On Thu, May 31, 2012 at 5:36 PM, Krishan Babbar
<[hidden email]>wrote:

> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file
> under "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete)
> icon. When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>
Reply | Threaded
Open this post in threaded view
|

Re: Error while deleting an email under "Promo Code Emails"

Jacques Le Roux
Administrator
In reply to this post by krishan.babbar
Did you try to reproduce on trunk demo server?
https://localhost:8443/catalog/control/FindProductPromo

Jacques

From: "Krishan Babbar" <[hidden email]>

> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file under
> "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete) icon.
> When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of
> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
> sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>
Reply | Threaded
Open this post in threaded view
|

Re: Error while deleting an email under "Promo Code Emails"

krishan.babbar
Yes Jacques,

It is giving error over there also.

Just to cross check, I tried at below given URL:
https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@...&productPromoId=9000

Actually at above URL, I am unable to upload file due to error sent by
Nandani earlier "https://issues.apache.org/jira/browse/OFBIZ-4919". So I
added a single email id using textbox given there and then tried to delete
that, but unable to delete and getting following message:

The Following Errors Occurred:
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL
parameter [productPromoCodeId] passed to secure (https) request-map with uri
[deleteProductPromoCodeEmail] with an event that calls service
[deleteProductPromoCodeEmail]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body (a form
field) instead of the request URL. Moreover it would be kind if you could
create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 
(check before if a sub-task for this error does not exist). If you are not
sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
help.


Thanks,
Krishan Babbar
----------------------------------------------------------------------------------------------------------------------------
Disclaimer: This email and any files transmitted with it may contain
privileged or confidential information. It is solely for use by the
individual for whom it is intended even if addressed incorrectly. If you
received this email in error please notify the sender, do not disclose,
copy, distribute or take any action in reliance on the contents of this
information; and delete it from your system. Any other use of this email is
prohibited. Thank you for your compliance.
-----Original Message-----
From: Jacques Le Roux
Sent: Saturday, June 02, 2012 3:25 PM
To: [hidden email]
Subject: Re: Error while deleting an email under "Promo Code Emails"

Did you try to reproduce on trunk demo server?
https://localhost:8443/catalog/control/FindProductPromo

Jacques

From: "Krishan Babbar" <[hidden email]>

> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file
> under
> "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete)
> icon.
> When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of
> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
> sub-task for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>

Reply | Threaded
Open this post in threaded view
|

Re: Error while deleting an email under "Promo Code Emails"

Jacques Le Roux
Administrator
Thanks for report Krishan,

Fixed in
trunk r1355859
R12.04 r1355860
R11.04 r1355861
R10.04 r1355862

Jacques

From: <[hidden email]>

> Yes Jacques,
>
> It is giving error over there also.
>
> Just to cross check, I tried at below given URL:
> https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@...&productPromoId=9000
>
> Actually at above URL, I am unable to upload file due to error sent by Nandani earlier
> "https://issues.apache.org/jira/browse/OFBIZ-4919". So I added a single email id using textbox given there and then tried to
> delete that, but unable to delete and getting following message:
>
> The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productPromoCodeId] passed to secure
> (https) request-map with uri [deleteProductPromoCodeEmail] with an event that calls service [deleteProductPromoCodeEmail]; this is
> not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the
> request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 
> (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look
> before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.
>
>
> Thanks,
> Krishan Babbar
> ----------------------------------------------------------------------------------------------------------------------------
> Disclaimer: This email and any files transmitted with it may contain privileged or confidential information. It is solely for use
> by the individual for whom it is intended even if addressed incorrectly. If you received this email in error please notify the
> sender, do not disclose, copy, distribute or take any action in reliance on the contents of this information; and delete it from
> your system. Any other use of this email is prohibited. Thank you for your compliance.
> -----Original Message-----
> From: Jacques Le Roux
> Sent: Saturday, June 02, 2012 3:25 PM
> To: [hidden email]
> Subject: Re: Error while deleting an email under "Promo Code Emails"
>
> Did you try to reproduce on trunk demo server?
> https://localhost:8443/catalog/control/FindProductPromo
>
> Jacques
>
> From: "Krishan Babbar" <[hidden email]>
>> Hi,
>>
>> I am working on Promos under Catalog Manager (Admin side).
>>
>> I am uploading a text file having email ids. I am able to upload file under
>> "Promo Code Emails" at
>> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>>
>> After uploading text file i can see each email id with cross (delete) icon.
>> When clicking on this icon i am getting following error message.
>>
>>
>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
>> URL parameter [productPromoCodeId] passed to secure (https) request-map
>> with uri [deleteProductPromoCodeEmail] with an event that calls service
>> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
>> The data should be encrypted by making it part of the request body (a form
>> field) instead of the request URL. Moreover it would be kind if you could
>> create a Jira sub-task of
>> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a
>> sub-task for this error does not exist). If you are not
>> sure how to create a Jira issue please have a look before at
>> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
>> help.
>>
>>
>> Please let me know if it has been fixed or still an error in current trunk
>> code.
>>
>> Thanks
>> Krishan Babbar
>>
>