Hi,
I am working on Promos under Catalog Manager (Admin side). I am uploading a text file having email ids. I am able to upload file under "Promo Code Emails" at https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO After uploading text file i can see each email id with cross (delete) icon. When clicking on this icon i am getting following error message. Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productPromoCodeId] passed to secure (https) request-map with uri [deleteProductPromoCodeEmail] with an event that calls service [deleteProductPromoCodeEmail]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help. Please let me know if it has been fixed or still an error in current trunk code. Thanks Krishan Babbar |
Hi,
Fixed by replacing following code in file EditProductPromoCode.ftl <div><a href="<@ofbizUrl>deleteProductPromoCodeEmail?productPromoCodeId=${productPromoCodeEmail.productPromoCodeId}&emailAddress=${productPromoCodeEmail.emailAddress}&productPromoId=${productPromoId}</@ofbizUrl>" class="buttontext">X</a> ${productPromoCodeEmail.emailAddress}</div>--> with <div> <form method="post" action="<@ofbizUrl>deleteProductPromoCodeEmail</@ofbizUrl>"> <input type="hidden" name="productPromoCodeId" value="${productPromoCodeEmail.productPromoCodeId}"/> <input type="hidden" name="emailAddress" value="${productPromoCodeEmail.emailAddress}"/> <input type="hidden" name="productPromoId" value="${productPromoId}"/> <input type="submit" class="buttontext" value="X" /> ${productPromoCodeEmail.emailAddress} </form> </div> We can change following code (for deleting a party under "Promo Code Parties") also in similar way.. <div><a href="<@ofbizUrl>deleteProductPromoCodeParty?productPromoCodeId=${productPromoCodeParty.productPromoCodeId}&partyId=${productPromoCodeParty.partyId}&productPromoId=${productPromoId}</@ofbizUrl>" class="buttontext">X</a> ${productPromoCodeParty.partyId}</div> Thanks Krishan Babbar On Thu, May 31, 2012 at 5:36 PM, Krishan Babbar <[hidden email]>wrote: > Hi, > > I am working on Promos under Catalog Manager (Admin side). > > I am uploading a text file having email ids. I am able to upload file > under "Promo Code Emails" at > https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO > > After uploading text file i can see each email id with cross (delete) > icon. When clicking on this icon i am getting following error message. > > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found > URL parameter [productPromoCodeId] passed to secure (https) request-map > with uri [deleteProductPromoCodeEmail] with an event that calls service > [deleteProductPromoCodeEmail]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body (a form > field) instead of the request URL. Moreover it would be kind if you could > create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a sub-task for this error does not exist). If you are not > sure how to create a Jira issue please have a look before at > http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your > help. > > > Please let me know if it has been fixed or still an error in current trunk > code. > > Thanks > Krishan Babbar > |
Administrator
|
In reply to this post by krishan.babbar
Did you try to reproduce on trunk demo server?
https://localhost:8443/catalog/control/FindProductPromo Jacques From: "Krishan Babbar" <[hidden email]> > Hi, > > I am working on Promos under Catalog Manager (Admin side). > > I am uploading a text file having email ids. I am able to upload file under > "Promo Code Emails" at > https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO > > After uploading text file i can see each email id with cross (delete) icon. > When clicking on this icon i am getting following error message. > > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found > URL parameter [productPromoCodeId] passed to secure (https) request-map > with uri [deleteProductPromoCodeEmail] with an event that calls service > [deleteProductPromoCodeEmail]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body (a form > field) instead of the request URL. Moreover it would be kind if you could > create a Jira sub-task of > https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a > sub-task for this error does not exist). If you are not > sure how to create a Jira issue please have a look before at > http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your > help. > > > Please let me know if it has been fixed or still an error in current trunk > code. > > Thanks > Krishan Babbar > |
Yes Jacques,
It is giving error over there also. Just to cross check, I tried at below given URL: https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@...&productPromoId=9000 Actually at above URL, I am unable to upload file due to error sent by Nandani earlier "https://issues.apache.org/jira/browse/OFBIZ-4919". So I added a single email id using textbox given there and then tried to delete that, but unable to delete and getting following message: The Following Errors Occurred: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productPromoCodeId] passed to secure (https) request-map with uri [deleteProductPromoCodeEmail] with an event that calls service [deleteProductPromoCodeEmail]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help. Thanks, Krishan Babbar ---------------------------------------------------------------------------------------------------------------------------- Disclaimer: This email and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended even if addressed incorrectly. If you received this email in error please notify the sender, do not disclose, copy, distribute or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this email is prohibited. Thank you for your compliance. -----Original Message----- From: Jacques Le Roux Sent: Saturday, June 02, 2012 3:25 PM To: [hidden email] Subject: Re: Error while deleting an email under "Promo Code Emails" Did you try to reproduce on trunk demo server? https://localhost:8443/catalog/control/FindProductPromo Jacques From: "Krishan Babbar" <[hidden email]> > Hi, > > I am working on Promos under Catalog Manager (Admin side). > > I am uploading a text file having email ids. I am able to upload file > under > "Promo Code Emails" at > https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO > > After uploading text file i can see each email id with cross (delete) > icon. > When clicking on this icon i am getting following error message. > > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found > URL parameter [productPromoCodeId] passed to secure (https) request-map > with uri [deleteProductPromoCodeEmail] with an event that calls service > [deleteProductPromoCodeEmail]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body (a form > field) instead of the request URL. Moreover it would be kind if you could > create a Jira sub-task of > https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a > sub-task for this error does not exist). If you are not > sure how to create a Jira issue please have a look before at > http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your > help. > > > Please let me know if it has been fixed or still an error in current trunk > code. > > Thanks > Krishan Babbar > |
Administrator
|
Thanks for report Krishan,
Fixed in trunk r1355859 R12.04 r1355860 R11.04 r1355861 R10.04 r1355862 Jacques From: <[hidden email]> > Yes Jacques, > > It is giving error over there also. > > Just to cross check, I tried at below given URL: > https://demo-trunk.ofbiz.apache.org/catalog/control/deleteProductPromoCodeEmail?productPromoCodeId=KrishTesting&emailAddress=krishan.babbar@...&productPromoId=9000 > > Actually at above URL, I am unable to upload file due to error sent by Nandani earlier > "https://issues.apache.org/jira/browse/OFBIZ-4919". So I added a single email id using textbox given there and then tried to > delete that, but unable to delete and getting following message: > > The Following Errors Occurred: > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productPromoCodeId] passed to secure > (https) request-map with uri [deleteProductPromoCodeEmail] with an event that calls service [deleteProductPromoCodeEmail]; this is > not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the > request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 > (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look > before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help. > > > Thanks, > Krishan Babbar > ---------------------------------------------------------------------------------------------------------------------------- > Disclaimer: This email and any files transmitted with it may contain privileged or confidential information. It is solely for use > by the individual for whom it is intended even if addressed incorrectly. If you received this email in error please notify the > sender, do not disclose, copy, distribute or take any action in reliance on the contents of this information; and delete it from > your system. Any other use of this email is prohibited. Thank you for your compliance. > -----Original Message----- > From: Jacques Le Roux > Sent: Saturday, June 02, 2012 3:25 PM > To: [hidden email] > Subject: Re: Error while deleting an email under "Promo Code Emails" > > Did you try to reproduce on trunk demo server? > https://localhost:8443/catalog/control/FindProductPromo > > Jacques > > From: "Krishan Babbar" <[hidden email]> >> Hi, >> >> I am working on Promos under Catalog Manager (Admin side). >> >> I am uploading a text file having email ids. I am able to upload file under >> "Promo Code Emails" at >> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO >> >> After uploading text file i can see each email id with cross (delete) icon. >> When clicking on this icon i am getting following error message. >> >> >> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found >> URL parameter [productPromoCodeId] passed to secure (https) request-map >> with uri [deleteProductPromoCodeEmail] with an event that calls service >> [deleteProductPromoCodeEmail]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body (a form >> field) instead of the request URL. Moreover it would be kind if you could >> create a Jira sub-task of >> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a >> sub-task for this error does not exist). If you are not >> sure how to create a Jira issue please have a look before at >> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your >> help. >> >> >> Please let me know if it has been fixed or still an error in current trunk >> code. >> >> Thanks >> Krishan Babbar >> > |
Free forum by Nabble | Edit this page |