Error while tring to change theme

> Hi,
> when trying to select a different theme in the backoffice I get this.
>
> The Following Errors Occurred:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
> Found URL parameter [userPrefTypeId] passed to secure (https)
> request-map with uri [setUserPreference] with an event that calls
> service [setUserPreference]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body
> instead of the request URL.
>
> I know it is related to the recent secure url parameters passing
> change but I do not know the new system enough to fix it.

>
> On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
>
>> Hi,
>> when trying to select a different theme in the backoffice I get this.
>>
>> The Following Errors Occurred:
>> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
>> Found URL parameter [userPrefTypeId] passed to secure (https)
>> request-map with uri [setUserPreference] with an event that calls
>> service [setUserPreference]; this is not allowed for security reasons!
>> The data should be encrypted by making it part of the request body
>> instead of the request URL.
>>
>> I know it is related to the recent secure url parameters passing
>> change but I do not know the new system enough to fix it.
>
> The fix is easy, as has been discussed a bit, just change the link into
> a hidden form that is submitted with a link.
>
> For some examples of this done in FTL files checkout my recent commits
> in the orderpaymentinfo.ftl file, like SVN rev 758512.
>
> -David
>
>
>

> In fact, David answered this question when it was brought up the  
> last time.
>
> -Adrian
>
> David E Jones wrote:
>> On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
>>> Hi,
>>> when trying to select a different theme in the backoffice I get  
>>> this.
>>>
>>> The Following Errors Occurred:
>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
>>> Found URL parameter [userPrefTypeId] passed to secure (https)
>>> request-map with uri [setUserPreference] with an event that calls
>>> service [setUserPreference]; this is not allowed for security  
>>> reasons!
>>> The data should be encrypted by making it part of the request body
>>> instead of the request URL.
>>>
>>> I know it is related to the recent secure url parameters passing
>>> change but I do not know the new system enough to fix it.
>> The fix is easy, as has been discussed a bit, just change the link  
>> into a hidden form that is submitted with a link.
>> For some examples of this done in FTL files checkout my recent  
>> commits in the orderpaymentinfo.ftl file, like SVN rev 758512.
>> -David

>
> Yes, thank you. I've actually answered this a half-dozen times, plus the
> messages in the discussions about security and the proposed change, and then
> descriptions of the actual change, and then descriptions of backing out the
> strict enforcement because it was an issue in so many places, and then
> discussion of the changes to help with this in the various widgets, and then
> putting the strict enforcement back in, and then work with a contributor in
> a Jira issue with a couple of revisions to a patch to fix links on the order
> detail page in the order manger, and then more examples of the manual
> changes needed in FTL files, and then answers to a few questions about it on
> the mailing lists...
>
> If I had known it would be this much trouble... :(
>
> -David
>
>
> On Mar 26, 2009, at 1:58 PM, Adrian Crum wrote:
>
>> In fact, David answered this question when it was brought up the last
>> time.
>>
>> -Adrian
>>
>> David E Jones wrote:
>>>
>>> On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
>>>>
>>>> Hi,
>>>> when trying to select a different theme in the backoffice I get this.
>>>>
>>>> The Following Errors Occurred:
>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
>>>> Found URL parameter [userPrefTypeId] passed to secure (https)
>>>> request-map with uri [setUserPreference] with an event that calls
>>>> service [setUserPreference]; this is not allowed for security reasons!
>>>> The data should be encrypted by making it part of the request body
>>>> instead of the request URL.
>>>>
>>>> I know it is related to the recent secure url parameters passing
>>>> change but I do not know the new system enough to fix it.
>>>
>>> The fix is easy, as has been discussed a bit, just change the link into a
>>> hidden form that is submitted with a link.
>>> For some examples of this done in FTL files checkout my recent commits in
>>> the orderpaymentinfo.ftl file, like SVN rev 758512.
>>> -David
>
>

>
> Yes, thank you. I've actually answered this a half-dozen times, plus  
> the messages in the discussions about security and the proposed  
> change, and then descriptions of the actual change, and then  
> descriptions of backing out the strict enforcement because it was an  
> issue in so many places, and then discussion of the changes to help  
> with this in the various widgets, and then putting the strict  
> enforcement back in, and then work with a contributor in a Jira issue  
> with a couple of revisions to a patch to fix links on the order detail  
> page in the order manger, and then more examples of the manual changes  
> needed in FTL files, and then answers to a few questions about it on  
> the mailing lists...
>
> If I had known it would be this much trouble... :(
>
> -David
>
>
> On Mar 26, 2009, at 1:58 PM, Adrian Crum wrote:
>
>> In fact, David answered this question when it was brought up the  
>> last time.
>>
>> -Adrian
>>
>> David E Jones wrote:
>>> On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
>>>> Hi,
>>>> when trying to select a different theme in the backoffice I get  
>>>> this.
>>>>
>>>> The Following Errors Occurred:
>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException:
>>>> Found URL parameter [userPrefTypeId] passed to secure (https)
>>>> request-map with uri [setUserPreference] with an event that calls
>>>> service [setUserPreference]; this is not allowed for security  
>>>> reasons!
>>>> The data should be encrypted by making it part of the request body
>>>> instead of the request URL.
>>>>
>>>> I know it is related to the recent secure url parameters passing
>>>> change but I do not know the new system enough to fix it.
>>> The fix is easy, as has been discussed a bit, just change the link  
>>> into a hidden form that is submitted with a link.
>>> For some examples of this done in FTL files checkout my recent  
>>> commits in the orderpaymentinfo.ftl file, like SVN rev 758512.
>>> -David
>