Montalbano Florian created OFBIZ-7319:
-----------------------------------------
Summary: Remove product feature in Quick Admin page not secure
Key: OFBIZ-7319
URL:
https://issues.apache.org/jira/browse/OFBIZ-7319 Project: OFBiz
Issue Type: Sub-task
Reporter: Montalbano Florian
Priority: Minor
When trying to remove a product feature from the quick admin page of a product, you get the following error :
{code}
The Following Errors Occurred:
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productId] passed to secure (https) request-map with uri [quickAdminRemoveFeatureFromProduct] with an event that calls service [removeFeatureFromProduct]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of
https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.
{code}
As the error aks for, I'm creating this Jira.
I checked in the created sub-task and this one was not registered (but there was one for removing feature in Product Category).
Step to reproduce the error :
- Go to the catalog and search for any product (
https://localhost:8443/catalog/control/FindProduct)
- Go to the "Quick Admin" tab (
https://localhost:8443/catalog/control/EditProductQuickAdmin?productId=WG-9943-B3)
- Add a standard feature type (Color for example)
- Select an option from the drop-down of the feature type (Black for example) and add the feature.
- Try to delete it by clicking on the button with a cross.
- The error shows up
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)