Author: ashish
Date: Sat Oct 18 09:17:05 2014
New Revision: 1632745
URL:
http://svn.apache.org/r1632745Log:
Applied patch from jira issue - OFBIZ-5824 - Error in communication screen while perfom sorting.
=========================================================================
In partymgr contrller.xml, we have view request named "ViewCommunicationEvent", and this request call an service event, due to this when we try to perform sorting on Child Communication Events, Customer Request List or any other screen over Communication screen then it will thorw following exception:
org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [communicationEventId] passed to secure (https) request-map with uri [ViewCommunicationEvent] with an event that calls service [setCommEventRoleToRead]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of
https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at
http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.
Also due to this service event call on view request entry we can't open the communication events in new tab. Ideally this service should be call in screen context instead view request.
=====================================
Thanks Deepak for reporting the issue and providing the patch for the same.
Modified:
ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml
ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventScreens.xml
Modified: ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml?rev=1632745&r1=1632744&r2=1632745&view=diff==============================================================================
--- ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml (original)
+++ ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml Sat Oct 18 09:17:05 2014
@@ -637,11 +637,6 @@ under the License.
</request-map>
<request-map uri="ViewCommunicationEvent">
<security https="true" auth="true"/>
- <event type="service" invoke="setCommEventRoleToRead"/>
- <response name="success" type="view" value="ViewCommunicationEvent"/>
- </request-map>
- <request-map uri="viewCommunicationEvent">
- <security https="true" auth="true"/>
<response name="success" type="view" value="ViewCommunicationEvent"/>
</request-map>
<request-map uri="uploadAttachFiletoEmail">
Modified: ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventScreens.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventScreens.xml?rev=1632745&r1=1632744&r2=1632745&view=diff==============================================================================
--- ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventScreens.xml (original)
+++ ofbiz/trunk/applications/party/widget/partymgr/CommunicationEventScreens.xml Sat Oct 18 09:17:05 2014
@@ -380,6 +380,7 @@ under the License.
<set field="titleProperty" value="PageTitleViewCommunication"/>
<set field="tabButtonItem" value="OverView"/>
<set field="parentCommEventId" from-field="parameters.parentCommEventId"/>
+ <service service-name="setCommEventRoleToRead"></service>
<entity-one entity-name="CommunicationEvent" value-field="communicationEvent"/>
<set field="partyIdFrom" from-field="parameters.partyId" default-value="${userLogin.partyId}"/>
</actions>
Locked
