Hello,

While going through credit card entry ftl’s, I came across applications/party/webapp/partymgr/party/editcreditcard.ftl which contains the following line

<input type="hidden" name="partyId" value="${partyId}"/>

I could be missing something here, but it sure looks like a security risk to me. Granted that this ftl is probably designed to be used only for Party Manager part of Webtools and not for a “public” application, but even that is not a good thing from code reuse point of view.

Regards,

Vinay Agarwal