OFBiz
  1. OFBiz
  2. OFBIZ-4558

Verify subscription email requires form submit

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: Release Branch 11.04, Trunk
    • Fix Version/s: None
    • Labels:
      None

      Description

      ContactListVerifyEmail.ftl used for sending verify subscription email, uses form submit for the confirmation. Instead it should be hyperlink. Form submit from email may not be supported by some email clients. If email clients support it, it would be prompt a warning message. And user may cancel the confirmation.

        Activity

        Hide
        Kiran Gawde added a comment -

        OK. I tried changing it to url but it gives following error. Does anyone have better idea?

        Request updateContactListPartyNoUserLogin caused an error with the following message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [contactListId] passed to secure (https) request-map with uri [updateContactListPartyNoUserLogin] with an event that calls service [updateContactListPartyNoUserLogin]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.

        Show
        Kiran Gawde added a comment - OK. I tried changing it to url but it gives following error. Does anyone have better idea? Request updateContactListPartyNoUserLogin caused an error with the following message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [contactListId] passed to secure (https) request-map with uri [updateContactListPartyNoUserLogin] with an event that calls service [updateContactListPartyNoUserLogin] ; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your help.

          People

          • Assignee:
            Unassigned
            Reporter:
            Kiran Gawde
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development