Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-2330 Main task for securing URLs in Freemarker templates files
  3. OFBIZ-7291

Remove Shopping List Item link is not working - Security Error

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Release Branch 13.07, Release Branch 14.12, Release Branch 15.12, Trunk
    • Fix Version/s: 14.12.01, 15.12.01, 13.07.04
    • Component/s: ecommerce
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Steps to reproduce:
      1) Go to eCommerce
      2) Add any item in shopping list
      3) Click on shopping list tab
      4) Click on Remove button of list items section

      Getting following security error:

      Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [shoppingListId] passed to secure (https) request-map with uri [removeFromShoppingList] with an event that calls service [removeShoppingListItem]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.

        Attachments

        1. OFBIZ-7291.patch
          2 kB
          Mohammed Rehan Khan
        2. OFBIZ-7291-Release-13.07.patch
          2 kB
          Mohammed Rehan Khan
        3. OFBIZ-7291-Release-14.12.patch
          2 kB
          Mohammed Rehan Khan
        4. OFBIZ-7291-Release-15.12.patch
          2 kB
          Mohammed Rehan Khan

          Issue Links

            Activity

              People

              • Assignee:
                pandeypranay Pranay Pandey
                Reporter:
                rehan.khan Mohammed Rehan Khan
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: