Hi,
Fixed by replacing following code in file EditProductPromoCode.ftl
<div><a
href="<@ofbizUrl>deleteProductPromoCodeEmail?productPromoCodeId=${productPromoCodeEmail.productPromoCodeId}&emailAddress=${productPromoCodeEmail.emailAddress}&productPromoId=${productPromoId}</@ofbizUrl>"
class="buttontext">X</a> ${productPromoCodeEmail.emailAddress}</div>-->
with
<div>
<form method="post"
action="<@ofbizUrl>deleteProductPromoCodeEmail</@ofbizUrl>">
<input type="hidden" name="productPromoCodeId"
value="${productPromoCodeEmail.productPromoCodeId}"/>
<input type="hidden" name="emailAddress"
value="${productPromoCodeEmail.emailAddress}"/>
<input type="hidden" name="productPromoId"
value="${productPromoId}"/>
<input type="submit" class="buttontext" value="X"
/> ${productPromoCodeEmail.emailAddress}
</form>
</div>
We can change following code (for deleting a party under "Promo Code
Parties") also in similar way..
<div><a
href="<@ofbizUrl>deleteProductPromoCodeParty?productPromoCodeId=${productPromoCodeParty.productPromoCodeId}&partyId=${productPromoCodeParty.partyId}&productPromoId=${productPromoId}</@ofbizUrl>"
class="buttontext">X</a> ${productPromoCodeParty.partyId}</div>
Thanks
Krishan Babbar
On Thu, May 31, 2012 at 5:36 PM, Krishan Babbar
<[email protected]>wrote:
> Hi,
>
> I am working on Promos under Catalog Manager (Admin side).
>
> I am uploading a text file having email ids. I am able to upload file
> under "Promo Code Emails" at
> https://localhost:8443/catalog/control/EditProductPromoCode?productPromoCodeId=EMAILPROMO
>
> After uploading text file i can see each email id with cross (delete)
> icon. When clicking on this icon i am getting following error message.
>
>
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found
> URL parameter [productPromoCodeId] passed to secure (https) request-map
> with uri [deleteProductPromoCodeEmail] with an event that calls service
> [deleteProductPromoCodeEmail]; this is not allowed for security reasons!
> The data should be encrypted by making it part of the request body (a form
> field) instead of the request URL. Moreover it would be kind if you could
> create a Jira sub-task of
> https://issues.apache.org/jira/browse/OFBIZ-2330(check before if a sub-task
> for this error does not exist). If you are not
> sure how to create a Jira issue please have a look before at
> http://cwiki.apache.org/confluence/x/JIB2 Thank you in advance for your
> help.
>
>
> Please let me know if it has been fixed or still an error in current trunk
> code.
>
> Thanks
> Krishan Babbar
>
