]
Matej Novotny commented on RF-13358:
------------------------------------
I can still reproduce this bug with 4.3 and using dev-examples (haven't tried with
other RF versions).
Just to make sure I checked that dev-example is using correct RF version (and indeed it
uses 4.3.5-SNAPSHOT) and I also tried to redownload all the artifacts not to have any
outdated hanging around but still, I am able to reproduce it with just the same JS code as
showed in description.
rich:panelMenuGroup allowing actions executions even if originally
disabled
---------------------------------------------------------------------------
Key: RF-13358
URL:
https://issues.jboss.org/browse/RF-13358
Project: RichFaces
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: component-menu
Affects Versions: 4.3.4
Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
Reporter: Pavel Slegr
Assignee: Brian Leathem
Priority: Critical
Labels: needs-qe
Fix For: 4.3.5, 4.5.0.Alpha2, 5.0.0.Alpha3
Original Estimate: 1 hour
Remaining Estimate: 1 hour
related to
https://issues.jboss.org/browse/RF-12813
This can be possibly a security hole, as the second component piece is discovered to
allow tampering actions through JS.
I suggest to try out on other components as well !!!
with following example
{code}
{
<rich:panelMenuGroup id="group4" label="Group 4"
expanded="false">
<rich:panelMenuItem id="item41" label="Item
4.1" />
<rich:panelMenuItem id="item42" label="Item
4.2" disabled="true" />
<rich:panelMenuGroup id="group43" label="Group
4.1" disabled="true">
<rich:panelMenuItem id="item431" label="Item
4.1.1" />
</rich:panelMenuGroup>
</rich:panelMenuGroup>
}
{code}
the group43 element is intended to be disabled and thus not allowing any actions
execution on it
Once tampered with
{code}
{
new
RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"}
,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"}
)
}
{code}
It is possible to expand the group and execute further actions on its children elements
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: