[JBoss JIRA] (RF-13358) rich:panelMenuGroup allowing actions executions even if originally disabled
by Brian Leathem (JIRA)
[ https://issues.jboss.org/browse/RF-13358?page=com.atlassian.jira.plugin.s... ]
Brian Leathem updated RF-13358:
-------------------------------
Security: Public (was: JBoss Internal)
> rich:panelMenuGroup allowing actions executions even if originally disabled
> ---------------------------------------------------------------------------
>
> Key: RF-13358
> URL: https://issues.jboss.org/browse/RF-13358
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-menu
> Affects Versions: 4.3.4
> Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
> Reporter: Pavel Slegr
> Assignee: Pavel Slegr
> Priority: Critical
> Fix For: 4.3.5
>
>
> related to https://issues.jboss.org/browse/RF-12813
> This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
> I suggest to try out on other components as well !!!
> with following example
> {code}
> {
> <rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
> <rich:panelMenuItem id="item41" label="Item 4.1" />
> <rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
> <rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
> <rich:panelMenuItem id="item431" label="Item 4.1.1" />
> </rich:panelMenuGroup>
> </rich:panelMenuGroup>
> }
> {code}
> the group43 element is intended to be disabled and thus not allowing any actions execution on it
> Once tampered with
> {code}
> {
> new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
> }
> {code}
> It is possible to expand the group and execute further actions on its children elements
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 10 months
[JBoss JIRA] (RF-13323) FileUploadEvent listener reset the list value with Viewscope
by Brian Leathem (JIRA)
[ https://issues.jboss.org/browse/RF-13323?page=com.atlassian.jira.plugin.s... ]
Brian Leathem commented on RF-13323:
------------------------------------
[~wish79] have you tried running the standalone sample [~jstefek] shared? Do you notice your issue with that sample app?
> FileUploadEvent listener reset the list value with Viewscope
> ------------------------------------------------------------
>
> Key: RF-13323
> URL: https://issues.jboss.org/browse/RF-13323
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-input
> Affects Versions: 4.3.4
> Environment: Jboss 7.1
> Richfaces 4.3.4
> JSF 2.1.9
>
> Reporter: Mohammad Weshah
> Assignee: Jiří Štefek
> Labels: rich:fileUpload
> Attachments: RF-13323-2.zip, RF-13323-SessionScoped.png, RF-13323-ViewScoped.png, RF-13323.zip, TestRichFacesWebProject.rar, TestRichFacesWebProject.war
>
>
> Hello All,
> i make an example of upload file from richfaces showcase it is working successfully , but i notice if i changed the backing bean to viewscope the files list inside the FileUploadEvent listener will be rest every time that i upload new file , the code as follow :
>
> {code}
> protected List<UploadedImage> files = new ArrayList<UploadedImage>();
>
> public void FileUploadlistener(FileUploadEvent event) throws Exception {
> UploadedFile item = event.getUploadedFile();
> UploadedImage file = new UploadedImage();
> file.setLength(item.getData().length);
> file.setName(item.getName());
> file.setData(item.getData());
>
> files.add(file);
> }
> {code}
>
> but when i changed the scope to session the files still contain the old files, is it mandatory to the backing be session or there is something wrong ?
>
> Regards
> Wish79
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 10 months
[JBoss JIRA] (RF-13356) ExtendedDataTable: row height strechted to 100% of the table height
by Brian Leathem (JIRA)
[ https://issues.jboss.org/browse/RF-13356?page=com.atlassian.jira.plugin.s... ]
Brian Leathem resolved RF-13356.
--------------------------------
Resolution: Cannot Reproduce Bug
We are unable to re-produce this issue. Perhaps you have some [~uhim] perhaps you have some conflicting CSS in your application? If you can provide a self-contained (simple) re-producer, feel free to re-open this issue.
> ExtendedDataTable: row height strechted to 100% of the table height
> -------------------------------------------------------------------
>
> Key: RF-13356
> URL: https://issues.jboss.org/browse/RF-13356
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-tables
> Affects Versions: 4.3.3
> Reporter: Anton Bogoslavskyi
> Assignee: Brian Leathem
> Attachments: edt.png
>
>
> The same as in the parent issue:
> Instead of having fixed row height and blank space if not enough rows to fill the entire table height, the rows are stretched to fill the entire table height. For instance with an extended data table of 500px height and 2 rows, each row is approximately 250px height (minus the height of the header, borders and cell spacing).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 10 months
[JBoss JIRA] (RF-13352) Introduce @Category(FailingOnFirefox.class) to pom.xml
by Lukáš Fryč (JIRA)
[ https://issues.jboss.org/browse/RF-13352?page=com.atlassian.jira.plugin.s... ]
Lukáš Fryč commented on RF-13352:
---------------------------------
Lukas, few implementation notes:
<groups> and <exlucededGroups> is used to match what categories we want to run:
http://maven.apache.org/surefire/maven-surefire-plugin/test-mojo.html#groups
(note that <groups> should be rather named categories, but <groups> settings drives both, TestNG and JUnit tests, that's why maven-surefire-plugin follows TestNG naming conventions)
The idea is that if you turn on profile, it can append boolean conditions as the suffix of <groups> selector.
But I found that there is specific impl detail, which is not evident from first sight.
During prototyping I have used <groups> together with <excludedGroups>, but platform-specific configuration (e.g. affects <groups>. That's why {{${testCategory.excluded.browser}}} needs to be setup as:
{code}
<testCategory.excluded.browser>AND NOT category.FailingFirefox</testCategory.excluded.browser>
{code}
You can use my prototype as a reference impl:
https://github.com/lfryc/surefire-and-junit-categories/blob/master/pom.xm...
> Introduce @Category(FailingOnFirefox.class) to pom.xml
> ------------------------------------------------------
>
> Key: RF-13352
> URL: https://issues.jboss.org/browse/RF-13352
> Project: RichFaces
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: tests - functional
> Reporter: Lukáš Macko
> Assignee: Lukáš Macko
> Fix For: 5.0.0.Alpha2
>
> Original Estimate: 15 minutes
> Remaining Estimate: 15 minutes
>
> Creating test for the chart component, I came across an issues that one test is running in Chrome and PhantomJS and it is failing on Firefox. As [~lfryc] suggested in the [comment | https://issues.jboss.org/browse/RF-13331?focusedCommentId=12923949&page=c...], I've annotated it with FailingOnFirefox. ATM it has no effect concerning tests.
> It might be useful to add this category to rf/pom.xml configuration to exclude FailingOnFirefox test when tests run on firefox.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 10 months