]
Brian Leathem updated RF-13358:
-------------------------------
Security: Public (was: JBoss Internal)
rich:panelMenuGroup allowing actions executions even if originally
disabled
---------------------------------------------------------------------------
Key: RF-13358
URL:
https://issues.jboss.org/browse/RF-13358
Project: RichFaces
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: component-menu
Affects Versions: 4.3.4
Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
Reporter: Pavel Slegr
Assignee: Pavel Slegr
Priority: Critical
Fix For: 4.3.5
related to
https://issues.jboss.org/browse/RF-12813
This can be possibly a security hole, as the second component piece is discovered to
allow tampering actions through JS.
I suggest to try out on other components as well !!!
with following example
{code}
{
<rich:panelMenuGroup id="group4" label="Group 4"
expanded="false">
<rich:panelMenuItem id="item41" label="Item
4.1" />
<rich:panelMenuItem id="item42" label="Item
4.2" disabled="true" />
<rich:panelMenuGroup id="group43" label="Group
4.1" disabled="true">
<rich:panelMenuItem id="item431" label="Item
4.1.1" />
</rich:panelMenuGroup>
</rich:panelMenuGroup>
}
{code}
the group43 element is intended to be disabled and thus not allowing any actions
execution on it
Once tampered with
{code}
{
new
RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"}
,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"}
)
}
{code}
It is possible to expand the group and execute further actions on its children elements
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: