[
https://issues.apache.org/jira/browse/WICKET-3098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922100#action_12922100
]
Igor Vaynberg commented on WICKET-3098:
---------------------------------------
a more likely scenario is that the user overrode isenabled() on the component
or behavior, and at the time of the callback it returns false. another one is
that the client messed around with the url and change the behavior index.
anyways, it is handled just like a click on a disabled component.
> AjaxEventBehavior#onEvent is invoked on disabled behavior
> ---------------------------------------------------------
>
> Key: WICKET-3098
> URL: https://issues.apache.org/jira/browse/WICKET-3098
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.9
> Reporter: Stanislav Dvorscak
> Assignee: Igor Vaynberg
> Fix For: 1.4.13, 1.5-M3
>
> Attachments: BehaviorRequestTarget.java.patch
>
>
> Security bug AjaxEventBehavior#onEvent is invoked on disabled behavior. It
> should not be - it is really dangerous, can you fix it.
> I think it is security bug.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
