[
https://issues.apache.org/jira/browse/MYFACES-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467292
]
Matthias Weßendorf commented on MYFACES-1467:
---------------------------------------------
All,
since the added patch (added because of security issues) causes too much side
effect issues with others.
We can't apply the second patch. That guy is adding new methods to UIInput,
which we can't do, since that class is part of the SPEC.
David, I'd like to close this issue (won't fix (or illegal)), since I see/know
(or even saw ;)) your concerns, can you nail that bug to JSF SPEC at Java.net?
So an issue like this needs to be addressed by the spec guys.
sorry,
Matthias
> Validation doesn't run for required fields if submitted value is null
> ---------------------------------------------------------------------
>
> Key: MYFACES-1467
> URL: https://issues.apache.org/jira/browse/MYFACES-1467
> Project: MyFaces Core
> Issue Type: Bug
> Components: General
> Affects Versions: 1.1.5-SNAPSHOT, 1.2.0-SNAPSHOT
> Reporter: David Chandler
> Assigned To: Matthias Weßendorf
> Fix For: 1.1.5-SNAPSHOT
>
> Attachments: patch.txt, patch2.txt
>
>
> A component with a required value will not fail validation as expected if the
> submitted value is null. This issue is not seen normally because browsers
> send the value for an empty text field as an empty string. That is, the POST
> data for an empty field1 will contain the field name but no value, like
> field1=&field2=something. However, if you use a man-in-the-middle proxy such
> as Paros to remove "fieldname=" from the POST data, the submitted value will
> be null. UIInput.validate() skips validation for null submitted values, but
> since requiredness is also part of validation, the requiredness check gets
> skipped, too.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
