[richfaces-issues] [JBoss JIRA] (RF-13358) rich:panelMenuGroup allowing actions executions even if originally disabled

Fri, 13 Dec 2013 09:51:44 -0800 

     [ 
https://issues.jboss.org/browse/RF-13358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brian Leathem updated RF-13358:
-------------------------------

     Original Estimate: 1 hour  (was: 30 minutes)
    Remaining Estimate: 1 hour  (was: 30 minutes)

    
> rich:panelMenuGroup allowing actions executions even if originally disabled
> ---------------------------------------------------------------------------
>
>                 Key: RF-13358
>                 URL: https://issues.jboss.org/browse/RF-13358
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: component-menu
>    Affects Versions: 4.3.4
>         Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
>            Reporter: Pavel Slegr
>            Assignee: Pavel Slegr
>            Priority: Critical
>             Fix For: 4.3.5
>
>   Original Estimate: 1 hour
>  Remaining Estimate: 1 hour
>
> related to https://issues.jboss.org/browse/RF-12813
> This can be possibly a security hole, as the second component piece is 
> discovered to allow tampering actions through JS.
> I suggest to try out on other components as well !!!
> with following example
> {code}
> {
>                 <rich:panelMenuGroup id="group4" label="Group 4" 
> expanded="false">
>                     <rich:panelMenuItem id="item41" label="Item 4.1" />
>                     <rich:panelMenuItem id="item42" label="Item 4.2" 
> disabled="true" />
>                     <rich:panelMenuGroup id="group43" label="Group 4.1" 
> disabled="true">
>                         <rich:panelMenuItem id="item431" label="Item 4.1.1" />
>                     </rich:panelMenuGroup>
>                 </rich:panelMenuGroup>
> }
> {code}
> the group43 element is intended to be disabled and thus not allowing any 
> actions execution on it
> Once tampered with 
> {code}
> {
> new 
> RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"}
>  
> ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"}
>  )
> }
> {code}
> It is possible to expand the group and execute further actions on its 
> children elements

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
richfaces-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/richfaces-issues

Reply via email to