Hi!
While testing our JSF Frontends we found out, that the server sided
validation of the JSF components does not work corrrectly in some cases.
I appended an example formular which we tested and where we found this
bug.
At first we changed the http request and set the value of all fields to
"". All server sided validators worked correctly and threw a required
error.
After this we began to remove the whole fields from the http post. When
removing the first fields, a null pointer exception was thrown - a
reasonable behaviour.
When we removed the inputText id="contentInput" (see attachement) and
left the other fields in a correct state, no null pointer exception and
no validator exception was thrown. The workflow continued and finally an
empty string from the contentInput was written to our database.
I think this is a security problem because our developers trust in the
server side validation of the input fields - and an input field with the
required="true" attribute mustn't be empty.
At other forms the behaviour changed and the problems appeared at other
points (for example a modified datePicker value caused a number format
exception instead of an invalid value validator exception).
If you need further assistance to reproduce this bug feel free to
contact me. This bug is currently interrupting our production, so I will
definitely assist you in finding the bug wherever possible.
Thank you
Felix Becker
<tr:subform id="nfaddform">
<tr:panelCaptionGroup
captionText="#{i18n.add_paneltitle}" rendered="#{!newItemBean.itemAdded}">
<tr:panelFormLayout>
<tr:inputText id="nfname"
value="#{newItemBean.name}" label="#{i18n.add_label_name}" required="true"
maximumLength="#{stringLength.MyDATA_NAME}">
<f:validateLength
maximum="#{stringLength.MyDATA_NAME}"/>
</tr:inputText>
<tr:inputText id="nfversion"
value="#{newItemBean.version}" label="#{i18n.add_label_version}"
required="true" maximumLength="#{stringLength.MyDATA_VERSION}">
<f:validateLength
maximum="#{stringLength.MyDATA_VERSION}"/>
</tr:inputText>
<tr:inputText id="nfdescription"
value="#{newItemBean.description}" label="#{i18n.add_label_description}"
maximumLength="#{stringLength.MyDATA_DESCRIPTION}">
<f:validateLength
maximum="#{stringLength.MyDATA_DESCRIPTION}"/>
</tr:inputText>
<tr:selectOneChoice id="nfstatus"
value="#{newItemBean.status}" required="true" label="#{i18n.add_label_status}">
<f:selectItems
value="#{backendCaller.statusList}"/>
</tr:selectOneChoice>
</tr:panelFormLayout>
<!-- we need to use simple here, because a
rendering with labels and error messages doesn't support stretching -->
<tr:outputLabel showRequired="true"
value="#{i18n.add_label_content}"/>
<tr:message for="contentInput"/>
<tr:inputText id="contentInput" rows="10"
contentStyle="display:block; width:99%;" inlineStyle="display:block;
width:100%; height:99%; margin-top:10px;" simple="true"
value="#{newItemBean.content}" required="true">
<f:validateLength
maximum="#{stringLength.MyDATA_CONTENT}"/>
</tr:inputText>
<cas:buttonBar>
<tr:resetButton id="nfbtn_reset"
text="#{i18n.button_reset}"/>
<tr:commandButton id="nfbtn_save"
text="#{i18n.button_save}" action="#{newItemBean.saveMyData}"/>
</cas:buttonBar>
</tr:panelCaptionGroup>
</tr:subform>
