Hello Gerhard,
thank you very much for implementing and providing this fix. I'll implement it in our projects and test it this week. Regards, Felix ________________________________ From: Gerhard Petracek [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 12:05 AM To: MyFaces Discussion Subject: Re: wrong/missing validation behaviour - security problem. hello felix, i implemented an add-on for myfaces-extensions-validator (extval) for you [1]. at the moment there are 2 workarounds. the one you are interested in contains the issue number (myfaces-1467). if you are using myfaces-core 1.2.x, please use version 1.2.4 (or you will also need the second workaround). you can just use it (extval + add-on) or you copy the approach and implement your own solution for this specific scenario. (however, please test it carefully.) regards, gerhard [1] http://code.google.com/p/os890/source/browse/#svn/trunk/java/web/jsf/ext val/ 2008/9/19 Felix Becker <[EMAIL PROTECTED]> Hi Gerhard, i would be very glad if you could tell me how to avoid this problem in a simple way (i'm currently checking all values coming from a faces page in the backend again). Felix Gerhard Petracek wrote: > @felix: > there's a workaround to fix it (without patching an existing > implementation). > if you're interested, i'll provide it. however, you have to test it. > -- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
