javaserverfaces
  1. javaserverfaces
  2. JAVASERVERFACES-3167

also prevent absolute contract reference like "/contracts/base/template.xhtml" for ui:component, ui:decorate and ui:include

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.5
    • Fix Version/s: 2.2.6
    • Component/s: resources
    • Labels:
      None

      Description

      The same prevention to not allow absolute contracts references like "/contracts_dir/contract_name/resource.name" must be implemented for:

      • ui:component template="template ref"
      • ui:decorate template="template ref"
      • ui:include src="template ref"

        Issue Links

          Activity

          Hide
          Manfred Riem added a comment -

          Applied to 2.2 branch,

          svn commit -m "Fixes https://java.net/jira/browse/JAVASERVERFACES-3167, make sure ui:decorate and ui:include disallow direct contract references."
          Sending jsf-ri/src/main/java/com/sun/faces/facelets/tag/ui/DecorateHandler.java
          Sending jsf-ri/src/main/java/com/sun/faces/facelets/tag/ui/IncludeHandler.java
          Adding test/agnostic/facelets/ui/src/main/webapp/decorateDirectContract.xhtml
          Adding test/agnostic/facelets/ui/src/main/webapp/includeDirectContract.xhtml
          Adding test/agnostic/facelets/ui/src/test/java/com/sun/faces/test/agnostic/facelets/ui/Issue3167IT.java
          Transmitting file data .....
          Committed revision 12831.

          Show
          Manfred Riem added a comment - Applied to 2.2 branch, svn commit -m "Fixes https://java.net/jira/browse/JAVASERVERFACES-3167 , make sure ui:decorate and ui:include disallow direct contract references." Sending jsf-ri/src/main/java/com/sun/faces/facelets/tag/ui/DecorateHandler.java Sending jsf-ri/src/main/java/com/sun/faces/facelets/tag/ui/IncludeHandler.java Adding test/agnostic/facelets/ui/src/main/webapp/decorateDirectContract.xhtml Adding test/agnostic/facelets/ui/src/main/webapp/includeDirectContract.xhtml Adding test/agnostic/facelets/ui/src/test/java/com/sun/faces/test/agnostic/facelets/ui/Issue3167IT.java Transmitting file data ..... Committed revision 12831.

            People

            • Assignee:
              Manfred Riem
              Reporter:
              Hanspeter Duennenberger
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: