Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Duplicate
-
Affects Version/s: 1.8.2a
-
Fix Version/s: 1.8.2-EE-GA_P01, 1.8.3
-
Component/s: Framework
-
Labels:None
-
Environment:ICEfaces
-
Assignee Priority:P2
Description
Using the ice.session extracted from the page:
curl --cookie /tmp/cookies.txt --cookie-jar /tmp/cookies.txt --data "ice.view=<SCrIPT>alert("SIdg96pCgjo1SnsmlAeEF50N6fkZGG")</SCrIPT>&ice.session=XQWAa3fjHI0pQN5VhZIfSw" http://localhost:8080/auctionMonitor/block/send-receive-updates
we see the malformed viewNumber echoed in the response:
<reload view="<SCrIPT>alert(SIdg96pCgjo1SnsmlAeEF50N6fkZGG)</SCrIPT>"/>
Candidate fix:
Index: core/src/com/icesoft/faces/webapp/http/core/ReceiveSendUpdates.java
===================================================================
— core/src/com/icesoft/faces/webapp/http/core/ReceiveSendUpdates.java (revision 20655)
+++ core/src/com/icesoft/faces/webapp/http/core/ReceiveSendUpdates.java (working copy)
@@ -61,7 +61,13 @@
} else {
View view = (View) views.get(viewNumber);
if (view == null) {
+ try { + Integer.parseInt(viewNumber); + request.respondWith(new ReloadResponse(viewNumber)); + }
catch (NumberFormatException e)
{ + LOG.warn("Malformed viewNumber " + viewNumber); + request.respondWith(SessionExpiredResponse.Handler); + }} else {
try {
view.processPostback(request);