retype icon indicating copy to clipboard operation
retype copied to clipboard

Published 20 hours ago verified publisher icon retypeapp

Panel inception through tabs through panels

Open xyeLz opened this issue 2 years ago • 5 comments

Figured I would note this bug I found today. I am under the impression that panel inception (nesting panels within panels) is not currently possible. I was working on some panels this afternoon and discovered that panel inception is possible by means of nesting a panel within a tab within another panel. For example:

==- My lovely panel
This is my lovely panel. It is my favorite panel.
+++ Why?
Because it is lovely!
+++ Who?
This panel, of course!
==- My not-so-lovely panel
This panel gets embedded in the tab within the panel. Oh noes!
==-

In the above example, I forgot to close out the Who? tab, resulting in the panel being embedded within it. It doesn't look pretty and it's not functional, but it seems to result in a bug:

pancelinception

xyeLz avatar Aug 18 '22 20:08 xyeLz

Actual code:

==- Cross-Site Request Forgery (CSRF)
> Text below this needs to be cited.

Occurs when a logged-on user's browser sends a forged HTTP request along with cookies and other authentication information, forcing the victim's browser to generate a request that the application thinks is a legitimate request from the user.

+++ Impact
- The attacker could have the user log into one of the user's online accounts.
- The attacker could collect the user's online account login credentials to be used by the attacker later.
- The attacker could have the user perform an action in one of the user's online accounts.
+++ Prevention
- Ensure that all HTTP resource requests include a unique, unpredictable token.
- Include a CAPTCHA code as part of the user resource request process.

!!!
This occurs in A8:2013.
!!!
==- Unvalidated Redirects and Forwards
> Text below this needs to be cited.

Redirection to unauthorized pages, often in conjunction with a social engineering/phishing aspect.

+++ Prevention
- Don't use redirects/forwards in your applications.
- Train users to recognize invalidated links.
+++

!!!
This occurs in A10:2013.
!!!
==- Missing Functional Level Access Control
*See [Broken Access Control](#broken-access-control)
==-

xyeLz avatar Aug 18 '22 20:08 xyeLz

In all honesty, I think this would work as intended. I think the bug here is the anchor to the panel doesn't work properly. I'm opening another issue relating to panels not being properly sized (or not properly resizing themselves when necessary) for tabs that contain extra content.

xyeLz avatar Aug 18 '22 20:08 xyeLz

I was looking into nested panels recently. It is still, understandably, not supported (would be very complicated to setup).

I like to know the work-arounds, so it is interesting a nested panel is created - although doesn't function.

JoelMTaylor avatar Feb 06 '24 02:02 JoelMTaylor