Click the first cell of a column
Scroll down and press Shift key and click the last cell of the column
Check that total rows label is 20.000 but selected cells label is less than 19.997
AlphabeticalToggleButton is not drawn correctly on 150% DPI. This is observed in the VisualStudio2022Light theme. In Fluent theme, the button is drawn correctly.
This is the used code snippet:
static void Main(string[] args)
{
Telerik.WinForms.Documents.Model.RadDocument templateDocument = GetDocument("Template.rtf");
Telerik.WinForms.Documents.Model.RadDocument contentDocument = GetDocument("Content.rtf");
Telerik.WinForms.Documents.Model.Merging.InsertDocumentOptions options = new Telerik.WinForms.Documents.Model.Merging.InsertDocumentOptions();
options.ConflictingStylesResolutionMode = Telerik.WinForms.Documents.Model.Merging.ConflictingStylesResolutionMode.RenameSourceStyle;
options.InsertLastParagraphMarker = true;
Telerik.WinForms.Documents.Model.RadDocumentEditor templateEditor = new Telerik.WinForms.Documents.Model.RadDocumentEditor(templateDocument);
templateEditor.InsertFragment(new Telerik.WinForms.Documents.Model.DocumentFragment(contentDocument));
string mergedDocumentFilePath = "MergeDocumentsWithRichTextEditor.rtf";
File.Delete(mergedDocumentFilePath);
WriteDocToFile(templateDocument, mergedDocumentFilePath);
}
private static Telerik.WinForms.Documents.Model.RadDocument GetDocument(string rtfFilePath)
{
Telerik.WinForms.Documents.Model.RadDocument document = null;
var rtfImporter = new Telerik.WinForms.Documents.FormatProviders.Rtf.RtfFormatProvider();
using (Stream stream = File.OpenRead(rtfFilePath))
{
document = rtfImporter.Import(stream);
}
return document;
}
private static void WriteDocToFile(Telerik.WinForms.Documents.Model.RadDocument doc, string filename)
{
var rtfExporter = new Telerik.WinForms.Documents.FormatProviders.Rtf.RtfFormatProvider();
string rtfText = rtfExporter.Export(doc);
File.WriteAllText(filename, rtfText);
Process.Start(filename);
}Observed result:
Expected result: keep the After spacing as it is in the original documents.
Steps to reproduce:
1. Load a PDF document with 0 pages
2. Enter some text in the search textbox and click the next/prev buttons
Expected: the search textbox should be either disabled or should ignore any search operation
Actual: an error occurs
Workaround:
Private Sub pdf_Viewer_DocumentLoaded(sender As Object, e As EventArgs)
If pdf_Viewer.Document.Pages.Count = 0 Then
pdf_Toolbar.SearchTextBox.Enabled = False
pdf_Toolbar.NextButton.Enabled = False
pdf_Toolbar.PreviousButton.Enabled = False
Else
pdf_Toolbar.SearchTextBox.Enabled = True
pdf_Toolbar.NextButton.Enabled = True
pdf_Toolbar.PreviousButton.Enabled = True
End If
End Sub
This behavior is observed when the VisualStudio2022Light theme is applied. For example, this is not observed in the Fluent theme.
In the Fluent theme, the Font Size Dropdown of the SelectionMiniToolBar is not wide enough.
I'm a Progress OpenEdge developer and found issue with RadGridView using it in a ABL application. I have been able to reproduce the issue outside of the OpenEdge environment, and have attached a project file.
To see the issue, run the app, and scroll down really quickly with scrollbar thumb to the bottom.
You will then get:
System.NullReferenceException
HResult=0x80004003
Message=Object reference not set to an instance of an object.
Source=Telerik.WinControls.GridView
StackTrace:
at Telerik.WinControls.UI.ExpressionAccessor.EvaluateExpression(GridViewRowInfo row, GridViewColumn column)
Call Stack when I'm in my project:
> WindowsFormsApp1_NetFramework.exe!Progress.Data.DataSource.FillCacheFromPVMSource(Progress.Data.CacheRow cacheRow, int rowIx) Line 579 C#
WindowsFormsApp1_NetFramework.exe!Progress.Data.DataSource.GetRowError(int rowIx) Line 651 C#
WindowsFormsApp1_NetFramework.exe!Progress.Data.DummyRow.Error.get() Line 1347 C#
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridViewRowInfo.ErrorText.get() Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridDataRowElement.UpdateInfo() Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridRowElement.Initialize(Telerik.WinControls.UI.GridViewRowInfo rowInfo) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridRowElement.Attach(Telerik.WinControls.UI.GridViewRowInfo row, object context) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewRowInfo>.UpdateElement(int position, Telerik.WinControls.UI.GridViewRowInfo data) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ScrollableRowsContainerElement.UpdateElement(int position, Telerik.WinControls.UI.GridViewRowInfo data) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureElements() Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ScrollableRowsContainerElement.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.MeasureCore(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.Measure(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.Layouts.ContextLayoutManager.UpdateLayout() Unknown
Telerik.WinControls.dll!Telerik.WinControls.Layouts.ContextLayoutManager.UpdateLayoutCallback(Telerik.WinControls.Layouts.ILayoutManager manager) Unknown
[Native to Managed Transition]
[Managed to Native Transition]
mscorlib.dll!System.Delegate.DynamicInvokeImpl(object[] args) Line 123 C#
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallbackDo(System.Windows.Forms.Control.ThreadMethodEntry tme) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(object obj) Unknown
mscorlib.dll!System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state, bool preserveSyncCtx) Line 980 C#
mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state, bool preserveSyncCtx) Line 928 C#
mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state) Line 917 C#
Once I relinguish control back to Telerik, I get:
System.NullReferenceException
HResult=0x80004003
Message=Object reference not set to an instance of an object.
Source=Telerik.WinControls.GridView
StackTrace:
at Telerik.WinControls.UI.ExpressionAccessor.EvaluateExpression(GridViewRowInfo row, GridViewColumn column)
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ExpressionAccessor.EvaluateExpression(Telerik.WinControls.UI.GridViewRowInfo row, Telerik.WinControls.UI.GridViewColumn column) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ExpressionAccessor.this[Telerik.WinControls.UI.GridViewRowInfo].get(Telerik.WinControls.UI.GridViewRowInfo row) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridViewRowInfo.this[Telerik.WinControls.UI.GridViewColumn].get(Telerik.WinControls.UI.GridViewColumn column) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridDataCellElement.Value.get() Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridCellElement.SetContent() Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridVirtualizedCellElement.Initialize(Telerik.WinControls.UI.GridViewColumn column, Telerik.WinControls.UI.GridRowElement row) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridVirtualizedCellElement.Attach(Telerik.WinControls.UI.GridViewColumn data, object context) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewColumn>.InsertElement(int position, Telerik.WinControls.UI.IVirtualizedElement<Telerik.WinControls.UI.GridViewColumn> element, Telerik.WinControls.UI.GridViewColumn data) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewColumn>.UpdateElement(int position, Telerik.WinControls.UI.GridViewColumn data) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewColumn>.MeasureElements() Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewColumn>.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.MeasureCore(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.Measure(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridVirtualizedRowElement.MeasureElements(System.Drawing.SizeF availableSize, System.Drawing.SizeF clientSize, System.Windows.Forms.Padding borderThickness) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.LightVisualElement.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.GridRowElement.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.MeasureCore(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.Measure(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.VirtualizedStackContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureElementCore(Telerik.WinControls.RadElement element, System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ScrollableRowsContainerElement.MeasureElementCore(Telerik.WinControls.RadElement element, System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.VirtualizedStackContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureElement(Telerik.WinControls.UI.IVirtualizedElement<Telerik.WinControls.UI.GridViewRowInfo> element) Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureElements() Unknown
Telerik.WinControls.UI.dll!Telerik.WinControls.UI.BaseVirtualizedContainer<Telerik.WinControls.UI.GridViewRowInfo>.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.ScrollableRowsContainerElement.MeasureOverride(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.MeasureCore(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadElement.Measure(System.Drawing.SizeF availableSize) Unknown
Telerik.WinControls.dll!Telerik.WinControls.Layouts.ContextLayoutManager.UpdateLayout() Unknown
Telerik.WinControls.dll!Telerik.WinControls.Layouts.ContextLayoutManager.UpdateLayoutCallback(Telerik.WinControls.Layouts.ILayoutManager manager) Unknown
[Native to Managed Transition]
[Managed to Native Transition]
mscorlib.dll!System.Delegate.DynamicInvokeImpl(object[] args) Line 123 C#
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallbackDo(System.Windows.Forms.Control.ThreadMethodEntry tme) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(object obj) Unknown
mscorlib.dll!System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state, bool preserveSyncCtx) Line 980 C#
mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state, bool preserveSyncCtx) Line 928 C#
mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state) Line 917 C#
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallback(System.Windows.Forms.Control.ThreadMethodEntry tme) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.InvokeMarshaledCallbacks() Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.WndProc(ref System.Windows.Forms.Message m) Unknown
System.Windows.Forms.dll!System.Windows.Forms.ScrollableControl.WndProc(ref System.Windows.Forms.Message m) Unknown
Telerik.WinControls.dll!Telerik.WinControls.RadControl.WndProc(ref System.Windows.Forms.Message m) Unknown
Telerik.WinControls.GridView.dll!Telerik.WinControls.UI.RadGridView.WndProc(ref System.Windows.Forms.Message m) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.ControlNativeWindow.OnMessage(ref System.Windows.Forms.Message m) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Control.ControlNativeWindow.WndProc(ref System.Windows.Forms.Message m) Unknown
System.Windows.Forms.dll!System.Windows.Forms.NativeWindow.DebuggableCallback(System.IntPtr hWnd, int msg, System.IntPtr wparam, System.IntPtr lparam) Unknown
[Native to Managed Transition]
[Managed to Native Transition]
System.Windows.Forms.dll!System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(System.IntPtr dwComponentID, int reason, int pvLoopData) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(int reason, System.Windows.Forms.ApplicationContext context) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Application.ThreadContext.RunMessageLoop(int reason, System.Windows.Forms.ApplicationContext context) Unknown
System.Windows.Forms.dll!System.Windows.Forms.Application.Run(System.Windows.Forms.Form mainForm) Unknown
> WindowsFormsApp1_NetFramework.exe!WindowsFormsApp1_NetFramework.Program.Main() Line 19 C#
/////////////////////////////////////////////////////////////////////////////////////////////////
The following notes will explain what we are doing, since it may not be typical.
The MaxDataGuess functionality offers a time-saving alternative for the OpenEdge BindingSource that binds to a query with
a very large result set.
Some .NET controls must know the number of records in the result set when they initialize.
By default, the ProBindingSource counts the records by reading the records in the query's result set, which can be time-consuming for large
result sets. Setting this property provides the .NET control with an estimated value to bypass the counting process.
Sometimes, the result list can contain tens of thousands records, so this functionality would be used for that use case.
The project that demonstrates the issue found with the Telerik GridView is a much simpler version of the actual OpenEdge implementation.
The Progress.Data.DataSource._actualNumberOfRecords property is just a hard coded value that takes the place of the ABL query result set list,
since this project does not include the OpenEdge specific code.
The internal implementation of the MaxDataGuess in this project is as follows:
The DataSource.Count property is originally set to 50.
See Form1.cs: pbs = new Progress.Data.BindingSource(myDataTable, maxDataGuess);
Once user scrolls through rows close to the Count property, the routine CheckForOffEnd() is called
(triggered by IDataErrorInfo.Error property).
If it determines that we are close to "current" end of rows, it adds 100 more rows calling
OnListChanged(new ListChangedEventArgs(ListChangedType.ItemAdded, ix));
to notify the grid control that we've update the Count property.
The routine FillCacheFromPVMSource() is called to fill in the CacheRow param for the specified rowIx.
The exception comes into play when the rowIx is greater than the current Count property.
If this is the case, then FillCacheFromPVMSource() updates the Count property, and also calls
OnListChanged(new ListChangedEventArgs(ListChangedType.ItemDeleted, ix));
when adjusting the Count property to notify the Telerik grid.
The exception occurs when control passes back to the Telerik code.
The rowIx is no longer valid, and the Telerik grid does not check for this.
We get the following System.NullReferenceException:
'Object reference not set to an instance of an object.'
The problem also occurs, if you just start the form. For example, on 175% (without drag).
## Summary:
During security testing of the email change functionality on the Telerik website, it was discovered that the application can be vulnerable to an account takeover attack. The vulnerability allows an attacker to change the email address associated with an account to their own email address, effectively taking over the victim's account.
## Vulnerability Details:
- **Functionality Description:**
- The Telerik website provides a functionality for users to request a change in their email address.
- This functionality consists of two sections: current email and new email.
- The current email is not accessible from the user interface, while the new email can be inputted by the user.
- After inputting the new email and clicking the "Change Email" button, the user's request is processed.
- **Attack Scenario:**
1. **Attacker Inputs Their Email:** The attacker inputs their own email address in the new email section.
2. **Intercepting the Request:** Using interception tools, the attacker intercepts the request before it is sent to the server.
3. **Modifying the Request:** The attacker modifies the request to replace their own email address with the victim's email address in the current email section.
4. **Consent Form Manipulation:** Additionally, the attacker can manipulate the consent form associated with the email change request to gain access to the victim's account without their consent.
5. **Changing the Email Address:** The modified request is forwarded to the server, resulting in the victim's email address being changed to the attacker's email address.
## Impact:
- **Account Takeover:** The vulnerability allows an attacker to take over the victim's account by changing the email address associated with it.
- **Data Access:** Once the attacker gains access to the victim's account, they may have unauthorized access to sensitive data and functionalities associated with the account.
## Mitigation Recommendations:
- **Input Validation:** Implement strict input validation to ensure that only legitimate email addresses are accepted in the new email section.
- **Consent Verification:** Require additional verification steps, such as email confirmation or user authentication, before processing email change requests.
- **Session Management:** Implement session management mechanisms to detect and prevent unauthorized access to account settings and functionalities.
- **Security Awareness:** Educate users about the risks of phishing attacks and social engineering tactics used by attackers to gain unauthorized access to accounts.
## Affected URL:
- Email Change Functionality: [https://www.telerik.com/account/support-center/email-change](https://www.telerik.com/account/support-center/email-change)
## Conclusion:
The discovered vulnerability poses a significant security risk to Telerik website users by allowing attackers to take over accounts through manipulation of the email change functionality. It is imperative for the development team to address this vulnerability promptly by implementing appropriate security controls and mitigations to safeguard user accounts from unauthorized access.
**Best Regards,**
Sagar Dhoot
The currently applied theme is VisualStudio2022Light. The button its move down due to the scaling mechanism.
Borders are not drawn on HDPI (150%)
In this case, we have an MS standard Form with control position on the form. Each of the controls has the right anchor. Moving the form to a monitor with a higher resolution messed up the size of the controls.
maskBoxColumn.FormatInfo = CultureInfo.CreateSpecificCulture("en-AE");
