struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [GitHub] struts pull request: Restricts direct access to JSP files
Date Mon, 03 Mar 2014 21:01:39 GMT
Hi,

Thus PR is related to best practises - user shouldn't be able access
JSPs directly. Some examples in showcase are still broken but they
based on Dojo plugin which is deprecated - so they will be removed
anyway.

2014-03-03 21:56 GMT+01:00 lukaszlenart <git@git.apache.org>:
> GitHub user lukaszlenart opened a pull request:
>
>     https://github.com/apache/struts/pull/2
>
>     Restricts direct access to JSP files
>
>     This PR moves all JSP files in example apps under `WEB-INF` and adds security constraints
to `web.xml` to avoid accessing JSP files directly. Thus represents good practises.
>
> You can merge this pull request into a Git repository by running:
>
>     $ git pull https://github.com/apache/struts feature/move-jsps-under-webinf
>
> Alternatively you can review and apply these changes as the patch at:
>
>     https://github.com/apache/struts/pull/2.patch
>
> To close this pull request, make a commit to your master/trunk branch
> with (at least) the following in the commit message:
>
>     This closes #2
>
> ----
> commit 6b00db2d23acf93f83563715aa0deaeb0a245785
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-02-25T09:56:53Z
>
>     Moves jsps under WEB-INF
>
> commit 6f43464fcaab59e7345a3e394db4a969cf410d15
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-02-25T09:57:21Z
>
>     Adds security constraints to block access to jsp files
>
> commit 4360a06662dcdb3c08d4ba9c3f8e2679eecddad1
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-02-28T09:17:19Z
>
>     Merge branch 'develop' into feature/move-jsps-under-webinf
>
> commit 95b309a9b93eebadb589a335947598d815add80b
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-03-02T20:13:38Z
>
>     Adds security constraints to web.xml to block access to pure JSP files
>
> commit d07e8044beef98222f0140adb0b4e2892b6bf166
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-03-02T20:17:30Z
>
>     Moves mailreader related JSPs under WEB-INF
>
> commit 65eb97514c635da87c60f2a7b0d6bbbdd79358ee
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-03-02T21:02:49Z
>
>     Moves showcase related JSPs under WEB-INF
>
> commit c0a312a82209a5dae219e10245b3a55c0408aadf
> Author: Lukasz Lenart <lukaszlenart@apache.org>
> Date:   2014-03-02T21:17:12Z
>
>     Reverts security constraint
>
> ----
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message