tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bip Thelin" <Bip.The...@razorfish.com>
Subject RE: DO NOT REPLY [Bug 4361] - SsiServlet potentially leaks files
Date Wed, 24 Oct 2001 17:11:05 GMT
> -----Original Message-----
> From: Paul Speed [mailto:pspeed@progeeks.com] 
> 
> [...]
> 
> Actually, includes should share the environment of the parent...
> in fact, if they set server variables the parent will see them.

Ok, that might be true(just looked at Apache's behavior and they
seem to do just that), when we implemented SSI we strictly followed
the NCSA standard which don't have set, and doesn't talk about if
the included page should see commands set by the parent. God catch!

> Cool.  I'm almost done refactoring.  I'm basically replacing the
> SsiMediator with an SsiEnvironment that is then stuck into a
> request attribute.  In the process, I'm moving some things around 
> a little since all of the commands were relying on the fact that 
> they were SsiMediator subclasses... and therefore directly accessing 
> the static fields of SsiMediator.

Ok, sounds good, send along some code and I can take a look at it
and commit it.


	Bip

Mime
View raw message