You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by bu...@apache.org on 2006/02/10 18:25:05 UTC

DO NOT REPLY [Bug 38534] - DOS attack, application hack

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38534>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38534





------- Additional Comments From niallp@apache.org  2006-02-10 18:25 -------
I guess the simplest solution is to change RequestUtil's populate method to 
ignore parameters starting with "multipartRequestHandler."

IMO, longer term we should remove that method from ActionForm - not sure why 
its there at all.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org