You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by lukaszlenart <gi...@git.apache.org> on 2014/03/03 21:56:59 UTC
[GitHub] struts pull request: Restricts direct access to JSP files
GitHub user lukaszlenart opened a pull request:
https://github.com/apache/struts/pull/2
Restricts direct access to JSP files
This PR moves all JSP files in example apps under `WEB-INF` and adds security constraints to `web.xml` to avoid accessing JSP files directly. Thus represents good practises.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/struts feature/move-jsps-under-webinf
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/struts/pull/2.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2
----
commit 6b00db2d23acf93f83563715aa0deaeb0a245785
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-02-25T09:56:53Z
Moves jsps under WEB-INF
commit 6f43464fcaab59e7345a3e394db4a969cf410d15
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-02-25T09:57:21Z
Adds security constraints to block access to jsp files
commit 4360a06662dcdb3c08d4ba9c3f8e2679eecddad1
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-02-28T09:17:19Z
Merge branch 'develop' into feature/move-jsps-under-webinf
commit 95b309a9b93eebadb589a335947598d815add80b
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-03-02T20:13:38Z
Adds security constraints to web.xml to block access to pure JSP files
commit d07e8044beef98222f0140adb0b4e2892b6bf166
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-03-02T20:17:30Z
Moves mailreader related JSPs under WEB-INF
commit 65eb97514c635da87c60f2a7b0d6bbbdd79358ee
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-03-02T21:02:49Z
Moves showcase related JSPs under WEB-INF
commit c0a312a82209a5dae219e10245b3a55c0408aadf
Author: Lukasz Lenart <lu...@apache.org>
Date: 2014-03-02T21:17:12Z
Reverts security constraint
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: [GitHub] struts pull request: Restricts direct access to JSP files
Posted by Lukasz Lenart <lu...@apache.org>.
Hi,
Thus PR is related to best practises - user shouldn't be able access
JSPs directly. Some examples in showcase are still broken but they
based on Dojo plugin which is deprecated - so they will be removed
anyway.
2014-03-03 21:56 GMT+01:00 lukaszlenart <gi...@git.apache.org>:
> GitHub user lukaszlenart opened a pull request:
>
> https://github.com/apache/struts/pull/2
>
> Restricts direct access to JSP files
>
> This PR moves all JSP files in example apps under `WEB-INF` and adds security constraints to `web.xml` to avoid accessing JSP files directly. Thus represents good practises.
>
> You can merge this pull request into a Git repository by running:
>
> $ git pull https://github.com/apache/struts feature/move-jsps-under-webinf
>
> Alternatively you can review and apply these changes as the patch at:
>
> https://github.com/apache/struts/pull/2.patch
>
> To close this pull request, make a commit to your master/trunk branch
> with (at least) the following in the commit message:
>
> This closes #2
>
> ----
> commit 6b00db2d23acf93f83563715aa0deaeb0a245785
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-02-25T09:56:53Z
>
> Moves jsps under WEB-INF
>
> commit 6f43464fcaab59e7345a3e394db4a969cf410d15
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-02-25T09:57:21Z
>
> Adds security constraints to block access to jsp files
>
> commit 4360a06662dcdb3c08d4ba9c3f8e2679eecddad1
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-02-28T09:17:19Z
>
> Merge branch 'develop' into feature/move-jsps-under-webinf
>
> commit 95b309a9b93eebadb589a335947598d815add80b
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-03-02T20:13:38Z
>
> Adds security constraints to web.xml to block access to pure JSP files
>
> commit d07e8044beef98222f0140adb0b4e2892b6bf166
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-03-02T20:17:30Z
>
> Moves mailreader related JSPs under WEB-INF
>
> commit 65eb97514c635da87c60f2a7b0d6bbbdd79358ee
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-03-02T21:02:49Z
>
> Moves showcase related JSPs under WEB-INF
>
> commit c0a312a82209a5dae219e10245b3a55c0408aadf
> Author: Lukasz Lenart <lu...@apache.org>
> Date: 2014-03-02T21:17:12Z
>
> Reverts security constraint
>
> ----
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[GitHub] struts pull request: Restricts direct access to JSP files
Posted by lukaszlenart <gi...@git.apache.org>.
Github user lukaszlenart closed the pull request at:
https://github.com/apache/struts/pull/2
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org