I was confusing DOS Attack with "Multipart Command Implementation" #38613. I see from the updated notes that you'd prefer to leave that for 1.3.1.
As for DOS Attack, since there is not a clear fix, we should also leave that for 1.3.1, or whenever we are ready to commit to a fix. -Ted. On 2/11/06, Niall Pemberton <[EMAIL PROTECTED]> wrote: > On 2/11/06, Ted Husted <[EMAIL PROTECTED]> wrote: > > On 2/11/06, Niall Pemberton <[EMAIL PROTECTED]> wrote: > > > I don't have a patch for #38534 - my proposed changes for #38613 > > > includes fixing #38534. Did you mean commit #38613? > > > > If you can commit the code to resolve "DOS attack, application hack", > > I'll make the necessary changes to resolve "Validation always skipped > > with Globals.CANCEL_KEY". > > OK as I said I don't have a patch for this - currently needs a change > to RequestProcessor - if I put in my "multipart command" changes, they > include preventing this - without those changes then the fix to > RequestProcessor does the job. > > > It looks like the changes would overlap, and since you've already done > > the work, it would be better to commit that first. > > I've just had a quick look - I can't see any overlap - if your > adopting Pauls patch for Struts 1.2 to the Commands then your going to > be changing AbstractValidateActionForm, which I have no changes for. > > Niall > > > -Ted. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
