On 2/14/06, Paul Benedict <[EMAIL PROTECTED]> wrote: > Here's my take on it: > > I think fixing RequestUtils to bypass the multipart property is a patch. I > say that because it's a pointed solution to a specific problem. If we look > at this as a temporary fix, I am okay with that because it does provide a > solution and then it can be replaced with a broader solution.
It is just a patch - the long term solution to this specific bug is to remove the getter method from ActionForm. > That of course assumes a broader solution :-) > > I really do want to investigate allowing the form to dictate which > properties are valid/invalid for population by the RP. Does anyone want to > investigate this with me? I still find a blacklist or whitelist map to be > the way to go. I am sensitive to what properties people can populate in my > form with a good guess; and you'd be surprised what can be inferred from a > logical group of property names. This is a different issue from this bug and I don't' think I agree that its even a problem. If you expose something in your ActionForm that you don't want populated then that is where the problem lies and you need to get them out of the ActionForm. Niall > Paul > > > --------------------------------- > Brings words and photos together (easily) with > PhotoMail - it's free and works with Yahoo! Mail. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
