[GitHub] struts pull request: Restricts direct access to JSP files

Mon, 03 Mar 2014 12:57:24 -0800 

GitHub user lukaszlenart opened a pull request:

    https://github.com/apache/struts/pull/2

    Restricts direct access to JSP files

    This PR moves all JSP files in example apps under `WEB-INF` and adds 
security constraints to `web.xml` to avoid accessing JSP files directly. Thus 
represents good practises.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/struts feature/move-jsps-under-webinf

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/struts/pull/2.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2
    
----
commit 6b00db2d23acf93f83563715aa0deaeb0a245785
Author: Lukasz Lenart <[email protected]>
Date:   2014-02-25T09:56:53Z

    Moves jsps under WEB-INF

commit 6f43464fcaab59e7345a3e394db4a969cf410d15
Author: Lukasz Lenart <[email protected]>
Date:   2014-02-25T09:57:21Z

    Adds security constraints to block access to jsp files

commit 4360a06662dcdb3c08d4ba9c3f8e2679eecddad1
Author: Lukasz Lenart <[email protected]>
Date:   2014-02-28T09:17:19Z

    Merge branch 'develop' into feature/move-jsps-under-webinf

commit 95b309a9b93eebadb589a335947598d815add80b
Author: Lukasz Lenart <[email protected]>
Date:   2014-03-02T20:13:38Z

    Adds security constraints to web.xml to block access to pure JSP files

commit d07e8044beef98222f0140adb0b4e2892b6bf166
Author: Lukasz Lenart <[email protected]>
Date:   2014-03-02T20:17:30Z

    Moves mailreader related JSPs under WEB-INF

commit 65eb97514c635da87c60f2a7b0d6bbbdd79358ee
Author: Lukasz Lenart <[email protected]>
Date:   2014-03-02T21:02:49Z

    Moves showcase related JSPs under WEB-INF

commit c0a312a82209a5dae219e10245b3a55c0408aadf
Author: Lukasz Lenart <[email protected]>
Date:   2014-03-02T21:17:12Z

    Reverts security constraint

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to