[
https://issues.apache.org/jira/browse/WW-4136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13701062#comment-13701062
]
Hudson commented on WW-4136:
----------------------------
Integrated in Struts2-JDK6 #746 (See
[https://builds.apache.org/job/Struts2-JDK6/746/])
Merged from STRUTS_2_3_15_X
WW-4136 - Demonstrate proper input sanitizing for file download showcase example
- added demo code to prevent input paths containing "WEB-INF" [from revision
1500082] (Revision 1500083)
Result = SUCCESS
rgielen :
Files :
* /struts/struts2/trunk
*
/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/filedownload/FileDownloadAction.java
*
/struts/struts2/trunk/apps/showcase/src/test/java/org/apache/struts2/showcase/filedownload
> Demonstrate proper input sanitizing for file download showcase example
> ----------------------------------------------------------------------
>
> Key: WW-4136
> URL: https://issues.apache.org/jira/browse/WW-4136
> Project: Struts 2
> Issue Type: Improvement
> Components: Example Applications
> Affects Versions: 2.3.15
> Reporter: Rene Gielen
> Assignee: Rene Gielen
> Priority: Minor
> Fix For: 2.3.15.1, 2.3.16
>
>
> inputPath parameter of FileDownloadAction is not sanitized to avoid accessing
> WEB-INF directory.
> Originally reported by Takayoshi isayama of Mitsui Bussan Secure Directions,
> Inc..
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
