All, I was doing some testing in a webapp that uses Velocity 1.7 and Velocity Tools 2.0 (plus a few as-yet-unreleased patches) and I'm using VelocityLayoutServlet.
I found some errors in my log file about a particular 'layout' not being found. Coincidentally, I had a request parameter called "layout" with some data in it and it seemed to be triggering a change to the layout file that VelocityViewServlet attempts to use. Seeing an opportunity, I tried this URL: http://localhost:8217/webapp/random.do?layout=../WEB-INF/web.xml Guess what happened? web.xml was dumped to my browser. I'm doing some additional investigation as to why this request parameter is being set in the Velocity Context, but it does not appear that my page itself is doing it. Has anyone seen anything like this before? -chris
signature.asc
Description: OpenPGP digital signature
