Remy Maucherat wrote:
It's not a real veto anyway, but no proper review mechanism exists at
the moment, and it's hard to integrate feature additions in 6.0.x
without prior discussion.
I did review the patch:
- the syntax seems appropriate
- I don't know if it allows redirecting a single fine, but I think it
should if it does not (I did not test it; at least the list feature
would not be working right now)
- it seems like it will still validate going out of the remapped "base"
path, which is good
- interaction with the webapp classloader, which might have special
handling for /WEB-INF on the file based resources, is a question mark
(compatibility with that would be good, if possible)
- security wise, it needs to be verified if the security manager
prevents usage of the feature (normally it should, there are no
privileged actions)
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
