https://issues.apache.org/bugzilla/show_bug.cgi?id=48960
--- Comment #2 from Yair Lenga <yair.le...@citi.com> 2010-03-22 18:06:18 UTC --- Created an attachment (id=25166) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=25166) Replacement for SSIServlet.java SSIProcessor.java SSIFilter.java Attached is a quick fix that adds 'allowExec' parameter to the SSI servlet and filter. I could not build the complete Tomcat tree - I'll be happy to test any patched version with this (or similar change). Overall < 50 lines of changes. Basic logic: remove the exec command from the SSIProcessor, unless the allow_exec is true. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
