2015-10-06 15:59 GMT+02:00 Paul Benedict <pbened...@apache.org>: > Can you explain the "secure" aspect? I don't follow what this is trying to > accomplish. This is not a criticism; just a question.
Right now "parameters" is a junk, bunch of values with unknown origins - some are coming from Request, some from interceptors, and some from actions. I want to name them, given them some identity to allow handle them correctly. ie. Request params should never be evaluated (as happens now when someone finds RCE vulnerability), but at the same time, params from interceptors (internals) should be passed for evaluation all the time. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
