Update on VELTOOLS-143
All, I logged VELTOOLS-143 a while ago and I'd like to get it fixed for an upcoming release of my own software. Can someone help me understand why mailto: links don't accept params? Thanks, -chris signature.asc Description: OpenPGP digital signature
Re: Update on VELTOOLS-143
https://issues.apache.org/jira/browse/VELOCITY-143 ?? On Thu, Jan 19, 2012 at 8:19 AM, Christopher Schultz ch...@christopherschultz.net wrote: All, I logged VELTOOLS-143 a while ago and I'd like to get it fixed for an upcoming release of my own software. Can someone help me understand why mailto: links don't accept params? Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-150) VelocityLayoutServlet allows clients to specify layout without performing any security checks.
[ https://issues.apache.org/jira/browse/VELTOOLS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13189234#comment-13189234 ] Nathan Bubna commented on VELTOOLS-150: --- Ok, while this still feels like something that ought to live at the ResourceLoader level, i accept that adding a little security to the VLS is not that hard. I think we should check paths for .. and ignore such requests. Do you want to do the fix Christopher? VelocityLayoutServlet allows clients to specify layout without performing any security checks. Key: VELTOOLS-150 URL: https://issues.apache.org/jira/browse/VELTOOLS-150 Project: Velocity Tools Issue Type: Bug Components: VelocityView Affects Versions: 1.4, 2.0 Environment: Velocity 1.7, Velocity Tools 2.0. Confirmed also affects Velocity 1.4, Velocity Tools 1.4. Reporter: Christopher Schultz Priority: Critical Labels: security For reference: http://markmail.org/thread/43cz2dymzmxjjrq5 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Resolved] (VELTOOLS-139) Bundle a NullTool in velocity Tools
[ https://issues.apache.org/jira/browse/VELTOOLS-139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Bubna resolved VELTOOLS-139. --- Resolution: Won't Fix Bundle a NullTool in velocity Tools --- Key: VELTOOLS-139 URL: https://issues.apache.org/jira/browse/VELTOOLS-139 Project: Velocity Tools Issue Type: Wish Components: GenericTools Affects Versions: 2.0 Reporter: Vincent Massol Right now, in order to check for null we have to use: {code}#if ((! $var) ($!var == )){code} which is painful when you have lots of checks to do in several places. It would be nice either to have better null check support in velocity core or to bundle to NullTool in Velocity Tools: http://wiki.apache.org/velocity/NullTool I checked the user guide and googled around and couldn't find any simple way to check for null except using an undefined variable which I find way too magical and dangerous (what if someone defines that variable in the context). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org