If people leave this in on a production system (which they will do), and deploy behind a reverse proxy then in some circumstances (depending on your servlet engine & config) ALL request may appear to come from 127.0.0.1. (See, for eg: http://grokbase.com/thread/m/2006/07/17/patch-to-override-request-getremoteaddr-if-behind-a-reverse-proxy/xaqnRqmBVpzX-i2E8I1LGljLwzA#xaqnRqmBVpzX-i2E8I1LGljLwzA)
That could be kind bad (especially since there is no checking of the path for directory traversal etc). Nick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, 11 December 2008 9:35 AM To: [email protected] Subject: Adding local file rendering support to Sample Container Reviewers: shindig-dev, Description: This patch enables Shindig's Sample Container to render files local to the developer's machine. This is facilitated by adding a Servlet that serves these files (only to localhost requests). The Sample Container UI has been changed to support this feature (including allowing one to pick a file from the local filesystem via a file input control) Please review this at http://codereview.appspot.com/10269 Affected files: java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/localfile/LocalFileServlet.java java/server/src/main/webapp/WEB-INF/web.full.xml java/server/src/main/webapp/WEB-INF/web.gadgets.xml java/server/src/main/webapp/WEB-INF/web.xml javascript/samplecontainer/samplecontainer.html javascript/samplecontainer/samplecontainer.js IMPORTANT: This e-mail, including any attachments, may contain private or confidential information. If you think you may not be the intended recipient, or if you have received this e-mail in error, please contact the sender immediately and delete all copies of this e-mail. If you are not the intended recipient, you must not reproduce any part of this e-mail or disclose its contents to any other party. This email represents the views of the individual sender, which do not necessarily reflect those of Education.au except where the sender expressly states otherwise. It is your responsibility to scan this email and any files transmitted with it for viruses or any other defects. education.au limited will not be liable for any loss, damage or consequence caused directly or indirectly by this email.
