[ginp-users] ginp issues
Brought to you by:
burchbri,
dougculnane
Menu
▾
▴
[ginp-users] ginp issues
|
From: Gleb S. <gl...@ma...> - 2005-02-25 09:04:54
|
Hi,
Found GINP some time ago and after trying to add it to my application, got
some quetions/proposals.
Currently jsp pages for collection and picture are hardcoded in several
classes, which definatelly makes it difficult to embedd ginp into existing
application. As ginp Controller is made of servlet, why not to move this jsp
locations into intit parameters or other config place?
More of that, it would be really cool to have some base class for ginp
controller and several extensions for different web application designs.
Like one implementation (extension actually) for servlet, another for Struts
Action ("forwards" are much more appreciated for jsp locations). This will
make ginp more flexible as an extension framework. Actually I have had to
hack your code with this changes to embedd this gallery into my Struts
application but it is a bit dirty solution and will be really hard to
maintain...
Another question is about security fix stated for a 0.22 release. Could
somebody provide some more details about this fix?
I'm using version 0.21 and noticed that playing with "path" parameter of
"selectpath" command could lead you far beyond the root collection's path,
exposing directory structure on the file system (at least on Win).
Regards,
Gleb
|
