Bug 32272

Summary: enhancement for ImageTaglib
Product: Taglibs Reporter: Daniel C. Amadei <daniel.amadei>
Component: Sandbox TaglibsAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal Keywords: PatchAvailable
Priority: P2    
Version: nightly   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: ImageServlet patch
ImageTag patch
intro.xml patch

Description Daniel C. Amadei 2004-11-17 13:47:47 UTC
Hi,

I'm uploading a patch for the ImageTag that makes it possible to store the 
image name in the HTTP session so there is no need to pass it as a parameter to 
the gen-image servlet and there is no way for a "hacker" to parse the HTML and 
discover the contents of the image if it is similar to the name of the image.

Useful in cases where the Image Tag is used to generate random numbers and 
these numbers are typed in a textbox to avoid "automated posts" to a form.

Daniel C. Amadei
Comment 1 Daniel C. Amadei 2004-11-17 13:49:19 UTC
Created attachment 13479 [details]
ImageServlet patch
Comment 2 Daniel C. Amadei 2004-11-17 13:49:42 UTC
Created attachment 13480 [details]
ImageTag patch
Comment 3 Daniel C. Amadei 2004-11-17 13:51:45 UTC
Created attachment 13481 [details]
intro.xml patch
Comment 4 Daniel C. Amadei 2004-11-17 13:53:09 UTC
To use this new feature, just add the usingImageNameInSession="true" to the tag 
declaration.

When checking the source code generated by the JSP where the taglib is located 
the following will be seen:

http://ip:port/image-examples/gen-image?useSession=true
Comment 5 Felipe Leme 2004-11-18 01:29:13 UTC
Applied...