Message5327
On Mon, Jun 22, 2015 at 02:01:27PM +0000, Anthony wrote:
>
> There is no possibility to use subdir for templates in template store.
>
> All templates have to be placed in flat template store. If you have many
> templates this may be a problem.
>
> The attached patch allow to use subdir in template store. For example,
> with this patch you can use "issue?@template=mobile/index" URL for
> "mobile/issue.index.html" template.
Have you considered this may have security implications if someone
specifies, e.g.,
issue?@template=../../../.....
You should check with abspath that the target is below the template
directory. (I haven't checked your code yet)
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
allmenda.com member email: rsc@allmenda.com |
|
| Date |
User |
Action |
Args |
| 2015-06-23 07:28:10 | schlatterbeck | set | recipients:
+ schlatterbeck, joseph_myers, antmail |
| 2015-06-23 07:28:10 | schlatterbeck | link | issue2550891 messages |
| 2015-06-23 07:28:09 | schlatterbeck | create | |
|