Message5330
I think any patch that goes in should work for any templating engine.
So a check for directory traversal needs to happen in this patch.
I would claim that the function reformTplName should do all the
security checks. This way we are protected even if we add another
templating engine someday.
I think that is preferable to adding a check for ../ to the
tal templating code. |
|
Date |
User |
Action |
Args |
2015-06-28 03:36:42 | rouilj | set | messageid: <1435462602.73.0.78337339087.issue2550891@psf.upfronthosting.co.za> |
2015-06-28 03:36:42 | rouilj | set | recipients:
+ rouilj, schlatterbeck, joseph_myers, antmail |
2015-06-28 03:36:42 | rouilj | link | issue2550891 messages |
2015-06-28 03:36:42 | rouilj | create | |
|