Roundup Tracker - Issues

Message5330

Author rouilj
Recipients antmail, joseph_myers, rouilj, schlatterbeck
Date 2015-06-28.03:36:42
Message-id <1435462602.73.0.78337339087.issue2550891@psf.upfronthosting.co.za>
In-reply-to 
I think any patch that goes in should work for any templating engine.
So a check for directory traversal needs to happen in this patch.

I would claim that the function reformTplName should do all the
security checks. This way we are protected even if we add another
templating engine someday.

I think that is preferable to adding a check for ../ to the
tal templating code.
History
Date User Action Args
2015-06-28 03:36:42rouiljsetmessageid: <1435462602.73.0.78337339087.issue2550891@psf.upfronthosting.co.za>
2015-06-28 03:36:42rouiljsetrecipients: + rouilj, schlatterbeck, joseph_myers, antmail
2015-06-28 03:36:42rouiljlinkissue2550891 messages
2015-06-28 03:36:42rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020