Message5778
msg5777 on issue 2550891 has a possible patch for this. It turns out
I re-implemented much of the cgi/client.py:Client::serve_static_file
logic to prevent path traversal. The only difference is the static
check uses normpath not realpath.
Note my patch only handles TAL based templates (zopetal and chameleon).
Jinja is handled on the issue. |
|
| Date |
User |
Action |
Args |
| 2016-07-08 00:13:12 | rouilj | set | messageid: <1467936792.09.0.597943314619.issue2550701@psf.upfronthosting.co.za> |
| 2016-07-08 00:13:12 | rouilj | set | recipients:
+ rouilj, joseph_myers |
| 2016-07-08 00:13:12 | rouilj | link | issue2550701 messages |
| 2016-07-08 00:13:11 | rouilj | create | |
|