Message5853
Anthony does this patch fill your needs?
Given an @template=subdir/edit it passes :
subdir/query.edit
subdir/_generic.edit
to _find() or check(). The tal code then looks for a file with no
extension, .html and .xml.
This modifies roundup/cgi/client.py::selectTemplate() to look for the
last / in the template argument. Then it inserts the class name after
the / or _generic after the /.
If I have a directory html/subdir:
html/subdir/issue.item.html
html/subdir/query.edit.html -> ../../../query.edit.html
html/subdir/user.item.html
http://.../issue?@template=subdir/item uses html/subdir/issue.item.html
http://.../user?@template=subdir/item uses html/subdir/user.item.html
http://.../query?@template=subdir/edit returns an error:
NoTemplate: No template file exists for templating "query" with
template "subdir/edit" (neither "subdir/query.edit" nor
"subdir/_generic.edit")
because html/subdir/query.edit.html is a link to
../../../query.edit.html which falls outside of the html subdirectory.
I think this should work for your template engine as well right?
I am not sure if supporting sub-directories can have some bad
interaction/leakage with the @@file mechanism for accessing files
stored under the html subdir. But I claim there shouldn't be anything
stored there that is not publicly accessible anyway. |
|
Date |
User |
Action |
Args |
2016-07-14 23:48:38 | rouilj | set | messageid: <1468540118.71.0.247615625721.issue2550891@psf.upfronthosting.co.za> |
2016-07-14 23:48:38 | rouilj | set | recipients:
+ rouilj, schlatterbeck, joseph_myers, antmail |
2016-07-14 23:48:38 | rouilj | link | issue2550891 messages |
2016-07-14 23:48:38 | rouilj | create | |
|