Message5855
Здравствуйте, John.
Вы писали 15 июля 2016 г., 2:48:38:
> John Rouillard added the comment:
> Anthony does this patch fill your needs?
> Given an @template=subdir/edit it passes :
> subdir/query.edit
> subdir/_generic.edit
> to _find() or check(). The tal code then looks for a file with no
> extension, .html and .xml.
> This modifies roundup/cgi/client.py::selectTemplate() to look for the
> last / in the template argument. Then it inserts the class name after
> the / or _generic after the /.
> If I have a directory html/subdir:
> html/subdir/issue.item.html
> html/subdir/query.edit.html -> ../../../query.edit.html
> html/subdir/user.item.html
> http://.../issue?@template=subdir/item uses html/subdir/issue.item.html
> http://.../user?@template=subdir/item uses html/subdir/user.item.html
> http://.../query?@template=subdir/edit returns an error:
> NoTemplate: No template file exists for templating "query" with
> template "subdir/edit" (neither "subdir/query.edit" nor
> "subdir/_generic.edit")
> because html/subdir/query.edit.html is a link to
> ../../../query.edit.html which falls outside of the html subdirectory.
> I think this should work for your template engine as well right?
> I am not sure if supporting sub-directories can have some bad
> interaction/leakage with the @@file mechanism for accessing files
> stored under the html subdir. But I claim there shouldn't be anything
> stored there that is not publicly accessible anyway.
> ________________________________________________
> Roundup tracker <issues@roundup-tracker.org>
> <http://issues.roundup-tracker.org/issue2550891>
> ________________________________________________ |
|
| Date |
User |
Action |
Args |
| 2016-07-15 09:52:40 | antmail | set | recipients:
+ antmail, schlatterbeck, rouilj, joseph_myers |
| 2016-07-15 09:52:40 | antmail | link | issue2550891 messages |
| 2016-07-15 09:52:39 | antmail | create | |
|