Move shared .tpl files to tpl/ from lib/, this fixes a DoS vulneravility where master_template.tpl could be accessed as a standalone .tpl file that recursively called itself.

2009-06-06 16:20:02 +02:00 · 2009-06-06 16:20:02 +02:00 · 5e2170a691
commit 5e2170a691
parent 8f1a306a8a
4 changed files with 1 additions and 1 deletions
--- a/bin/corehandlers.rc
+++ b/bin/corehandlers.rc
@ -92,7 +92,7 @@ fn setup_handlers {
    if not if(test -f $local_path.html)
        handler_body_main=(html_handler $local_path.html)
    # Global tpl (eg sitemap.tpl), should take precedence over txt handler!
-    if not if(test -f lib^$req_path^.tpl)
+    if not if(test -f tpl^$req_path^.tpl)
        handler_body_main=(tpl_handler lib^$req_path^.tpl)
    if not if(test -f $local_path.txt)
        handler_body_main=(txt_handler $local_path.txt)
--- a/tpl/_debug.tpl
+++ b/tpl/_debug.tpl
--- a/tpl/_users/login.tpl
+++ b/tpl/_users/login.tpl
--- a/tpl/sitemap.tpl
+++ b/tpl/sitemap.tpl