Hi! I think that it would be great if HTML::Template would have two additional "Filesystem Options".
One would be to allow only relative filenames (that is filenames without "/" and "\" characters). So that user could not use absolute filenames. Other would be to check if the resulting file (file which HTML::Template found at the end of search to include) is not a symlink (file passes -f test and fails -l test). With this two options it would be possible to force using templates only from directories assigned by programmer. So it would be possible to let not fully trusted users to design templates. As those are really two simple if sentences which are tested only at a compile time (so there is no performance penalty) and are simple to implement from HTML::Template but impossible with filters I think you should really include them. Especially because there is still no new version with ELSE bugfix (khm, khm) so this could still be added to this future version. Best regards Mitar ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Html-template-users mailing list Html-template-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/html-template-users
