On 12 Feb 2002, Peder Stray wrote: > > I don't follow - what good would this do? > > lets say that i want to give users the ability to use their own > templates, and add /home/$USER/templatedir to the searchpath. then any > user could just include .htpasswd or any other file in the same > directory as the script itself when you search the current directory > too. relative (or absolute for that matter) would cause the same > problems, so an option for stripping the path from a templatename, and > only search the path would fix that.
You can accomplish this kind of "security" with a filter, I think. Just make sure all their includes end in ".tmpl" for example. That said, I think you'll find that if you give people the ability to edit templates you're essentially giving them the keys to the castle. HTML::Template was not designed as a secure technology. -sam --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
