bato created FREEMARKER-96:
------------------------------
Summary: StringTemplateLoader why check path security
Key: FREEMARKER-96
URL: https://issues.apache.org/jira/browse/FREEMARKER-96
Project: Apache Freemarker
Issue Type: Bug
Affects Versions: 2.3.28
Environment: Java 8
Reporter: bato
when i do this
StringTemplateLoader stringLoader = new StringTemplateLoader();
cfg.setTemplateLoader(stringLoader);
//
stringLoader.putTemplate("Template1", "Hello ${user} \n");
stringLoader.putTemplate("../Template2", "Hello ${user1} ${user2}");
//
Template temp1 = cfg.getTemplate("Template1");
Template temp2 = cfg.getTemplate("../Template2");
will get this exception
freemarker.template.TemplateNotFoundException: Template not found for name
"../Template2".
Reason given: Backing out from the root directory is not allowed.
The name was interpreted by this TemplateLoader: StringTemplateLoader(Map \{
"Template1"=..., "../Template2"=... }).
.......
check root path why security is important I know, but it is
StringTemplateLoader not file right ?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
