[
https://issues.apache.org/jira/browse/FREEMARKER-96?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
bato updated FREEMARKER-96:
---------------------------
Description:
when i do this
StringTemplateLoader stringLoader = new StringTemplateLoader();
cfg.setTemplateLoader(stringLoader);
//
stringLoader.putTemplate("Template1", "Hello ${user} \n");
stringLoader.putTemplate("../Template2", "Hello ${user1} ${user2}");
//
Template temp1 = cfg.getTemplate("Template1");
Template temp2 = cfg.getTemplate("../Template2");
will get this exception
freemarker.template.TemplateNotFoundException: Template not found for name
"../Template2".
Reason given: Backing out from the root directory is not allowed.
The name was interpreted by this TemplateLoader: StringTemplateLoader(Map \{
"Template1"=..., "../Template2"=... }).
.......
check root path security is important I know, but it is StringTemplateLoader
not file right ?
was:
when i do this
StringTemplateLoader stringLoader = new StringTemplateLoader();
cfg.setTemplateLoader(stringLoader);
//
stringLoader.putTemplate("Template1", "Hello ${user} \n");
stringLoader.putTemplate("../Template2", "Hello ${user1} ${user2}");
//
Template temp1 = cfg.getTemplate("Template1");
Template temp2 = cfg.getTemplate("../Template2");
will get this exception
freemarker.template.TemplateNotFoundException: Template not found for name
"../Template2".
Reason given: Backing out from the root directory is not allowed.
The name was interpreted by this TemplateLoader: StringTemplateLoader(Map \{
"Template1"=..., "../Template2"=... }).
.......
check root path why security is important I know, but it is
StringTemplateLoader not file right ?
> StringTemplateLoader why check path security
> --------------------------------------------
>
> Key: FREEMARKER-96
> URL: https://issues.apache.org/jira/browse/FREEMARKER-96
> Project: Apache Freemarker
> Issue Type: Bug
> Affects Versions: 2.3.28
> Environment: Java 8
> Reporter: bato
> Priority: Major
>
> when i do this
> StringTemplateLoader stringLoader = new StringTemplateLoader();
> cfg.setTemplateLoader(stringLoader);
> //
> stringLoader.putTemplate("Template1", "Hello ${user} \n");
> stringLoader.putTemplate("../Template2", "Hello ${user1} ${user2}");
> //
> Template temp1 = cfg.getTemplate("Template1");
> Template temp2 = cfg.getTemplate("../Template2");
> will get this exception
> freemarker.template.TemplateNotFoundException: Template not found for name
> "../Template2".
> Reason given: Backing out from the root directory is not allowed.
> The name was interpreted by this TemplateLoader: StringTemplateLoader(Map \{
> "Template1"=..., "../Template2"=... }).
> .......
> check root path security is important I know, but it is StringTemplateLoader
> not file right ?
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
