[
https://issues.apache.org/jira/browse/FREEMARKER-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17416332#comment-17416332
]
Dániel Dékány edited comment on FREEMARKER-193 at 9/16/21, 9:33 PM:
--------------------------------------------------------------------
The key facts are:
* The path of the a template meant to be OS and file system independent. It
always uses /, and doesn't support drive labels. (It does support schemes
though, like foo://something, bar://something, but the FileTemplateLoader
doesn't support that.)
* FreeMarker tries hard preventing you from backing out of the base directory.
It's a security issue if someone could achieve that.
* On Windows, X:\ and Y:\ are siblings, and there's no path that symbolizes
their common parent. So, while on Linux you cam point to the common highest
parent ("/") as the base path, on Windows simply there's no similar highest
parent path. So if we want such a thing for the purpose of being used as base
directory, then we had to invent something like "drives:\".
So, I think FreeMarker behaves as it should. OTOH in principle we could add a
feature that allows hopping between drives.
was (Author: ddekany):
The key facts are:
* The path of the a template meant to be OS and file system independent. It
always uses /, and doesn't support drive labels. (It does support schemes
though, like foo://something, bar://something, but the FileTemplateLoader
doesn't support that.)
* FreeMarker tries hard preventing you from backing out of the base directory.
It's a security issue if someone could achieve that.
* On Windows, X:\ are siblings Y:\, and there's no path that symbolizes their
common parent. So, while on Linux you cam point to the common highest parent
("/") as the base path, on Windows simply there's no similar highest parent
path. So if we want such a thing for the purpose of being used as base
directory, then we had to invent something like "drives:\".
So, I think FreeMarker behaves as it should. OTOH in principle we could add a
feature that allows hopping between drives.
> FileTemplateLoader always prepends the root base path to the file path
> ----------------------------------------------------------------------
>
> Key: FREEMARKER-193
> URL: https://issues.apache.org/jira/browse/FREEMARKER-193
> Project: Apache Freemarker
> Issue Type: Bug
> Components: engine
> Affects Versions: 2.3.31
> Environment: Windows
> Reporter: Andrzej Jarmoniuk
> Priority: Minor
>
> I was trying to use the FileTemplateLoader. While it seemed to work fine on
> Linux, it did not work on Windows. The thing was that I was trying to feed it
> with absolute file paths, and the base directory of the FileTemplateLoader
> was the root directory.
> It was thus "X:\" for Windows and "/" for Linux. FileTemplateLoader was
> unable to retrieve the files with the absolute path on Windows, because it
> was trying to prepend the base path to the file names. So, it was prepending
> the "X:\" to the absolute file paths, already containing that "X:\" directory.
> {code:java}
> @Override
> public Object findTemplateSource(final String name) throws IOException {
> try {
> return AccessController.doPrivileged(new
> PrivilegedExceptionAction<File>() {
> @Override
> public File run() throws IOException {
> File source = new File(baseDir, SEP_IS_SLASH ? name :
> name.replace('/', File.separatorChar));
> if (!source.isFile()) {
> return null;
> }
> {code}
> I'm not sure whether this is by design and if files must always be relative
> to the base path of one of the FileTemplateLoader objects.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
