>>>>> "Franco" == Franco Bagnoli <[EMAIL PROTECTED]> writes:
Franco> it does not seem to work to me. Here are the relevant parts of my code:
Franco> ------------------------------------------------------------------
Franco> $template = Template->new($config) or die "cannot start Template";
Franco> my $usable = "dbi";
Franco> use Template::Plugins;
Franco> foreach my $plug (keys %$Template::Plugins::STD_PLUGINS) {
Franco> delete $Template::Plugins::STD_PLUGINS->{$plug} unless
Franco> $usable =~ /\b$plug\b/;
Franco> }
Franco> print STDERR "plugins: @{[%$Template::Plugins::STD_PLUGINS]}\n";
Franco> ------------------------------------------------------------------
Franco> and at this point %$Template::Plugins::STD_PLUGINS only contains dbi,
Franco> but if I issue a [%USE Directory%] directive in some page I can still list
Franco> all files in my system. This does not happen with my suggested method.
Franco> Am I missing something?
Apparently, PLUGIN_PATH still has a "system plugin directory" forced
on it at the end. You'll need to dummy-out all the existing dangerous
plugins with your own.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://lists.template-toolkit.org/mailman/listinfo/templates
