Template Toolkit 2.14
Provider.pm - 2.81
I believe the RELATIVE path option has a small problem. While doing some testing, I noticed that I was able to do this:
[% INCLUDE foo/../../../../etc/passwd %] (with RELATIVE/ABSOLUTE both set to 0, and foo is in the INCLUDE path of '/a/path/here/'. (in other words: '/a/path/here/foo/' exists.)
I believe this is related to line 136 of Template/Provider.pm:
" elsif ($name =~ m[^\.+/]) {"It looks like a relative path is only considered to be one that starts with a '.+/'. Perhaps a little more checking would be in order? For example maybe: $name =~ m[(?:^|/)\.+/] (ie. if the dot(s) is proceeded by the beginning of the string or a slash.)
There may be other areas of Template Toolkit that use the m[^\.+/] regular expression as well that may need to be fixed up.
Here are the other areas in the default package that I found:
Template/Provider.pm:load():line 192:"elsif ($name =~ m[^\.+/]) {"
-- Josh
_______________________________________________ templates mailing list [email protected] http://lists.template-toolkit.org/mailman/listinfo/templates
