mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-30 17:16:10 +00:00
Code Issues 32 Releases Wiki Activity

Raised an error when allowed_include_roots is a string.

Browse Source 
This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
This commit is contained in:
Aymeric Augustin
2014-12-14 23:18:38 +01:00
parent cf1f36bb6e
commit 84d7c93feb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
django/template/engine.py
View File

@@ -36,7 +36,11 @@ class Engine(object):
else: else:
if app_dirs: if app_dirs:
raise ImproperlyConfigured( raise ImproperlyConfigured(
"APP_DIRS must not be set when LOADERS is defined.") "app_dirs must not be set when loaders is defined.")
if isinstance(allowed_include_roots, six.string_types):
raise ImproperlyConfigured(
"allowed_include_roots must be a tuple, not a string.")
self.dirs = dirs self.dirs = dirs
self.app_dirs = app_dirs self.app_dirs = app_dirs