mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-05 11:39:13 +00:00
Code Issues 32 Releases Wiki Activity

Encapsulated ALLOWED_INCLUDE_ROOTS in Engine.

Browse Source
This commit is contained in:
Aymeric Augustin 2014-11-20 22:18:07 +01:00
parent 246cfdeae3
commit 98ac69af53
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/template/defaulttags.py
View File

@ -375,9 +375,9 @@ class RegroupNode(Node):
return '' return ''
def include_is_allowed(filepath): def include_is_allowed(filepath, allowed_include_roots):
filepath = os.path.abspath(filepath) filepath = os.path.abspath(filepath)
for root in settings.ALLOWED_INCLUDE_ROOTS: for root in allowed_include_roots:
if filepath.startswith(root): if filepath.startswith(root):
return True return True
return False return False
@ -391,7 +391,7 @@ class SsiNode(Node):
def render(self, context): def render(self, context):
filepath = self.filepath.resolve(context) filepath = self.filepath.resolve(context)
if not include_is_allowed(filepath): if not include_is_allowed(filepath, context.engine.allowed_include_roots):
if settings.DEBUG: if settings.DEBUG:
return "[Didn't have permission to include file]" return "[Didn't have permission to include file]"
else: else: