- A Template is explicitly disallowed
from having a url that normalizes to relative outside of the root. That is, if the Lookup is based at /home/mytemplates, an include that would place the ultimate template at /home/mytemplates/../some_other_directory, i.e. outside of /home/mytemplates, is disallowed. This usage was never intended despite the lack of an explicit check. The main issue this causes is that module files can be written outside of the module root (or raise an error, if file perms aren't set up), and can also lead to the same template being cached in the lookup under multiple, relative roots. TemplateLookup instead has always supported multiple file roots for this purpose. [ticket:174]
Showing
- CHANGES 19 additions, 0 deletionsCHANGES
- mako/__init__.py 1 addition, 1 deletionmako/__init__.py
- mako/lookup.py 1 addition, 1 deletionmako/lookup.py
- mako/template.py 12 additions, 6 deletionsmako/template.py
- test/templates/othersubdir/foo.html 0 additions, 0 deletionstest/templates/othersubdir/foo.html
- test/test_lookup.py 30 additions, 2 deletionstest/test_lookup.py
- test/test_template.py 20 additions, 3 deletionstest/test_template.py
Loading
Please register or sign in to comment