crtxcr
/
qswiki
1
0
Fork 0
Code Issues 21 Pull Requests 1 Releases Activity

template: getPartPath(): Ensure return path isn't outside template dir 

user-input to this function might become possible soon
This commit is contained in:
Albert S. 2023-11-27 22:33:55 +01:00
parent 579fadfb10
commit 84adaa934a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
template.cpp
View File

@ -18,6 +18,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include <filesystem>
#include "template.h"
#include "varreplacer.h"
#include "urlprovider.h"
@ -47,9 +48,15 @@ TemplatePage Template::getPage(const std::string &pagename)
std::string Template::getPartPath(std::string_view partname)
{
// TODO: utils::concatPath? C++17 paths?
return this->templatepath + "/" + std::string(partname);
auto absolute_path = std::filesystem::canonical(std::filesystem::path{this->templatepath} / partname);
std::string result = absolute_path.string();
if(result.starts_with(this->templatepath))
{
return result;
}
return "";
}
std::string Template::loadPartContent(std::string_view partname)
{
std::string partpath = getPartPath(partname);