template: getPartPath(): Ensure return path isn't outside template dir
user-input to this function might become possible soon
This commit is contained in:
förälder
579fadfb10
incheckning
84adaa934a
11
template.cpp
11
template.cpp
@ -18,6 +18,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
*/
|
||||
#include <filesystem>
|
||||
#include "template.h"
|
||||
#include "varreplacer.h"
|
||||
#include "urlprovider.h"
|
||||
@ -47,9 +48,15 @@ TemplatePage Template::getPage(const std::string &pagename)
|
||||
|
||||
std::string Template::getPartPath(std::string_view partname)
|
||||
{
|
||||
// TODO: utils::concatPath? C++17 paths?
|
||||
return this->templatepath + "/" + std::string(partname);
|
||||
auto absolute_path = std::filesystem::canonical(std::filesystem::path{this->templatepath} / partname);
|
||||
std::string result = absolute_path.string();
|
||||
if(result.starts_with(this->templatepath))
|
||||
{
|
||||
return result;
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
std::string Template::loadPartContent(std::string_view partname)
|
||||
{
|
||||
std::string partpath = getPartPath(partname);
|
||||
|
Laddar…
Referens i nytt ärende
Block a user