crtxcr
/
qswiki
1
0
Forkuj 0
Kod Zgłoszenia 21 Oczekujące zmiany 1 Wydania Aktywność

template: getPartPath(): Ensure return path isn't outside template dir 

user-input to this function might become possible soon
This commit is contained in:
Albert S. 2023-11-27 22:33:55 +01:00
rodzic 579fadfb10
commit 84adaa934a
1 zmienionych plików z 9 dodań i 2 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

11
template.cpp
Wyświetl plik

@ -18,6 +18,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE. SOFTWARE.
*/ */
#include <filesystem>
#include "template.h" #include "template.h"
#include "varreplacer.h" #include "varreplacer.h"
#include "urlprovider.h" #include "urlprovider.h"
@ -47,9 +48,15 @@ TemplatePage Template::getPage(const std::string &pagename)
std::string Template::getPartPath(std::string_view partname) std::string Template::getPartPath(std::string_view partname)
{ {
// TODO: utils::concatPath? C++17 paths? auto absolute_path = std::filesystem::canonical(std::filesystem::path{this->templatepath} / partname);
return this->templatepath + "/" + std::string(partname); std::string result = absolute_path.string();
if(result.starts_with(this->templatepath))
{
return result;
} }
return "";
}
std::string Template::loadPartContent(std::string_view partname) std::string Template::loadPartContent(std::string_view partname)
{ {
std::string partpath = getPartPath(partname); std::string partpath = getPartPath(partname);