Move shared .tpl files to tpl/ from lib/, this fixes a DoS vulneravility where master_template.tpl could be accessed as a standalone .tpl file that recursively called itself.
This commit is contained in:
Uriel
parent
9d87478586
commit
e91609e301
4 changed files with 1 additions and 1 deletions
29
tpl/_debug.tpl
Normal file
29
tpl/_debug.tpl
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
% if(! ~ $#debug_shell 0) {
|
||||
<form method="POST" name="prompt">
|
||||
<input size="80" type="text" name="command" value="%($"post_arg_command%)" />
|
||||
<input type="submit" Value="Run" />
|
||||
</form>
|
||||
<script language="javascript"><!--
|
||||
document.prompt.command.focus()
|
||||
//--></script>
|
||||
|
||||
%{
|
||||
fn evl {
|
||||
# Buffering is probably messing this up:
|
||||
#rc -c 'flag x +;{'^$post_arg_command'} |[2] awk ''{print ">> "$0}'''
|
||||
rc -c 'flag s +; flag x +;'^$post_arg_command
|
||||
}
|
||||
if(! ~ $#post_arg_command 0 && ! ~ $#post_arg_command '') {
|
||||
echo '<hr /><pre>'
|
||||
evl | escape_html |[2] awk '{print "<b>"$0"</b>"}'
|
||||
echo '</pre>'
|
||||
}
|
||||
%}
|
||||
% }
|
||||
|
||||
<hr /><pre>
|
||||
% env | escape_html
|
||||
</pre><hr />
|
||||
|
||||
% umask
|
||||
|
||||
18
tpl/_users/login.tpl
Normal file
18
tpl/_users/login.tpl
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
<h1>User login</h1>
|
||||
<br />
|
||||
% if(check_user) {
|
||||
You are logged in as: <b>%($logged_user%)</b>
|
||||
% }
|
||||
% if not {
|
||||
% if (~ $REQUEST_METHOD POST)
|
||||
% echo '<div class="notify_errors">Login failed!</div>'
|
||||
<form method="post" action="" style="text-align: right; float: left;">
|
||||
<fieldset>
|
||||
<label>User name: <input type="text" name="user_name" value="%($"post_arg_user_name%)"/></label><br />
|
||||
<label>User password: <input type="password" name="user_password" /></label><br />
|
||||
<input name="s" type="submit" value="Login" />
|
||||
</fieldset>
|
||||
</form>
|
||||
% }
|
||||
|
||||
<br style="clear:left" />
|
||||
65
tpl/sitemap.tpl
Normal file
65
tpl/sitemap.tpl
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
<h1>Site map</h1>
|
||||
|
||||
%{
|
||||
tmpfile=/tmp/werc_sitemap_$pid.txt
|
||||
saveddf=$dirfilter
|
||||
|
||||
fn get_md_title {
|
||||
sed 's/^(................................................................[^ ]*).*$/\1/g; 1q' < $1
|
||||
}
|
||||
|
||||
fn get_html_title {
|
||||
# H1 is not reliable because htmlroff doesn't use it :(
|
||||
#desc=`{cat $1 | sed 32q | grep '<[Hh]1>' | sed 's/<[Hh]1>(.*)(<\/[Hh]1>|$)/\1/;s/<[^>]*>//g;1q'}
|
||||
# Pick the first line of body instead
|
||||
desc=`{sed -n '/<[Bb][Oo][Dd][Yy]/,/./s/(<[^>]*>|$)//gp' < $1}
|
||||
if(~ $#desc 0)
|
||||
desc=`{sed 's/<[^>]*>//g; 1q' < $1}
|
||||
}
|
||||
|
||||
fn get_file_title {
|
||||
|
||||
if(~ $1 */) {
|
||||
if(test -f $1/index.md)
|
||||
get_md_title $1/index.md
|
||||
if not if(test -f $1/index.html)
|
||||
get_html_title $1/index.html
|
||||
}
|
||||
if not if(~ $1 *.md)
|
||||
get_md_title $1
|
||||
if not if(~ $1 *.html)
|
||||
get_html_title $1
|
||||
if not
|
||||
echo ''
|
||||
}
|
||||
|
||||
fn listDir {
|
||||
d=$1
|
||||
dirfilter=$saveddf
|
||||
if(test -f $d/_werc/config)
|
||||
. ./$d/_werc/config
|
||||
|
||||
if(~ $#perm_redir_to 0) {
|
||||
echo '<ul class="sitemap-list">'
|
||||
|
||||
for(i in `{ls -dF $d^*/ $d^*.md $d^*.html $d^*.txt >[2]/dev/null | sed $dirfilter}) {
|
||||
desc=`{get_file_title $i}
|
||||
u=`{echo $i|sed 's!'$sitedir'!!; '$dirclean's!/index$!/!; '}
|
||||
if(! ~ $#desc 0 && ! ~ $desc '')
|
||||
desc=' - '$"desc
|
||||
n=`{echo /$u|sed 's/_/ /g; s,.*/([^/]+)/?$,\1,'}
|
||||
echo '<li><a href="'$base_url$u'">'^$"n^'</a>' $"desc '</li>'
|
||||
echo $base_url^$u >> $tmpfile
|
||||
if(test -d $i)
|
||||
@{ listDir $i }
|
||||
}
|
||||
echo '</ul>'
|
||||
}
|
||||
}
|
||||
|
||||
fltr_cache listDir $sitedir/
|
||||
|
||||
if(test -s $tmpfile)
|
||||
mv $tmpfile $sitedir/sitemap.txt &
|
||||
|
||||
%}
|
||||
Loading…
Add table
Add a link
Reference in a new issue