Move shared .tpl files to tpl/ from lib/, this fixes a DoS vulneravility where master_template.tpl could be accessed as a standalone .tpl file that recursively called itself.
This commit is contained in:
Uriel
parent
9d87478586
commit
e91609e301
4 changed files with 1 additions and 1 deletions
29
tpl/_debug.tpl
Normal file
29
tpl/_debug.tpl
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
% if(! ~ $#debug_shell 0) {
|
||||
<form method="POST" name="prompt">
|
||||
<input size="80" type="text" name="command" value="%($"post_arg_command%)" />
|
||||
<input type="submit" Value="Run" />
|
||||
</form>
|
||||
<script language="javascript"><!--
|
||||
document.prompt.command.focus()
|
||||
//--></script>
|
||||
|
||||
%{
|
||||
fn evl {
|
||||
# Buffering is probably messing this up:
|
||||
#rc -c 'flag x +;{'^$post_arg_command'} |[2] awk ''{print ">> "$0}'''
|
||||
rc -c 'flag s +; flag x +;'^$post_arg_command
|
||||
}
|
||||
if(! ~ $#post_arg_command 0 && ! ~ $#post_arg_command '') {
|
||||
echo '<hr /><pre>'
|
||||
evl | escape_html |[2] awk '{print "<b>"$0"</b>"}'
|
||||
echo '</pre>'
|
||||
}
|
||||
%}
|
||||
% }
|
||||
|
||||
<hr /><pre>
|
||||
% env | escape_html
|
||||
</pre><hr />
|
||||
|
||||
% umask
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue