is not used any more and exists only for history. Post new tickets on the Github account. n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 15 years ago

Closed 14 years ago

Last modified 14 years ago

#135 closed bug (fixed)

constante name are not verified in expression in jtpl

Reported by: laurentj Owned by: laurentj
Priority: high Milestone: Jelix 1.0beta2
Component: jelix:tpl Version: 1.0 beta1
Severity: critical Keywords: template security constant
Cc: Blocked By:
Blocking: Documentation needed:
Hosting Provider: Php version:


You can use php constant in expression in a template. This can be a security hole for application which allow users to upload their own template. User can then display php constant which could be contain technical information (like path declared in jelix constant).

Change History (1)

comment:1 Changed 14 years ago by laurentj

  • Resolution set to fixed
  • Status changed from new to closed

fixed in the trunk

Note: See TracTickets for help on using tickets.