From d866ffaaf5342cb29dca3fff617dc44c2991c978 Mon Sep 17 00:00:00 2001
From: Manuel Raynaud <raynaud.manu@gmail.com>
Date: Wed, 9 Oct 2013 09:05:48 +0200
Subject: [PATCH 1/3] escape view parameter

---
 core/lib/Thelia/Core/Template/Smarty/SmartyParser.php | 4 ++--
 templates/default/layout.tpl                          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
index 868f1570c..b6c1ed1b7 100755
--- a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
+++ b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
@@ -212,14 +212,14 @@ class SmartyParser extends Smarty implements ParserInterface
         $templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/");
 
         if (strpos($pathFileName, $templateDir) !== 0) {
-            throw new ResourceNotFoundException(sprintf("'%s' view does not exists", $file));
+            throw new ResourceNotFoundException(sprintf("'%s' view does not exists", htmlspecialchars($file)));
         }
 
         if (!file_exists($fileName)) {
             $fileName .= ".html";
 
             if (!file_exists($fileName)) {
-                throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", $file, $this->template));
+                throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", htmlspecialchars($file), $this->template));
             }
         }
 
diff --git a/templates/default/layout.tpl b/templates/default/layout.tpl
index 2c8a56d44..0f01dfc78 100644
--- a/templates/default/layout.tpl
+++ b/templates/default/layout.tpl
@@ -28,7 +28,7 @@ URL: http://www.thelia.net
     {block name="meta"}{/block}
 
     <!-- StyleSheet -->
-    {stylesheets file='assets/less/styles.less' filters='less,cssembed'}
+    {stylesheets file='assets/less/styles.less' filters='less,cssembed,cssrewrite'}
         <link rel="stylesheet" href="{$asset_url}">
     {/stylesheets}
     {debugbar_rendercss}

From 5d0eb4e61e5d41ad2a2b5a9f6fda9fbd0930aeef Mon Sep 17 00:00:00 2001
From: Manuel Raynaud <raynaud.manu@gmail.com>
Date: Wed, 9 Oct 2013 10:34:35 +0200
Subject: [PATCH 2/3] do not display some information about template file

---
 core/lib/Thelia/Core/Template/Smarty/SmartyParser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
index b6c1ed1b7..6acbf834b 100755
--- a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
+++ b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
@@ -212,14 +212,14 @@ class SmartyParser extends Smarty implements ParserInterface
         $templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/");
 
         if (strpos($pathFileName, $templateDir) !== 0) {
-            throw new ResourceNotFoundException(sprintf("'%s' view does not exists", htmlspecialchars($file)));
+            throw new ResourceNotFoundException(sprintf("this view does not exists"));
         }
 
         if (!file_exists($fileName)) {
             $fileName .= ".html";
 
             if (!file_exists($fileName)) {
-                throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", htmlspecialchars($file), $this->template));
+                throw new ResourceNotFoundException(sprintf("file not found in %s template", $this->template));
             }
         }
 

From d8ec745fea39595b949a6ce5dabeb1c8b049f1ab Mon Sep 17 00:00:00 2001
From: Manuel Raynaud <raynaud.manu@gmail.com>
Date: Wed, 9 Oct 2013 12:44:49 +0200
Subject: [PATCH 3/3] fix issue concerning absoluteUrl

---
 core/lib/Thelia/Core/Template/Smarty/Plugins/Assetic.php | 2 +-
 core/lib/Thelia/Tools/URL.php                            | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/lib/Thelia/Core/Template/Smarty/Plugins/Assetic.php b/core/lib/Thelia/Core/Template/Smarty/Plugins/Assetic.php
index b7bb95b83..93dbb6f86 100755
--- a/core/lib/Thelia/Core/Template/Smarty/Plugins/Assetic.php
+++ b/core/lib/Thelia/Core/Template/Smarty/Plugins/Assetic.php
@@ -36,7 +36,7 @@ class Assetic extends AbstractSmartyPlugin
     {
         $web_root  = THELIA_WEB_DIR;
 
-        $asset_dir_from_web_root = ConfigQuery::read('asset_dir_from_web_root', 'assets');
+        $asset_dir_from_web_root = ConfigQuery::read('asset_dir_from_web_root', 'assets/');
 
         $this->assetManager = new SmartyAssetsManager($web_root, $asset_dir_from_web_root, $developmentMode == 'dev');
     }
diff --git a/core/lib/Thelia/Tools/URL.php b/core/lib/Thelia/Tools/URL.php
index 83469f602..3e137e5e4 100755
--- a/core/lib/Thelia/Tools/URL.php
+++ b/core/lib/Thelia/Tools/URL.php
@@ -129,8 +129,9 @@ class URL
 
             // If only a path is requested, be sure to remove the script name (index.php or index_dev.php), if any.
             if ($path_only == self::PATH_TO_FILE) {
+
                 // As the base_url always ends with '/', if we don't find / at the end, we have a script.
-                if (substr($base_url, -1) != '/') $base_url = dirname($base_url);
+                if (substr($base_url, -3) == 'php') $base_url = dirname($base_url);
             }
 
             // Normalize the given path