diff --git a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php index 8e34a89ed..82ef5858c 100755 --- a/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php +++ b/core/lib/Thelia/Core/Template/Smarty/SmartyParser.php @@ -7,6 +7,7 @@ use \Symfony\Component\EventDispatcher\EventDispatcherInterface; use \Smarty; +use Symfony\Component\HttpFoundation\Response; use Thelia\Core\Template\ParserInterface; use Thelia\Core\Template\Smarty\SmartyPluginInterface; @@ -117,7 +118,13 @@ class SmartyParser extends Smarty implements ParserInterface */ public function getContent() { - return $this->fetch($this->getTemplateFilePath()); + try { + $templateFile = $this->getTemplateFilePath(); + } catch(\RuntimeException $e) { + return new Response($e->getMessage(), "404"); + } + + return $this->fetch($templateFile); } /** @@ -181,11 +188,23 @@ class SmartyParser extends Smarty implements ParserInterface protected function getTemplateFilePath() { $file = $this->request->attributes->get('_view'); + $fileName = THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/" . $file; - $fileName = THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/" . $file . ".html"; + $pathFileName = realpath(dirname(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/" . $file)); + $templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/"); - if (file_exists($fileName)) return $fileName; + if (strpos($pathFileName, $templateDir) !== 0) { + throw new ResourceNotFoundException(sprintf("%s view does not exists", $file)); + } - throw new ResourceNotFoundException(sprintf("%s file not found in %s template", $file, $this->template)); + if (!file_exists($fileName)) { + $fileName .= ".html"; + + if(!file_exists($fileName)) { + throw new ResourceNotFoundException(sprintf("%s file not found in %s template", $file, $this->template)); + } + } + + return $fileName; } }