TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape view parameter

Browse Source
This commit is contained in:
Manuel Raynaud
2013-10-09 09:05:48 +02:00
parent e8fd822795
commit d866ffaaf5
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
View File

@@ -212,14 +212,14 @@ class SmartyParser extends Smarty implements ParserInterface
$templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/"); $templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/");
if (strpos($pathFileName, $templateDir) !== 0) { if (strpos($pathFileName, $templateDir) !== 0) {
throw new ResourceNotFoundException(sprintf("'%s' view does not exists", $file)); throw new ResourceNotFoundException(sprintf("'%s' view does not exists", htmlspecialchars($file)));
} }
if (!file_exists($fileName)) { if (!file_exists($fileName)) {
$fileName .= ".html"; $fileName .= ".html";
if (!file_exists($fileName)) { if (!file_exists($fileName)) {
throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", $file, $this->template)); throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", htmlspecialchars($file), $this->template));
} }
} }

2
templates/default/layout.tpl
View File

@@ -28,7 +28,7 @@ URL: http://www.thelia.net
{block name="meta"}{/block} {block name="meta"}{/block}
<!-- StyleSheet --> <!-- StyleSheet -->
{stylesheets file='assets/less/styles.less' filters='less,cssembed'} {stylesheets file='assets/less/styles.less' filters='less,cssembed,cssrewrite'}
<link rel="stylesheet" href="{$asset_url}"> <link rel="stylesheet" href="{$asset_url}">
{/stylesheets} {/stylesheets}
{debugbar_rendercss} {debugbar_rendercss}