diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-03-23 14:27:23 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-03-23 14:27:23 +0100 |
commit | c9bdd97a294cc273480f8324dbfcba8ce3c485d1 (patch) | |
tree | 8bffb0fde976264861133a8d273a9255e80e7019 /src/templating/mustach-wrap.c | |
parent | 78e568ea0cd3b1e9cf26852ed3a80e0283a7cc1f (diff) | |
download | exchange-c9bdd97a294cc273480f8324dbfcba8ce3c485d1.tar.xz |
update to mustach 1.2.7
Diffstat (limited to 'src/templating/mustach-wrap.c')
-rw-r--r-- | src/templating/mustach-wrap.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/src/templating/mustach-wrap.c b/src/templating/mustach-wrap.c index 869713c86..2cd00db12 100644 --- a/src/templating/mustach-wrap.c +++ b/src/templating/mustach-wrap.c @@ -20,6 +20,18 @@ #include "mustach.h" #include "mustach-wrap.h" +/* +* It was stated that allowing to include files +* through template is not safe when the mustache +* template is open to any value because it could +* create leaks (example: {{>/etc/passwd}}). +*/ +#if MUSTACH_SAFE +# undef MUSTACH_LOAD_TEMPLATE +#elif !defined(MUSTACH_LOAD_TEMPLATE) +# define MUSTACH_LOAD_TEMPLATE 1 +#endif + #if !defined(INCLUDE_PARTIAL_EXTENSION) # define INCLUDE_PARTIAL_EXTENSION ".mustache" #endif @@ -325,6 +337,7 @@ static int get_callback(void *closure, const char *name, struct mustach_sbuf *sb return MUSTACH_OK; } +#if MUSTACH_LOAD_TEMPLATE static int get_partial_from_file(const char *name, struct mustach_sbuf *sbuf) { static char extension[] = INCLUDE_PARTIAL_EXTENSION; @@ -375,14 +388,22 @@ static int get_partial_from_file(const char *name, struct mustach_sbuf *sbuf) fclose(file); return MUSTACH_ERROR_SYSTEM; } +#endif static int partial_callback(void *closure, const char *name, struct mustach_sbuf *sbuf) { struct wrap *w = closure; int rc; - if (mustach_wrap_get_partial != NULL) + if (mustach_wrap_get_partial != NULL) { rc = mustach_wrap_get_partial(name, sbuf); - else if (w->flags & Mustach_With_PartialDataFirst) { + if (rc != MUSTACH_ERROR_PARTIAL_NOT_FOUND) { + if (rc != MUSTACH_OK) + sbuf->value = ""; + return rc; + } + } +#if MUSTACH_LOAD_TEMPLATE + if (w->flags & Mustach_With_PartialDataFirst) { if (getoptional(w, name, sbuf) > 0) rc = MUSTACH_OK; else @@ -393,6 +414,9 @@ static int partial_callback(void *closure, const char *name, struct mustach_sbuf if (rc != MUSTACH_OK && getoptional(w, name, sbuf) > 0) rc = MUSTACH_OK; } +#else + rc = getoptional(w, name, sbuf) > 0 ? MUSTACH_OK : MUSTACH_ERROR_PARTIAL_NOT_FOUND; +#endif if (rc != MUSTACH_OK) sbuf->value = ""; return MUSTACH_OK; |