}
my $template=srcfile($tpage, 1);
- if (! defined $template) {
+ if (defined $template) {
+ return $template, $tpage, 1 if wantarray;
+ return $template;
+ }
+ else {
$name=~s:/::; # avoid path traversal
foreach my $dir ($config{templatedir},
"$installdir/share/ikiwiki/templates") {
last;
}
}
+ if (defined $template) {
+ return $template, $tpage if wantarray;
+ return $template;
+ }
}
- if (defined $template) {
- return $template, $tpage if wantarray;
- return $template;
- }
return;
}
my $name=shift;
my $page=shift;
- my ($filename, $tpage)=template_file($name);
+ my ($filename, $tpage, $untrusted)=template_file($name);
if (defined $page && defined $tpage) {
add_depends($page, $tpage);
}
die_on_bad_params => 0,
filename => $filename,
@_,
- no_includes => 1,
+ ($untrusted ? (no_includes => 1) : ()),
);
return @opts if wantarray;
ikiwiki (3.20100428) UNRELEASED; urgency=low
* template: Fix typo.
+ * TMPL_INCLUDE re-enabled for templates read from the templatedir.
+ (But not in-wiki templates.)
-- Joey Hess <joeyh@debian.org> Tue, 27 Apr 2010 12:10:51 -0400
*TMPL_INCLUDE is no longer supported in any template used by ikiwiki. It used to be allowed in certian templates, but not in others.*
Would it be possible to make that a config option? Because I do use includes in my templates, and I don't allow users to edit templates, so it isn't a security loophole for me. --[[KathrynAndersen]]
+
+> I don't like config options that make wikis unsafe, but I should have
+> revisted enabling includes for templates read from the templatedir --
+> it's easy to do, and I've done it now. --[[Joey]]