innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django/template
History
Tim Graham 536cc64240 [1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
 		2013-09-10 21:03:51 -04:00
..
loaders [1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-03 07:34:45 -05:00
__init__.py Fixed #12248 -- Refactored django.template to get code out of __init__.py, to help with avoiding circular import dependencies. Thanks to Tom Tobin for the patch. 2010-11-27 05:47:30 +00:00
base.py [1.6.x] Fixed #17778 -- Prevented class attributes on context from resolving as template variables. 2013-08-15 10:22:56 -04:00
context.py Fixed #17061 -- Factored out importing object from a dotted path 2013-02-04 16:38:25 +01:00
debug.py Fixed #19819 - Improved template filter errors handling. 2013-02-14 10:22:59 +01:00
defaultfilters.py Removed several unused imports. 2013-06-19 17:18:40 +02:00
defaulttags.py [1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 2013-09-10 21:03:51 -04:00
loader.py Fixed #17061 -- Factored out importing object from a dotted path 2013-02-04 16:38:25 +01:00
loader_tags.py [1.6.x] Fixed #20949 -- Typo #2 in docstring 2013-08-21 10:50:27 -04:00
response.py Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse 2012-11-09 21:07:53 +01:00
smartif.py IfParser.next() method renamed to avoid confusion with iterator protocol. 2012-06-14 23:12:15 +01:00