tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-18 21:48:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

partially revert #1559

Browse Source 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
This commit is contained in:
El RIDO
2025-11-10 17:27:11 +01:00
parent a479d75405
commit dae5f7fd61
4 changed files with 12 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tst/ViewTest.php
-16
View File
@@ -141,20 +141,4 @@ class ViewTest extends TestCase
$this->expectExceptionCode(80);
$test->draw('123456789 does not exist!');
}
public function testTemplateFilePath()
{
$template = 'bootstrap';
$templatePath = PATH . 'tpl' . DIRECTORY_SEPARATOR . $template . '.php';
$path = View::getTemplateFilePath($template);
$this->assertEquals($templatePath, $path, 'Template file path');
}
public function testIsBootstrapTemplate()
{
$bootstrapTemplate = 'bootstrap-dark';
$nonBootstrapTemplate = 'bootstrap5';
$this->assertTrue(View::isBootstrapTemplate($bootstrapTemplate), 'Is bootstrap template');
$this->assertFalse(View::isBootstrapTemplate($nonBootstrapTemplate), 'Is not bootstrap template');
}
}