[interchange-cvs] interchange - kwalsh modified lib/Vend/File.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Thu Jan 24 17:11:13 EST 2008


User:      kwalsh
Date:      2008-01-24 22:11:13 GMT
Modified:  lib/Vend File.pm
Log:
    * Allow [include] et. al. to scan the local TemplateDir as well as the
      global version.  I don't see any security issues.  As most users will
      reference the file directly, the extra directory scan overhead should
      not effect a lot of setups.

Revision  Changes    Path
2.26      +3 -6      interchange/lib/Vend/File.pm


rev 2.26, prev_rev 2.25
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.25
retrieving revision 2.26
diff -u -r2.25 -r2.26
--- File.pm	9 Aug 2007 13:40:53 -0000	2.25
+++ File.pm	24 Jan 2008 22:11:13 -0000	2.26
@@ -1,6 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.25 2007/08/09 13:40:53 pajamian Exp $
+# $Id: File.pm,v 2.26 2008/01/24 22:11:13 kwalsh Exp $
 # 
 # Copyright (C) 2002-2007 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -55,7 +55,7 @@
 use File::Copy;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.25 $, 10);
+$VERSION = substr(q$Revision: 2.26 $, 10);
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -160,9 +160,6 @@
 # Careful, needs the full path, or will be read relative to
 # VendRoot..and will return binary. Should be tested by
 # the user.
-
-# Will also look in the *global* TemplateDir. (No need for the
-# extra overhead of local TemplateDir, probably also insecure.)
 #
 # To ensure security in multiple catalog setups, leading /
 # is not allowed if $Global::NoAbsolute) is true and the file
@@ -188,7 +185,7 @@
 		$file = $ifile;
 	}
 	else {
-		for( ".", @{$Global::TemplateDir} ) {
+		for( ".", @{$Vend::Cfg->{TemplateDir} || []}, @{$Global::TemplateDir || []}) {
 			next if ! -f "$_/$ifile";
 			$file = "$_/$ifile";
 			last;








More information about the interchange-cvs mailing list