Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49800

Do not allow templates in sub folders.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.9
    • 2.9
    • JavaScript, Themes
    • MOODLE_29_STABLE
    • MOODLE_29_STABLE
    • MDL-49800-master
    • Hide
      1. Create the file empty_page.php using the following: 

        <?php
        		 
        require_once('config.php');
        		 
        $PAGE->set_context(context_system::instance());
        		 
        $PAGE->set_url('/empty_page.php');
        		 
        $PAGE->set_heading('Empty page');
        		 
        $PAGE->set_pagelayout('admin');
        		 
        echo $OUTPUT->header();
        		 
        echo $OUTPUT->render_from_template('core/notification_problem', array('message' => 'Notification displayed'));
        		 
        // echo $OUTPUT->render_from_template('core/output/notification_problem', array('message' => 'Notification that should NOT be displayed'));
        		 
        echo $OUTPUT->footer();

      2. Copy lib/templates/notification_problem.mustache to lib/templates/output/notification_problem.mustache
      3. Access that page, and confirm that the first notification is displayed
      4. Uncomment the notification that was commented, and comment the other one
      5. Refresh the page, and confirm that an exception is raised because the file is in a subdirectory

      If time allows, that'd be good to test again on a Windows server

      Show
      Create the file empty_page.php using the following: <?php require_once('config.php'); $PAGE->set_context(context_system::instance()); $PAGE->set_url('/empty_page.php'); $PAGE->set_heading('Empty page'); $PAGE->set_pagelayout('admin'); echo $OUTPUT->header(); echo $OUTPUT->render_from_template('core/notification_problem', array('message' => 'Notification displayed')); // echo $OUTPUT->render_from_template('core/output/notification_problem', array('message' => 'Notification that should NOT be displayed')); echo $OUTPUT->footer(); Copy lib/templates/notification_problem.mustache to lib/templates/output/notification_problem.mustache Access that page, and confirm that the first notification is displayed Uncomment the notification that was commented, and comment the other one Refresh the page, and confirm that an exception is raised because the file is in a subdirectory If time allows, that'd be good to test again on a Windows server
    • Team '; drop tables Sprint 6

      Currently this accidentally works for templates rendered in php - but does not work for javascript templates, or the template library tool. It is not a good idea because:

      • Nested template folders make it harder for a themer to work out where to put their overridden template
      • Path issues on different OS
      • Security issues (core/../../../../../../../passwd) (This is not a real issue, just and example).

            fred Frédéric Massart
            damyon Damyon Wiese
            Simey Lameze Simey Lameze
            Dan Poltawski Dan Poltawski
            Adrian Greeve Adrian Greeve
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.