From 5f3d9f1f80af84c71baed2fd9108aa1494ecaba5 Mon Sep 17 00:00:00 2001
From: Dieter Hametner <dh (plus) vdr (at) gekrumbel (dot) de>
Date: Sat, 8 Sep 2007 22:53:20 +0000
Subject: - Fixed bug #387. content.ecpp delivers only absolute path requests  
 without '..' in them.

---
 doc/ChangeLog | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/ChangeLog b/doc/ChangeLog
index ec88141..dc00cd3 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,10 @@
-2007-09-07  Dieter Hametner  <dieter@air.mittelstation.de>
+2007-09-09  Dieter Hametner  <dh+vdr at gekrumbel dot de>
+
+	* tntconfig.cpp: allways give absolute paths to content.ecpp
+	* pages/content.ecpp: check for absolute paths which don't contain
+		upward references (e.g. '../') and deny such requests.
+
+2007-09-07  Dieter Hametner  <dh+vdr at gekrumbel dot de>
 
 	* tntconfig.cpp: Checked and adapted MapUrl regular expressions
 	                 to be more live setup secure.
-- 
cgit v1.2.3