Remove template dir test, symlinks cause false positives.

author: Antti Ajanki <antti.ajanki@iki.fi> 2011-04-12 20:13:18 +0300
committer: Antti Ajanki <antti.ajanki@iki.fi> 2011-04-12 20:13:18 +0300
commit: af716fee174f2d790a8a65d9192e2aba6081b39b (patch)
tree: 78162177cd27dc415d61e2137607960216af103b /src/libwebvi
parent: aca37231d53d337ae7a06308bf469c7a21e29e35 (diff)
download: vdr-plugin-webvideo-af716fee174f2d790a8a65d9192e2aba6081b39b.tar.gz
vdr-plugin-webvideo-af716fee174f2d790a8a65d9192e2aba6081b39b.tar.bz2
1 files changed, 0 insertions, 5 deletions
diff --git a/src/libwebvi/webvi/request.py b/src/libwebvi/webvi/request.py
index 117319a..82e0ebf 100644
--- a/src/libwebvi/webvi/request.py
+++ b/src/libwebvi/webvi/request.py
@@ -527,11 +527,6 @@ class Request:
 
         xsltpath = os.path.join(template_path, self.xsltfile)
 
-        # Check that xsltpath is inside the template directory
-        if os.path.commonprefix([template_path, os.path.realpath(xsltpath)]) != template_path:
-            self.request_done(503, 'Insecure template path')
-            return
-
         xml = self.dl.get_body()
         encoding = self.dl.get_encoding()
author	Antti Ajanki <antti.ajanki@iki.fi>	2011-04-12 20:13:18 +0300
committer	Antti Ajanki <antti.ajanki@iki.fi>	2011-04-12 20:13:18 +0300
commit	af716fee174f2d790a8a65d9192e2aba6081b39b (patch)
tree	78162177cd27dc415d61e2137607960216af103b /src/libwebvi
parent	aca37231d53d337ae7a06308bf469c7a21e29e35 (diff)
download	vdr-plugin-webvideo-af716fee174f2d790a8a65d9192e2aba6081b39b.tar.gz vdr-plugin-webvideo-af716fee174f2d790a8a65d9192e2aba6081b39b.tar.bz2