From af716fee174f2d790a8a65d9192e2aba6081b39b Mon Sep 17 00:00:00 2001
From: Antti Ajanki <antti.ajanki@iki.fi>
Date: Tue, 12 Apr 2011 20:13:18 +0300
Subject: Remove template dir test, symlinks cause false positives.

---
 src/libwebvi/webvi/request.py | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'src/libwebvi')

diff --git a/src/libwebvi/webvi/request.py b/src/libwebvi/webvi/request.py
index 117319a..82e0ebf 100644
--- a/src/libwebvi/webvi/request.py
+++ b/src/libwebvi/webvi/request.py
@@ -527,11 +527,6 @@ class Request:
 
         xsltpath = os.path.join(template_path, self.xsltfile)
 
-        # Check that xsltpath is inside the template directory
-        if os.path.commonprefix([template_path, os.path.realpath(xsltpath)]) != template_path:
-            self.request_done(503, 'Insecure template path')
-            return
-
         xml = self.dl.get_body()
         encoding = self.dl.get_encoding()
 
-- 
cgit v1.2.3