close Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#1 closed (fixed)

Template Exposure

Reported by: cmlenz Owned by:
Priority: critical Milestone:
Component: routing Keywords:
Cc:

Description

The builtin “static” templating view is set up as a catch-all fallback, so that if no other route matches, we look for a template on the requested path.

The problem with this is that you can request templates directly that should not be exposed this way. For example http://scratchpad.cmlenz.net/post.html. Most of the time, such requests will result in a 500 error, but they shouldn't even get that far, and instead just return a plain old 404.

Change History (2)

comment:1 Changed 14 years ago by cmlenz

  • Component set to forms
  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [40]. Static template rendering must be explicitly set up in the routing.

comment:2 Changed 14 years ago by cmlenz

  • Component changed from forms to routing
Note: See TracTickets for help on using tickets.