Page MenuHomeDevCentral
Differential D3782

Don't call get_url from templates
ClosedPublic
Actions

Authored by dereckson on Oct 19 2025, 23:19.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 28, 11:40
Unknown Object (File)
Tue, Nov 25, 22:37
Unknown Object (File)
Wed, Nov 19, 07:28
Unknown Object (File)
Tue, Nov 18, 17:19
Unknown Object (File)
Mon, Nov 17, 17:02
Unknown Object (File)
Mon, Nov 17, 17:02
Unknown Object (File)
Sun, Nov 16, 02:18
Unknown Object (File)
Sat, Nov 15, 19:35
View All 48 Files
Subscribers
None

Details

Reviewers
dereckson
Commits
rOBSIDIAN1148d4ac4dce: Don't call get_url from templates
Summary

To avoid arbitrary execution of PHP code inside Smarty,
move the responsibility to call get_url() from the template
to the relevant controller code.

Diff Detail

Repository
rOBSIDIAN Obsidian Workspaces
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Oct 19 2025, 23:19
dereckson created this revision.
Harbormaster completed remote builds in B6054: Diff 9796.Oct 19 2025, 23:19
dereckson planned changes to this revision.Oct 19 2025, 23:21
dereckson added inline comments.
workspaces/src/controllers/errorpage.php
61 ↗(On Diff #9796)

Already defined line 56.

dereckson updated this revision to Diff 9797.Oct 19 2025, 23:22

Use already defined URL_HOME in 404

Harbormaster completed remote builds in B6055: Diff 9797.Oct 19 2025, 23:22
dereckson updated this revision to Diff 9798.Oct 19 2025, 23:23

-root_url too

Harbormaster completed remote builds in B6056: Diff 9798.Oct 19 2025, 23:23
dereckson accepted this revision.Oct 19 2025, 23:26
This revision is now accepted and ready to land.Oct 19 2025, 23:26
Closed by commit rOBSIDIAN1148d4ac4dce: Don't call get_url from templates (authored by dereckson). · Explain WhyOct 19 2025, 23:26
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOBSIDIAN1148d4ac4dce: Don't call get_url from templates.

Revision Contents
Changeset List

PathSize
workspaces/
src/
apps/
documents/
4 lines
content/
help/
2 lines
controllers/
6 lines
1 line
skins/
bluegray/
apps/
documents/
4 lines
errors/
2 lines
8 lines
12 lines
10 lines

Diff 9799

View Options

workspaces/src/apps/documents/DocumentsApplication.php

Loading...
View Options

workspaces/src/content/help/credits.html

Loading...
View Options

workspaces/src/controllers/header.php

Loading...
View Options

workspaces/src/controllers/help.php

Loading...
View Options

workspaces/src/skins/bluegray/apps/documents/documents_list.tpl

Loading...
View Options

workspaces/src/skins/bluegray/errors/404.tpl

Loading...
View Options

workspaces/src/skins/bluegray/header.tpl

Loading...
View Options

workspaces/src/skins/bluegray/nav_help.tpl

Loading...
View Options

workspaces/src/skins/bluegray/nav_main.tpl

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator