Re: Online editing of Templates ?

[Robert James Clay <..hidden..>]

On Sun, 2012-03-11 at 22:25 -0400, Chris Travers wrote:
> On Sun, Mar 11, 2012 at 7:17 PM, Robert James Clay <..hidden..> wrote:

> > The package is installing most everything to /usr/share/ledgersmb, except:
> > The css directory is going to /var/lib/ledgersmb/css, & the templates
> > directory is going to /etc/ledgersmb  ....

> I think you will trigger directory transversal checks in this case,
> but at least it tells us what the problem is.

    I've created a test build of 1.3.14 rc2.  No particular issue with
the package build or with the package upgrade on the test system I'm
running.  I'm still, however, seeing the "Directory transversal not
allowed" error message when, for instance attempting to go to 'System|
HTML Templates|Income Statement|en_US'.  This is what shows up for that
"en_US" link:
--------------------------------------------------------------------------
http://lsmbtst/ledgersmb/am.pl?action=display_form&file=/etc/ledgersmb/templates/demo/en_US/income_statement.html&path=bin/mozilla&login=admin&sessionid=&code=en_US&callback=am.pl%3faction%3dlist_templates%26direction%3dDESC%26oldsort%3dcode%26file%3dincome_statement.html%26path%3dbin%2fmozilla%26login%3dadmin%26sessionid%3d
--------------------------------------------------------------------------

    I noticed that there is no actual "en_US" directory, so tried the
same kind of thing except for using "en" but ended up with the same
error.  Tried changes to the directory configuration (LedgerSMB,
Apaache, & file system) but that didn't seem to have changed anything...


> Please file a bug for this one too.

    Unless one of you say not to do so, I figure to open up a new bug
for this after I have a chance to do more testing.  (And perhaps see if
it's still there using a 1.3.14 release installation, including a
'standard' install...)



Jame