[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Online editing of Templates ?

Subject: Re: Online editing of Templates ?
From: Chris Travers <..hidden..>
Date: Mon, 26 Mar 2012 16:25:31 -0700

On Mon, Mar 26, 2012 at 3:57 PM, Robert James Clay <..hidden..> wrote:
> On Sun, 2012-03-11 at 22:25 -0400, Chris Travers wrote:
>> On Sun, Mar 11, 2012 at 7:17 PM, Robert James Clay <..hidden..> wrote:
>
>> > The package is installing most everything to /usr/share/ledgersmb, except:
>> > The css directory is going to /var/lib/ledgersmb/css, & the templates
>> > directory is going to /etc/ledgersmb  ....
>
>> I think you will trigger directory transversal checks in this case,
>> but at least it tells us what the problem is.
>
>    I've created a test build of 1.3.14 rc2.  No particular issue with
> the package build or with the package upgrade on the test system I'm
> running.  I'm still, however, seeing the "Directory transversal not
> allowed" error message when, for instance attempting to go to 'System|
> HTML Templates|Income Statement|en_US'.  This is what shows up for that
> "en_US" link:
> --------------------------------------------------------------------------
> http://lsmbtst/ledgersmb/am.pl?action=display_form&file=/etc/ledgersmb/templates/demo/en_US/income_statement.html&path=bin/mozilla&login=admin&sessionid=&code=en_US&callback=am.pl%3faction%3dlist_templates%26direction%3dDESC%26oldsort%3dcode%26file%3dincome_statement.html%26path%3dbin%2fmozilla%26login%3dadmin%26sessionid%3d

What is the templates directive set to in ledgersmb.conf?  This way I
can do some testing.

Best Wishes,
Chris Travers

> --------------------------------------------------------------------------
>
>    I noticed that there is no actual "en_US" directory, so tried the
> same kind of thing except for using "en" but ended up with the same
> error.  Tried changes to the directory configuration (LedgerSMB,
> Apaache, & file system) but that didn't seem to have changed anything...
>
>
>> Please file a bug for this one too.
>
>    Unless one of you say not to do so, I figure to open up a new bug
> for this after I have a chance to do more testing.  (And perhaps see if
> it's still there using a 1.3.14 release installation, including a
> 'standard' install...)
>
>
>
> Jame
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel

Follow-Ups:
- Re: Online editing of Templates ?
  - From: Robert James Clay

References:
- Online editing of Templates ?
  - From: Robert James Clay
- Re: Online editing of Templates ?
  - From: Chris Travers
- Re: Online editing of Templates ?
  - From: Robert James Clay
- Re: Online editing of Templates ?
  - From: Chris Travers
- Re: Online editing of Templates ?
  - From: Robert James Clay

Prev by Date: Re: Start of perl setup and drop db scripts
Next by Date: 1.4 progress
Previous by thread: Re: Online editing of Templates ?
Next by thread: Re: Online editing of Templates ?
Index(es):
- Date
- Thread