Mercurial > genshi > mirror

--- a/genshi/template/__init__.py
+++ b/genshi/template/__init__.py
@@ -15,7 +15,7 @@

 from genshi.template.base import Context, Template, TemplateError, \
                                  TemplateRuntimeError, TemplateSyntaxError, \
-                                 BadDirectiveError
+                                 BadDirectiveError, SecurityError
 from genshi.template.loader import TemplateLoader, TemplateNotFound
 from genshi.template.markup import MarkupTemplate
 from genshi.template.text import TextTemplate, OldTextTemplate, NewTextTemplate
--- a/genshi/template/base.py
+++ b/genshi/template/base.py
@@ -104,6 +104,11 @@
     """


+class SecurityError(TemplateError):
+    """Exception raised in restricted mode if a template tried to exploit a
+    trap."""
+
+
 class Context(object):
     """Container for template input data.
--- a/genshi/template/loader.py
+++ b/genshi/template/loader.py
@@ -19,7 +19,7 @@
 except ImportError:
     import dummy_threading as threading

-from genshi.template.base import TemplateError
+from genshi.template.base import TemplateError, SecurityError
 from genshi.util import LRUCache

 __all__ = ['TemplateLoader', 'TemplateNotFound']
@@ -185,6 +185,9 @@

             if os.path.isabs(filename):
                 # Bypass the search path if the requested filename is absolute
+                # but raise an exception if we are in restricted mode.
+                if self.restricted:
+                    raise SecurityError()
                 search_path = [os.path.dirname(filename)]
                 isabs = True