Django Book 翻译
菜单>:
TOC
返回
原文:
Sharp-eyed readers may have noticed a possible security hole: were constructing the template name using interpolated content from the browser (``template="about/%s.html" % page`` ). At first glance, this looks like a classic *directory traversal* vulnerability (discussed in detail in Chapter 19). But is it really?
翻译:
眼尖的读者可能已经注意到一个可能的安全漏洞:我们直接使用从客户端浏览器来的数据构造 模板名称(``template="about/%s.html" % page`` )。乍看起来,这像是一个经典的 *目录遍历(directory traversal)* 攻击(详情请看第十九章)。事实真是这样吗?
备注:
译者: