Closed GoogleCodeExporter closed 8 years ago
The reason insert file makes a copy of misc and variables is because those
are the two "writable" areas of the request, and the insert file literally
runs a request through the server to get the contents. For example, you
can insert a pike script and the result of running the script will be
called, not the contents of the file itself. For security
reasons, you wouldn't want a (potentially untrusted) inserted file to
write things back into the calling request.
I don't think that's the kind of thing we'd want to change in existing
code. It sounds like perhaps you need something a little different... do
you need to have the contents of a file parsed, or is being able to refer
to the file by its location in the virtual filesystem important? If not,
you could probably write a simple include tag module that just does a
read_file() and returns the content.
Original comment by Bill.Wel...@gmail.com
on 15 Oct 2008 at 2:10
[deleted comment]
This is a no issue.
Short story:
For not suffering such kind of side effect, just insert a file whose extension
is not parsed by your RXML parser,
like <insert file="foo.txt">
Long story:
http://thread.gmane.org/gmane.comp.web.server.caudium.devel/677
Original comment by bertrand.lupart
on 17 Oct 2008 at 7:57
Original issue reported on code.google.com by
bertrand.lupart
on 8 Oct 2008 at 4:16