Item2047: it seems odd that INCLUDE of a url starting with ATTACHURL or PUBURL would be denied with 'This site does not allow %INCLUDE of URLs'
Priority: Enhancement
Current State: Duplicate
Released In: n/a
Target Release: minor
Applies To: Engine
Component: INCLUDE
Branches:
ProjectContributor shows the problem on a default new install..
Agreed, it does.
However the code has to be careful to ensure that there is no way for the path to be abused e.g. with relative path specifiers.
Note also this isn't as simple as it seems. If
viewfile
is in use, you can't short-circuit the URL to fetch the file directly, because you might be violating access controls. Fetching the URL by a request also might be a bad idea - there may be a good reason URL fetches are disallowed (such as proxy issues).
Confirmed, as an enhancement.
--
CrawfordCurrie - 25 Jun 2010
Closed as duplicate of
Item8906. I created
%$FOSWIKIAUTHORS%
BuildContrib var back in
Item9416 to stop this error on default installs.
--
PaulHarvey - 22 Feb 2012