protect inline templates from static dispatcher

mojolicious · Jul 28, 2010 · 82dfd94 · 82dfd94
1 parent 8c34723
commit 82dfd94
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/lib/MojoX/Dispatcher/Static.pm b/lib/MojoX/Dispatcher/Static.pm
@@ -232,6 +232,9 @@ EOF
 sub _get_inline_file {
     my ($self, $c, $rel) = @_;
 
+    # Protect templates
+    return if $rel =~ /\.\w+\.\w+$/;
+
     # Class
     my $class =
          $c->stash->{static_class}

diff --git a/lib/Mojolicious/Lite.pm b/lib/Mojolicious/Lite.pm
@@ -627,8 +627,11 @@ directory.
         $self->render('foo/bar');
     };
 
-Static files will be automatically served from the C<public> directory if it
-exists.
+Static files will be automatically served from the C<DATA> section or a
+C<public> directory if it exists.
+
+    @@ something.js
+    alert('hello!');
 
     % mkdir public
     % mv something.js public/something.js

diff --git a/t/mojolicious/lite_app.t b/t/mojolicious/lite_app.t
@@ -16,7 +16,7 @@ use Test::More;
 # Make sure sockets are working
 plan skip_all => 'working sockets required for this test!'
   unless Mojo::IOLoop->new->generate_port;
-plan tests => 456;
+plan tests => 461;
 
 # Pollution
 123 =~ m/(\d+)/;
@@ -512,6 +512,12 @@ $t->get_ok('/static.txt', {'Range' => 'bytes=2-5'})->status_is(206)
   ->header_is('Accept-Ranges' => 'bytes')->header_is('Content-Length' => 4)
   ->content_is('st s');
 
+# GET /template.txt.epl (protected inline template)
+$t->get_ok('/template.txt.epl')->status_is(404)
+  ->header_is(Server         => 'Mojolicious (Perl)')
+  ->header_is('X-Powered-By' => 'Mojolicious (Perl)')
+  ->content_like(qr/Oops!/);
+
 # GET /null/0
 $t->get_ok('/null/0')->status_is(200)
   ->header_is(Server         => 'Mojolicious (Perl)')