Fixed vulnerability related w/ file include using absolute path

ac8bd203 · Vadym Gidulian · 17a82150 · ac8bd203
Commit ac8bd203 authored Dec 06, 2018 by Vadym Gidulian
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

templates.js src/models/templates.js +1 -1

No files found.
--- a/src/models/templates.js
+++ b/src/models/templates.js
@@ -36,7 +36,7 @@ module.exports = {
 		
 		switch (ext) {
 			case 'ejs':
-				return ejs.render(template, vars, {filename: `${TEMPLATES_DIR}/${templateName}`});
+				return ejs.compile(template, {filename: `${TEMPLATES_DIR}/${templateName}`, root: TEMPLATES_DIR})(vars);
 			case 'hbs':
 			case 'handlebars':
 				return handlebars.compile(template)(vars);