mirror of
https://github.com/knadh/listmonk.git
synced 2025-10-06 21:36:54 +08:00
Remove dangerous tpl funcs in Sprig that's enabled by default.
`env` and `expandenv` template functions in the Sprig library allow accessing system environment variables within campaign templates.
This commit is contained in:
parent
6fc6c1ecea
commit
d27d2c32cf
2 changed files with 10 additions and 2 deletions
|
@ -988,7 +988,11 @@ func initTplFuncs(i *i18n.I18n, u *UrlConfig) template.FuncMap {
|
|||
}
|
||||
|
||||
// Copy spring functions.
|
||||
maps.Copy(funcs, sprig.GenericFuncMap())
|
||||
sprigFuncs := sprig.GenericFuncMap()
|
||||
delete(sprigFuncs, "env")
|
||||
delete(sprigFuncs, "expandenv")
|
||||
|
||||
maps.Copy(funcs, sprigFuncs)
|
||||
|
||||
return funcs
|
||||
}
|
||||
|
|
|
@ -621,7 +621,11 @@ func (m *Manager) makeGnericFuncMap() template.FuncMap {
|
|||
}
|
||||
|
||||
// Copy spring functions.
|
||||
maps.Copy(funcs, sprig.GenericFuncMap())
|
||||
sprigFuncs := sprig.GenericFuncMap()
|
||||
delete(sprigFuncs, "env")
|
||||
delete(sprigFuncs, "expandenv")
|
||||
|
||||
maps.Copy(funcs, sprigFuncs)
|
||||
|
||||
return funcs
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue