From 89d982715c3b3a55eb91c7610e254e3fd3cdd4f6 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sun, 17 Aug 2014 19:24:31 +0530 Subject: [PATCH] Don't read arbitrary files from doc directory Exposing all the files in doc directory is not a safe thing to do. It is best to let only intended file to be read and displayed. --- modules/help/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/help/urls.py b/modules/help/urls.py index 89e7e6ce0..38adfc807 100644 --- a/modules/help/urls.py +++ b/modules/help/urls.py @@ -30,5 +30,5 @@ urlpatterns = patterns( # pylint: disable-msg=C0103 url(r'^help/$', 'index', name='index'), url(r'^help/index/$', 'index', name='index_explicit'), url(r'^help/about/$', 'about', name='about'), - url(r'^help/page/([\w]+)/$', 'helppage', name='helppage'), + url(r'^help/page/(plinth|hacking|faq)/$', 'helppage', name='helppage'), )