Welcome to Geeklog, Anonymous Sunday, January 18 2026 @ 03:41 pm EST
Geeklog Forums
Request for Change: Shorten {templatelocation} Path to Improve Security
Status: offline
ivy
Forum User
Full Member
Registered: 11/25/04
Posts: 319
Location:Tokyo Japan
Hello Geeklog Team,
I've noticed that the {templatelocation} tag currently displays the full server path, which could potentially expose sensitive information about the server's directory structure. From a security perspective, it would be safer if we could limit the displayed path to just the last 20 characters, or some other truncated version, to avoid disclosing too much information.
Is it possible to modify this functionality so that the {templatelocation} tag outputs only a shortened version of the path, rather than the full server path? This would greatly enhance the security of the system.
I'll temporarily trim it to the last 40 characters for now.
{
$str = '';
if (!is_array($varName)) {
if ($this->debug & 4) {
echo "<p><b>parse:</b> (with scalar) target = $target, varName = $varName, append = $append</p>\n";
}
if (isset($this->location[$varName])) {
// Change full path to the last 40 characters
$this->set_var('templatelocation', substr($this->location[$varName], -40));
}
$str = $this->subst($varName);
if ($append) {
$this->set_var($target, $this->get_var($target) . $str);
} else {
$this->set_var($target, $str);
}
} else {
foreach ($varName as $i => $v) {
if ($this->debug & 4) {
echo "<p><b>parse:</b> (with array) target = $target, i = $i, varName = $v, append = $append</p>\n";
}
// Change full path to the last 40 characters
$this->set_var('templatelocation', substr($this->location[$v], -40));
$str = $this->subst($v);
if ($append) {
$this->set_var($target, $this->get_var($target) . $str);
} else {
$this->set_var($target, $str);
}
}
}
if ($this->debug & 4) {
echo "<p><b>parse:</b> completed</p>\n";
}
return $str;
}
Thank you for considering this request!
Best regards,
Ivy
Geeklog Japan https://www.geeklog.jp
I've noticed that the {templatelocation} tag currently displays the full server path, which could potentially expose sensitive information about the server's directory structure. From a security perspective, it would be safer if we could limit the displayed path to just the last 20 characters, or some other truncated version, to avoid disclosing too much information.
Is it possible to modify this functionality so that the {templatelocation} tag outputs only a shortened version of the path, rather than the full server path? This would greatly enhance the security of the system.
I'll temporarily trim it to the last 40 characters for now.
Text Formatted Code
public function parse($target, $varName, $append = false){
$str = '';
if (!is_array($varName)) {
if ($this->debug & 4) {
echo "<p><b>parse:</b> (with scalar) target = $target, varName = $varName, append = $append</p>\n";
}
if (isset($this->location[$varName])) {
// Change full path to the last 40 characters
$this->set_var('templatelocation', substr($this->location[$varName], -40));
}
$str = $this->subst($varName);
if ($append) {
$this->set_var($target, $this->get_var($target) . $str);
} else {
$this->set_var($target, $str);
}
} else {
foreach ($varName as $i => $v) {
if ($this->debug & 4) {
echo "<p><b>parse:</b> (with array) target = $target, i = $i, varName = $v, append = $append</p>\n";
}
// Change full path to the last 40 characters
$this->set_var('templatelocation', substr($this->location[$v], -40));
$str = $this->subst($v);
if ($append) {
$this->set_var($target, $this->get_var($target) . $str);
} else {
$this->set_var($target, $str);
}
}
}
if ($this->debug & 4) {
echo "<p><b>parse:</b> completed</p>\n";
}
return $str;
}
Thank you for considering this request!
Best regards,
Ivy
Geeklog Japan https://www.geeklog.jp
12
15
Quote
All times are EST. The time is now 03:41 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content