1 files changed, 19 insertions, 0 deletions

diff --git a/src/template.c b/src/template.c
index 3bd583b..20cf10b 100644
--- a/src/template.c
+++ b/src/template.c
@@ -757,6 +757,18 @@ static char *render_template_segment(const char *template_segment,
           strncpy(included_filename, filename_start, filename_len);
           included_filename[filename_len] = '\0';
 
+          if (strstr(included_filename, "..") != NULL || strchr(included_filename, '/') != NULL) {
+            fprintf(stderr,
+                    "[SECURITY] render_template_segment: Path traversal attempt in include: %s\n",
+                    included_filename);
+            free(included_filename);
+            append_to_buffer(&rendered_buffer, &current_len, &max_len,
+                             "<!-- Include blocked: path traversal not allowed -->");
+            current_pos = end_tag + 2;
+            free(tag_content_raw);
+            continue;
+          }
+
           char *included_html = render_template(included_filename, ctx);
           if (included_html) {
             append_to_buffer(&rendered_buffer, &current_len, &max_len,
@@ -926,6 +938,13 @@ static char *render_template_segment(const char *template_segment,
 char *render_template(const char *template_file, TemplateContext *ctx) {
   char full_path[MAX_PATH_LEN];
 
+  if (strstr(template_file, "..") != NULL) {
+    fprintf(stderr,
+            "[SECURITY] render_template: Path traversal attempt: %s\n",
+            template_file);
+    return NULL;
+  }
+
   snprintf(full_path, sizeof(full_path), "%s%s", TEMPLATES_DIR, template_file);
 
   FILE *fp = fopen(full_path, "r");