diff options
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/settings.txt | 5 | ||||
| -rw-r--r-- | docs/ref/templates/builtins.txt | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 11db92fe05..de50302e97 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -123,6 +123,11 @@ ALLOWED_INCLUDE_ROOTS Default: ``()`` (Empty tuple) +.. deprecated:: 1.8 + + Set the ``'allowed_include_roots'`` option in the :setting:`OPTIONS + <TEMPLATES-OPTIONS>` of a ``DjangoTemplates`` backend instead. + A tuple of strings representing allowed prefixes for the ``{% ssi %}`` template tag. This is a security measure, so that template authors can't access files that they shouldn't be accessing. diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 8e4dc05d38..dced4cdee6 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -996,8 +996,8 @@ file are evaluated as template code, within the current context:: {% ssi '/home/html/ljworld.com/includes/right_generic.html' parsed %} Note that if you use ``{% ssi %}``, you'll need to define -:setting:`ALLOWED_INCLUDE_ROOTS` in your Django settings, as a security -measure. +``'allowed_include_roots'`` in the :setting:`OPTIONS <TEMPLATES-OPTIONS>` of +your template engine, as a security measure. .. note:: With the :ttag:`ssi` tag and the ``parsed`` parameter |
