From 3dc01aaaaf7cf070933a8f5ee9a5f9136503d676 Mon Sep 17 00:00:00 2001 From: Aymeric Augustin Date: Sun, 14 Dec 2014 22:59:51 +0100 Subject: Deprecated ALLOWED_INCLUDE_ROOTS. --- docs/ref/settings.txt | 5 +++++ docs/ref/templates/builtins.txt | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'docs/ref') diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 11db92fe05..de50302e97 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -123,6 +123,11 @@ ALLOWED_INCLUDE_ROOTS Default: ``()`` (Empty tuple) +.. deprecated:: 1.8 + + Set the ``'allowed_include_roots'`` option in the :setting:`OPTIONS + ` of a ``DjangoTemplates`` backend instead. + A tuple of strings representing allowed prefixes for the ``{% ssi %}`` template tag. This is a security measure, so that template authors can't access files that they shouldn't be accessing. diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 8e4dc05d38..dced4cdee6 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -996,8 +996,8 @@ file are evaluated as template code, within the current context:: {% ssi '/home/html/ljworld.com/includes/right_generic.html' parsed %} Note that if you use ``{% ssi %}``, you'll need to define -:setting:`ALLOWED_INCLUDE_ROOTS` in your Django settings, as a security -measure. +``'allowed_include_roots'`` in the :setting:`OPTIONS ` of +your template engine, as a security measure. .. note:: With the :ttag:`ssi` tag and the ``parsed`` parameter -- cgit v1.3