From 17ff44037aba4669f310395afb9375e220ca3f01 Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Mon, 10 Nov 2025 12:23:50 +0100
Subject: [PATCH] prevent use of paths in template names, only file names
 inside tpl directory are allowed

---
 lib/View.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/View.php b/lib/View.php
index dd15e321..65830323 100644
--- a/lib/View.php
+++ b/lib/View.php
@@ -66,7 +66,7 @@ class View
      */
     public static function getTemplateFilePath(string $template): string
     {
-        $file = self::isBootstrapTemplate($template) ? 'bootstrap' : $template;
+        $file = self::isBootstrapTemplate($template) ? 'bootstrap' : basename($template);
         return PATH . 'tpl' . DIRECTORY_SEPARATOR . $file . '.php';
     }