NoAbsolute

Deny websites the ability to request access to absolute filenames on the system.

Synopsis

This is a Yes or No directive.  The default is No.

Scope

This directive is only available for use in the global (interchange.cfg) configuration file, and will affect all websites running under the Interchange installation.  It will not work in a website's local (catalog.cfg) configuration file. 

Description

This directive controls whether tags such as [file] and [include] etc. can request access to any file on the system

If this directive is set true (Yes) then only files relative to the website's home directory may be requested.  The website's home directory is defined by the Catalog global configuration directive.  If this directive is set false (No) then any file may be requested (subject to user permissions).

Note This does not apply when testing to see whether a file exists, as with [if file].  This operation is allowed regardless of the NoAbsolute value.

Warning The default (No) should be changed to Yes in a multi-user environment to minimise security risks.