This page documents the TEMPLATEDIR configuration setting in FormMail.
Type Of Setting
TEMPLATEDIR is an OPTIONAL setting, which means...
OPTIONAL : you can change this setting if you need to, but the default value is fine for most circumstances.
Sets the directory/folder for template files.
Set TEMPLATEDIR to the directory/folder on your server where template files are stored.
If you want to specify "good_template", "bad_template", "HTMLTemplate" or "PlainTemplate" in your forms, the templates must be found in the directory/folder you specify with this configuration setting (or the alternative setting TEMPLATEURL). This is a necessary step to prevent security problems. For example, without this measure, an attacker might be able to gain access to any file on your server.
We recommend you set aside a particular directory on your server for all your templates.
NOTE: on Windows servers, use '/' instead of '\' or double the '\', like this:
Note that the actual template file path name is created by appending a '/' and the file name you provide in the form (with good_template, bad_template, HTMLTemplate, or PlainTemplate) to the TEMPLATEDIR setting. But, for security reasons, any path components preceding the file name are stripped. For example, with
<input type="hidden" name="good_template" value="path/to/ok.htm" />
the good_template value is stripped down to:
before being appended to TEMPLATEDIR.
$TEMPLATEDIR = "";
$TEMPLATEDIR = "/home/mysite/public_html/templates";