1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-26 00:55:14 +00:00

- Updated to 1.7.3

- Removed Upload class patch file - now included in 1.7.3

Version 1.7.3 is a security maintenance release, including a
previously patched file Upload class, and a new security fix
to prevent possible directory traversal in certain circumstances.
There are no other significant changes.

PR:		ports/152878
Submitted by:	Bo-Yi Wu <appleboy dot tw at gmail dot com>
This commit is contained in:
Greg Larkin 2010-12-14 15:06:14 +00:00
parent 811f0ee2ce
commit 3c45613cb4
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=266290
8 changed files with 20 additions and 512 deletions

View File

@ -6,8 +6,7 @@
#
PORTNAME= codeigniter
PORTVERSION= 1.7.2
PORTREVISION= 1
PORTVERSION= 1.7.3
CATEGORIES= www
MASTER_SITES= http://codeigniter.com/download_files/ \
LOCAL/glarkin
@ -149,9 +148,6 @@ confighelp:
@${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html"
@${ECHO_MSG} ""
post-patch:
@cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR}
@for i in ${CI_CONF_FILES}; do \

View File

@ -1,3 +1,2 @@
MD5 (CodeIgniter_1.7.2.zip) = 3ce815c3ee66933d926bb51428371a38
SHA256 (CodeIgniter_1.7.2.zip) = bb870c1cc7297634fe44b81c5c40023c5175a3c2365da9b18a371274c09b1512
SIZE (CodeIgniter_1.7.2.zip) = 2227891
SHA256 (CodeIgniter_1.7.3.zip) = df207c4bf4b1a34de54f21e269cd4bffe894f1b429d12b9b040e9067dac545fe
SIZE (CodeIgniter_1.7.3.zip) = 2234099

View File

@ -1,245 +0,0 @@
--- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400
+++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc.
+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -26,31 +26,33 @@
*/
class CI_Upload {
- var $max_size = 0;
- var $max_width = 0;
- var $max_height = 0;
- var $max_filename = 0;
- var $allowed_types = "";
- var $file_temp = "";
- var $file_name = "";
- var $orig_name = "";
- var $file_type = "";
- var $file_size = "";
- var $file_ext = "";
- var $upload_path = "";
- var $overwrite = FALSE;
- var $encrypt_name = FALSE;
- var $is_image = FALSE;
- var $image_width = '';
- var $image_height = '';
- var $image_type = '';
- var $image_size_str = '';
- var $error_msg = array();
- var $mimes = array();
- var $remove_spaces = TRUE;
- var $xss_clean = FALSE;
- var $temp_prefix = "temp_file_";
-
+ var $max_size = 0;
+ var $max_width = 0;
+ var $max_height = 0;
+ var $max_filename = 0;
+ var $allowed_types = "";
+ var $file_temp = "";
+ var $file_name = "";
+ var $orig_name = "";
+ var $file_type = "";
+ var $file_size = "";
+ var $file_ext = "";
+ var $upload_path = "";
+ var $overwrite = FALSE;
+ var $encrypt_name = FALSE;
+ var $is_image = FALSE;
+ var $image_width = '';
+ var $image_height = '';
+ var $image_type = '';
+ var $image_size_str = '';
+ var $error_msg = array();
+ var $mimes = array();
+ var $remove_spaces = TRUE;
+ var $xss_clean = FALSE;
+ var $temp_prefix = "temp_file_";
+ var $client_name = '';
+
+ var $_file_name_override = '';
/**
* Constructor
*
@@ -101,7 +103,8 @@
'mimes' => array(),
'remove_spaces' => TRUE,
'xss_clean' => FALSE,
- 'temp_prefix' => "temp_file_"
+ 'temp_prefix' => "temp_file_",
+ 'client_name' => ''
);
@@ -124,6 +127,10 @@
$this->$key = $val;
}
}
+
+ // if a file_name was provided in the config, use it instead of the user input
+ // supplied file name for all uploads until initialized again
+ $this->_file_name_override = $this->file_name;
}
// --------------------------------------------------------------------
@@ -187,17 +194,12 @@
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
- $this->file_size = $_FILES[$field]['size'];
+ $this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
- $this->file_type = strtolower($this->file_type);
- $this->file_ext = $this->get_extension($_FILES[$field]['name']);
-
- // Convert the file size to kilobytes
- if ($this->file_size > 0)
- {
- $this->file_size = round($this->file_size/1024, 2);
- }
+ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
+ $this->file_ext = $this->get_extension($this->file_name);
+ $this->client_name = $this->file_name;
// Is the file type allowed to be uploaded?
if ( ! $this->is_allowed_filetype())
@@ -205,6 +207,25 @@
$this->set_error('upload_invalid_filetype');
return FALSE;
}
+
+ // if we're overriding, let's now make sure the new name and type is allowed
+ if ($this->_file_name_override != '')
+ {
+ $this->file_name = $this->_prep_filename($this->_file_name_override);
+ $this->file_ext = $this->get_extension($this->file_name);
+
+ if ( ! $this->is_allowed_filetype(TRUE))
+ {
+ $this->set_error('upload_invalid_filetype');
+ return FALSE;
+ }
+ }
+
+ // Convert the file size to kilobytes
+ if ($this->file_size > 0)
+ {
+ $this->file_size = round($this->file_size/1024, 2);
+ }
// Is the file size within the allowed maximum?
if ( ! $this->is_allowed_filesize())
@@ -312,6 +333,7 @@
'full_path' => $this->upload_path.$this->file_name,
'raw_name' => str_replace($this->file_ext, '', $this->file_name),
'orig_name' => $this->orig_name,
+ 'client_name' => $this->client_name,
'file_ext' => $this->file_ext,
'file_size' => $this->file_size,
'is_image' => $this->is_image(),
@@ -549,43 +571,49 @@
* @access public
* @return bool
*/
- function is_allowed_filetype()
+ function is_allowed_filetype($ignore_mime = FALSE)
{
if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
{
$this->set_error('upload_no_file_types');
return FALSE;
}
+
+ $ext = strtolower(ltrim($this->file_ext, '.'));
+
+ if ( ! in_array($ext, $this->allowed_types))
+ {
+ return FALSE;
+ }
+ // Images get some additional checks
$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
- foreach ($this->allowed_types as $val)
+ if (in_array($ext, $image_types))
{
- $mime = $this->mimes_types(strtolower($val));
-
- // Images get some additional checks
- if (in_array($val, $image_types))
+ if (getimagesize($this->file_temp) === FALSE)
{
- if (getimagesize($this->file_temp) === FALSE)
- {
- return FALSE;
- }
- }
+ return FALSE;
+ }
+ }
- if (is_array($mime))
- {
- if (in_array($this->file_type, $mime, TRUE))
- {
- return TRUE;
- }
- }
- else
+ if ($ignore_mime === TRUE)
+ {
+ return TRUE;
+ }
+
+ $mime = $this->mimes_types($ext);
+
+ if (is_array($mime))
+ {
+ if (in_array($this->file_type, $mime, TRUE))
{
- if ($mime == $this->file_type)
- {
- return TRUE;
- }
- }
+ return TRUE;
+ }
+ }
+ elseif ($mime == $this->file_type)
+ {
+ return TRUE;
}
return FALSE;
@@ -918,7 +946,7 @@
foreach ($parts as $part)
{
- if ($this->mimes_types(strtolower($part)) === FALSE)
+ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
{
$filename .= '.'.$part.'_';
}
@@ -928,13 +956,6 @@
}
}
- // file name override, since the exact name is provided, no need to
- // run it through a $this->mimes check.
- if ($this->file_name != '')
- {
- $filename = $this->file_name;
- }
-
$filename .= '.'.$ext;
return $filename;

View File

@ -75,8 +75,11 @@
%%PORTDOCS%%%%DOCSDIR%%/images/codeigniter_1.7.1_library_reference.png
%%PORTDOCS%%%%DOCSDIR%%/images/file.gif
%%PORTDOCS%%%%DOCSDIR%%/images/folder.gif
%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/smile.gif
%%PORTDOCS%%%%DOCSDIR%%/images/transparent.gif
@ -102,6 +105,7 @@
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_170.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_171.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_172.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_173.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_b11.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrading.html
%%PORTDOCS%%%%DOCSDIR%%/libraries/benchmark.html
@ -295,7 +299,6 @@
%%WWWDIR%%/system/libraries/Ftp.php
%%WWWDIR%%/system/libraries/Hooks.php
%%WWWDIR%%/system/libraries/Image_lib.php
%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/libraries/Input.php
%%WWWDIR%%/system/libraries/Language.php
%%WWWDIR%%/system/libraries/Loader.php
@ -311,23 +314,24 @@
%%WWWDIR%%/system/libraries/Table.php
%%WWWDIR%%/system/libraries/Trackback.php
%%WWWDIR%%/system/libraries/Typography.php
%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/Unit_test.php
%%WWWDIR%%/system/libraries/Upload.php
%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/User_agent.php
%%WWWDIR%%/system/libraries/Validation.php
%%WWWDIR%%/system/libraries/Xmlrpc.php
%%WWWDIR%%/system/libraries/Xmlrpcs.php
%%WWWDIR%%/system/libraries/Zip.php
%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/logs/index.html
%%WWWDIR%%/system/plugins/captcha_pi.php
%%WWWDIR%%/system/plugins/index.html
%%WWWDIR%%/system/plugins/js_calendar_pi.php
%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/images/background.jpg
%%WWWDIR%%/system/scaffolding/images/index.html
%%WWWDIR%%/system/scaffolding/images/logo.jpg
%%WWWDIR%%/system/scaffolding/index.html
%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/views/add.php
%%WWWDIR%%/system/scaffolding/views/delete.php
%%WWWDIR%%/system/scaffolding/views/edit.php

View File

@ -6,8 +6,7 @@
#
PORTNAME= codeigniter
PORTVERSION= 1.7.2
PORTREVISION= 1
PORTVERSION= 1.7.3
CATEGORIES= www
MASTER_SITES= http://codeigniter.com/download_files/ \
LOCAL/glarkin
@ -149,9 +148,6 @@ confighelp:
@${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html"
@${ECHO_MSG} ""
post-patch:
@cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR}
@for i in ${CI_CONF_FILES}; do \

View File

@ -1,3 +1,2 @@
MD5 (CodeIgniter_1.7.2.zip) = 3ce815c3ee66933d926bb51428371a38
SHA256 (CodeIgniter_1.7.2.zip) = bb870c1cc7297634fe44b81c5c40023c5175a3c2365da9b18a371274c09b1512
SIZE (CodeIgniter_1.7.2.zip) = 2227891
SHA256 (CodeIgniter_1.7.3.zip) = df207c4bf4b1a34de54f21e269cd4bffe894f1b429d12b9b040e9067dac545fe
SIZE (CodeIgniter_1.7.3.zip) = 2234099

View File

@ -1,245 +0,0 @@
--- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400
+++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc.
+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -26,31 +26,33 @@
*/
class CI_Upload {
- var $max_size = 0;
- var $max_width = 0;
- var $max_height = 0;
- var $max_filename = 0;
- var $allowed_types = "";
- var $file_temp = "";
- var $file_name = "";
- var $orig_name = "";
- var $file_type = "";
- var $file_size = "";
- var $file_ext = "";
- var $upload_path = "";
- var $overwrite = FALSE;
- var $encrypt_name = FALSE;
- var $is_image = FALSE;
- var $image_width = '';
- var $image_height = '';
- var $image_type = '';
- var $image_size_str = '';
- var $error_msg = array();
- var $mimes = array();
- var $remove_spaces = TRUE;
- var $xss_clean = FALSE;
- var $temp_prefix = "temp_file_";
-
+ var $max_size = 0;
+ var $max_width = 0;
+ var $max_height = 0;
+ var $max_filename = 0;
+ var $allowed_types = "";
+ var $file_temp = "";
+ var $file_name = "";
+ var $orig_name = "";
+ var $file_type = "";
+ var $file_size = "";
+ var $file_ext = "";
+ var $upload_path = "";
+ var $overwrite = FALSE;
+ var $encrypt_name = FALSE;
+ var $is_image = FALSE;
+ var $image_width = '';
+ var $image_height = '';
+ var $image_type = '';
+ var $image_size_str = '';
+ var $error_msg = array();
+ var $mimes = array();
+ var $remove_spaces = TRUE;
+ var $xss_clean = FALSE;
+ var $temp_prefix = "temp_file_";
+ var $client_name = '';
+
+ var $_file_name_override = '';
/**
* Constructor
*
@@ -101,7 +103,8 @@
'mimes' => array(),
'remove_spaces' => TRUE,
'xss_clean' => FALSE,
- 'temp_prefix' => "temp_file_"
+ 'temp_prefix' => "temp_file_",
+ 'client_name' => ''
);
@@ -124,6 +127,10 @@
$this->$key = $val;
}
}
+
+ // if a file_name was provided in the config, use it instead of the user input
+ // supplied file name for all uploads until initialized again
+ $this->_file_name_override = $this->file_name;
}
// --------------------------------------------------------------------
@@ -187,17 +194,12 @@
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
- $this->file_size = $_FILES[$field]['size'];
+ $this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
- $this->file_type = strtolower($this->file_type);
- $this->file_ext = $this->get_extension($_FILES[$field]['name']);
-
- // Convert the file size to kilobytes
- if ($this->file_size > 0)
- {
- $this->file_size = round($this->file_size/1024, 2);
- }
+ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
+ $this->file_ext = $this->get_extension($this->file_name);
+ $this->client_name = $this->file_name;
// Is the file type allowed to be uploaded?
if ( ! $this->is_allowed_filetype())
@@ -205,6 +207,25 @@
$this->set_error('upload_invalid_filetype');
return FALSE;
}
+
+ // if we're overriding, let's now make sure the new name and type is allowed
+ if ($this->_file_name_override != '')
+ {
+ $this->file_name = $this->_prep_filename($this->_file_name_override);
+ $this->file_ext = $this->get_extension($this->file_name);
+
+ if ( ! $this->is_allowed_filetype(TRUE))
+ {
+ $this->set_error('upload_invalid_filetype');
+ return FALSE;
+ }
+ }
+
+ // Convert the file size to kilobytes
+ if ($this->file_size > 0)
+ {
+ $this->file_size = round($this->file_size/1024, 2);
+ }
// Is the file size within the allowed maximum?
if ( ! $this->is_allowed_filesize())
@@ -312,6 +333,7 @@
'full_path' => $this->upload_path.$this->file_name,
'raw_name' => str_replace($this->file_ext, '', $this->file_name),
'orig_name' => $this->orig_name,
+ 'client_name' => $this->client_name,
'file_ext' => $this->file_ext,
'file_size' => $this->file_size,
'is_image' => $this->is_image(),
@@ -549,43 +571,49 @@
* @access public
* @return bool
*/
- function is_allowed_filetype()
+ function is_allowed_filetype($ignore_mime = FALSE)
{
if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
{
$this->set_error('upload_no_file_types');
return FALSE;
}
+
+ $ext = strtolower(ltrim($this->file_ext, '.'));
+
+ if ( ! in_array($ext, $this->allowed_types))
+ {
+ return FALSE;
+ }
+ // Images get some additional checks
$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
- foreach ($this->allowed_types as $val)
+ if (in_array($ext, $image_types))
{
- $mime = $this->mimes_types(strtolower($val));
-
- // Images get some additional checks
- if (in_array($val, $image_types))
+ if (getimagesize($this->file_temp) === FALSE)
{
- if (getimagesize($this->file_temp) === FALSE)
- {
- return FALSE;
- }
- }
+ return FALSE;
+ }
+ }
- if (is_array($mime))
- {
- if (in_array($this->file_type, $mime, TRUE))
- {
- return TRUE;
- }
- }
- else
+ if ($ignore_mime === TRUE)
+ {
+ return TRUE;
+ }
+
+ $mime = $this->mimes_types($ext);
+
+ if (is_array($mime))
+ {
+ if (in_array($this->file_type, $mime, TRUE))
{
- if ($mime == $this->file_type)
- {
- return TRUE;
- }
- }
+ return TRUE;
+ }
+ }
+ elseif ($mime == $this->file_type)
+ {
+ return TRUE;
}
return FALSE;
@@ -918,7 +946,7 @@
foreach ($parts as $part)
{
- if ($this->mimes_types(strtolower($part)) === FALSE)
+ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
{
$filename .= '.'.$part.'_';
}
@@ -928,13 +956,6 @@
}
}
- // file name override, since the exact name is provided, no need to
- // run it through a $this->mimes check.
- if ($this->file_name != '')
- {
- $filename = $this->file_name;
- }
-
$filename .= '.'.$ext;
return $filename;

View File

@ -75,8 +75,11 @@
%%PORTDOCS%%%%DOCSDIR%%/images/codeigniter_1.7.1_library_reference.png
%%PORTDOCS%%%%DOCSDIR%%/images/file.gif
%%PORTDOCS%%%%DOCSDIR%%/images/folder.gif
%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/smile.gif
%%PORTDOCS%%%%DOCSDIR%%/images/transparent.gif
@ -102,6 +105,7 @@
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_170.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_171.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_172.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_173.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_b11.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrading.html
%%PORTDOCS%%%%DOCSDIR%%/libraries/benchmark.html
@ -295,7 +299,6 @@
%%WWWDIR%%/system/libraries/Ftp.php
%%WWWDIR%%/system/libraries/Hooks.php
%%WWWDIR%%/system/libraries/Image_lib.php
%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/libraries/Input.php
%%WWWDIR%%/system/libraries/Language.php
%%WWWDIR%%/system/libraries/Loader.php
@ -311,23 +314,24 @@
%%WWWDIR%%/system/libraries/Table.php
%%WWWDIR%%/system/libraries/Trackback.php
%%WWWDIR%%/system/libraries/Typography.php
%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/Unit_test.php
%%WWWDIR%%/system/libraries/Upload.php
%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/User_agent.php
%%WWWDIR%%/system/libraries/Validation.php
%%WWWDIR%%/system/libraries/Xmlrpc.php
%%WWWDIR%%/system/libraries/Xmlrpcs.php
%%WWWDIR%%/system/libraries/Zip.php
%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/logs/index.html
%%WWWDIR%%/system/plugins/captcha_pi.php
%%WWWDIR%%/system/plugins/index.html
%%WWWDIR%%/system/plugins/js_calendar_pi.php
%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/images/background.jpg
%%WWWDIR%%/system/scaffolding/images/index.html
%%WWWDIR%%/system/scaffolding/images/logo.jpg
%%WWWDIR%%/system/scaffolding/index.html
%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/views/add.php
%%WWWDIR%%/system/scaffolding/views/delete.php
%%WWWDIR%%/system/scaffolding/views/edit.php