I see the t include path was simply get by 'tplDir+id'. I think we should protect id inject (which may try to access out of tplDir).
I see the t include path was simply get by 'tplDir+id'.
I think we should protect id inject (which may try to access out of tplDir).