Bug 14408: Add tests to get_template_and_user

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit bb5f6b4bfa20800ab36fdf899838e8adb18089dd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Conflicts:
	t/db_dependent/Auth.t

diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t
index 6a100bc..279d8a5 100644 (file)
--- a/t/db_dependent/Auth.t
+++ b/t/db_dependent/Auth.t
@@ -8,7 +8,8 @@ use Modern::Perl;
 use CGI;
 use Test::MockModule;
 use List::MoreUtils qw/all any none/;
-use Test::More tests => 6;
+use Test::More tests => 9;
+use Test::Warn;
 use C4::Members;
 use Koha::AuthUtils qw/hash_password/;
 
@@ -105,6 +106,27 @@ $dbh->{RaiseError} = 1;
 
     ok( ( any { $_->name eq 'KohaOpacLanguage' and $_->value eq 'en' } @$cookies ),
         'BZ9735: invalid language, then default to en');
+
+    for my $template_name (
+        qw(
+            ../../../../../../../../../../../../../../../etc/passwd
+            test/../../../../../../../../../../../../../../etc/passwd
+            /etc/passwd
+        )
+    ) {
+        eval {
+            ( $template, $loggedinuser, $cookies ) = get_template_and_user(
+                {
+                    template_name   => $template_name,
+                    query           => $query,
+                    type            => "intranet",
+                    authnotrequired => 1,
+                    flagsrequired   => { catalogue => 1 },
+                }
+            );
+        };
+        like ( $@, qr(^bad template path), 'The file $template_name should not be accessible' );
+    }
 }
 
 my $hash1 = hash_password('password');