Bug 14408: Add tests to get_template_and_user

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
(cherry picked from commit e8a3febfe7050870116db0512e1a39690a72346c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t
index 6a100bc..842db9a 100644 (file)
--- a/t/db_dependent/Auth.t
+++ b/t/db_dependent/Auth.t
@@ -8,7 +8,7 @@ use Modern::Perl;
 use CGI;
 use Test::MockModule;
 use List::MoreUtils qw/all any none/;
-use Test::More tests => 6;
+use Test::More tests => 9;
 use C4::Members;
 use Koha::AuthUtils qw/hash_password/;
 
@@ -105,6 +105,27 @@ $dbh->{RaiseError} = 1;
 
     ok( ( any { $_->name eq 'KohaOpacLanguage' and $_->value eq 'en' } @$cookies ),
         'BZ9735: invalid language, then default to en');
+
+    for my $template_name (
+        qw(
+            ../../../../../../../../../../../../../../../etc/passwd
+            test/../../../../../../../../../../../../../../etc/passwd
+            /etc/passwd
+        )
+    ) {
+        my ( $template, $loggedinuser, $cookies ) = get_template_and_user(
+            {
+                template_name   => $template_name,
+                query           => $query,
+                type            => "intranet",
+                authnotrequired => 1,
+                flagsrequired   => { catalogue => 1 },
+            }
+        );
+        my $file_exists = ( -f $template->{filename} ) ? 1 : 0;
+        is ( $file_exists, 0, 'The file template_name should have been sanitize' );
+    }
+
 }
 
 my $hash1 = hash_password('password');