Revert "Bug 14408 Path traversal vulnerability"

author Fridolin Somers <fridolin.somers@biblibre.com>

Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)

committer Fridolin Somers <fridolin.somers@biblibre.com>

Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)
author Fridolin Somers <fridolin.somers@biblibre.com>
Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)
committer Fridolin Somers <fridolin.somers@biblibre.com>
Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)
diff --git a/C4/Auth.pm b/C4/Auth.pm

index 59d1e31..164092d 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -139,10 +139,6 @@ sub get_template_and_user {
     my $in       = shift;
     my ( $user, $cookie, $sessionID, $flags );
 
-    # Sanitize template path to avoid path traversal
-    $in->{template_name} =~ s|^/||;
-    $in->{template_name} =~ s|\.\.||g;
-
     $in->{'authnotrequired'} ||= 0;
     my $template = C4::Templates::gettemplate(
         $in->{'template_name'},
author	Fridolin Somers <fridolin.somers@biblibre.com>
	Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Thu, 25 Jun 2015 07:35:39 +0000 (09:35 +0200)