Bug 23290: (QA follow-up) Rename option to expand_entities_unsafe

When you enable options marked as unsafe, we hope that you know what
you are doing. You should, while having access to koha-conf.xml.

Test plan:
Verify that Security.t still passes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/Koha/XSLT/Security.pm b/Koha/XSLT/Security.pm
index 55cbadd..61ec7ee 100644 (file)
--- a/Koha/XSLT/Security.pm
+++ b/Koha/XSLT/Security.pm
@@ -144,7 +144,7 @@ sub set_parser_options {
     my ($self, $parser) = @_;
     my $conf = $self->{_options};
 
-    if( $conf->{expand_entities} ) {
+    if( $conf->{expand_entities_unsafe} ) { # NOT recommended
         _set_option($parser, 'expand_entities', 1);
     } else {
         # If not explicitly set, we should disable expanding for security

diff --git a/t/db_dependent/Koha/XSLT/Security.t b/t/db_dependent/Koha/XSLT/Security.t
index f61c14a..3c4a8ac 100644 (file)
--- a/t/db_dependent/Koha/XSLT/Security.t
+++ b/t/db_dependent/Koha/XSLT/Security.t
@@ -25,7 +25,7 @@ use Test::Warn;
 use Koha::XSLT::Base;
 use t::lib::Mocks;
 
-t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities => 1 } );
+t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities_unsafe => 1 } );
 my $engine=Koha::XSLT::Base->new;
 
 my $secret_file = mytempfile('Big secret');
@@ -44,7 +44,7 @@ my $xslt_file = mytempfile($xslt);
 my $output= $engine->transform( "<ignored/>", $xslt_file );
 like($output, qr/Big secret/, 'external entity got through');
 
-t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities => 0 } );
+t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities_unsafe => 0 } );
 $engine=Koha::XSLT::Base->new;
 $output= $engine->transform( "<ignored/>", $xslt_file );
 unlike($output, qr/Big secret/, 'external entity did not get through');