Bug 14408 (3.16/3.14) regex fix for .tmpl files too

author Mason James <mtj@kohaaloha.com>

Wed, 24 Jun 2015 18:38:30 +0000 (06:38 +1200)

committer Fridolin Somers <fridolin.somers@biblibre.com>

Thu, 25 Jun 2015 07:51:30 +0000 (09:51 +0200)
author Mason James <mtj@kohaaloha.com>
Wed, 24 Jun 2015 18:38:30 +0000 (06:38 +1200)
committer Fridolin Somers <fridolin.somers@biblibre.com>
Thu, 25 Jun 2015 07:51:30 +0000 (09:51 +0200)
diff --git a/C4/Auth.pm b/C4/Auth.pm

index 1d3482e..545e8d2 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -140,7 +140,7 @@ sub get_template_and_user {
     my ( $user, $cookie, $sessionID, $flags );
 
     my $safe_chars = 'a-zA-Z0-9_\-\/';
-    die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input
+    die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+\.(tt$|tmpl$)/ig; #sanitize input
 
     $in->{'authnotrequired'} ||= 0;
     my $template = C4::Templates::gettemplate(
diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t

index de2e396..764a30d 100644 (file)
--- a/t/db_dependent/Auth.t
+++ b/t/db_dependent/Auth.t
@@ -8,7 +8,7 @@ use Modern::Perl;
 use CGI;
 use Test::MockModule;
 use List::MoreUtils qw/all any none/;
-use Test::More tests => 6;
+use Test::More tests => 10;
 use Test::Warn;
 use C4::Members;
 use Koha::AuthUtils qw/hash_password/;
author	Mason James <mtj@kohaaloha.com>
	Wed, 24 Jun 2015 18:38:30 +0000 (06:38 +1200)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Thu, 25 Jun 2015 07:51:30 +0000 (09:51 +0200)
C4/Auth.pm		patch \| blob \| history
t/db_dependent/Auth.t		patch \| blob \| history