X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=edithelp.pl;h=62b449f4aaca905c03b871a7c5883e041f1fd914;hb=2b8b5ae225af6119e41e2112f9a8573b4170b927;hp=28586b39101324c89601693e361f1efe65b089d8;hpb=374b6f4b9f33a776d04cdaa696b40e8e033dda32;p=koha_fer

diff --git a/edithelp.pl b/edithelp.pl
index 28586b3910..62b449f4aa 100755
--- a/edithelp.pl
+++ b/edithelp.pl
@@ -65,7 +65,9 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
 sub _get_filepath ($;$) {
     my $referer = shift;
     $referer =~ /koha\/(.*)\.pl/;
-    my $from = "help/$1.tt";
+    my $file = $1;
+    $file =~ s/[^0-9a-zA-Z_\-\/]*//g;
+    my $from = "help/$file.tt";
     my $htdocs = C4::Context->config('intrahtdocs');
     my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $input );
 	$debug and print STDERR "help filepath: $htdocs/$theme/$lang/modules/$from";
@@ -96,7 +98,7 @@ elsif ( $type eq 'modify' ) {
 		$error = "Cannot read file: '$file'.";
 	} else {
 		(-w $file) or $error = 
-			"WARNING: You will not be able save, because your webserver cannot write to '$file'. Contact your admin about help file permissions.";
+			"WARNING: You will not be able to save, because your webserver cannot write to '$file'. Contact your admin about help file permissions.";
     	open (my $fh, '<', $file) or die "Cannot read file '$file'";		# unlikely death, since we just checked
 		my $help = '';
         while ( <$fh> ) {