X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=edithelp.pl;h=62b449f4aaca905c03b871a7c5883e041f1fd914;hb=5d6c092921919526ade501facb1220f8a108a08f;hp=5cde3149d49a706f73fe6e41bfae0dc74c743593;hpb=c8df6bdcc9fe2523a77c839270b31304d8e13ee5;p=koha_fer

diff --git a/edithelp.pl b/edithelp.pl
index 5cde3149d4..62b449f4aa 100755
--- a/edithelp.pl
+++ b/edithelp.pl
@@ -65,9 +65,11 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
 sub _get_filepath ($;$) {
     my $referer = shift;
     $referer =~ /koha\/(.*)\.pl/;
-    my $from = "help/$1.tt";
+    my $file = $1;
+    $file =~ s/[^0-9a-zA-Z_\-\/]*//g;
+    my $from = "help/$file.tt";
     my $htdocs = C4::Context->config('intrahtdocs');
-    my ($theme, $lang) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $input );
+    my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $input );
 	$debug and print STDERR "help filepath: $htdocs/$theme/$lang/modules/$from";
 	return "$htdocs/$theme/$lang/modules/$from";
 }
@@ -96,7 +98,7 @@ elsif ( $type eq 'modify' ) {
 		$error = "Cannot read file: '$file'.";
 	} else {
 		(-w $file) or $error = 
-			"WARNING: You will not be able save, because your webserver cannot write to '$file'. Contact your admin about help file permissions.";
+			"WARNING: You will not be able to save, because your webserver cannot write to '$file'. Contact your admin about help file permissions.";
     	open (my $fh, '<', $file) or die "Cannot read file '$file'";		# unlikely death, since we just checked
 		my $help = '';
         while ( <$fh> ) {