C4::Context->interface( $in->{type} );
- my $safe_chars = 'a-zA-Z_\-\/';
+ my $safe_chars = 'a-zA-Z0-9_\-\/';
die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input
$in->{'authnotrequired'} ||= 0;
use CGI qw ( -utf8 );
use Test::MockModule;
use List::MoreUtils qw/all any none/;
-use Test::More tests => 11;
+use Test::More tests => 12;
use Test::Warn;
use C4::Members;
use Koha::AuthUtils qw/hash_password/;
};
like ( $@, qr(^bad template path), 'The file $template_name should not be accessible' );
}
+ ( $template, $loggedinuser, $cookies ) = get_template_and_user(
+ {
+ template_name => 'errors/500.tt',
+ query => $query,
+ type => "intranet",
+ authnotrequired => 1,
+ flagsrequired => { catalogue => 1 },
+ }
+ );
+ my $file_exists = ( -f $template->{filename} ) ? 1 : 0;
+ is ( $file_exists, 1, 'The file errors/500.tt should be accessible (contains integers)' );
}
# Check that there is always an OPACBaseURL set.