Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 36520: Add tests

Browse source 
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This commit is contained in:
Jonathan Druart 2024-05-15 11:25:47 +02:00 committed by Lucas Gass
parent 9c55702c50
commit 0329182109
1 changed files with 39 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
t/db_dependent/Letters.t
View file

@ -18,7 +18,7 @@
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 94;
use Test::More tests => 95;
use Test::MockModule;
use Test::Warn;
use Test::Exception;
@ -1262,3 +1262,41 @@ subtest 'Template toolkit syntax in parameters' => sub {
'Template toolkit syntax in parameter was not evaluated.'
);
};
subtest 'Quote user params in GetPreparedLetter' => sub {
plan tests => 1;
my $patron = $builder->build_object( { class => 'Koha::Patrons' } );
my $biblio = $builder->build_sample_biblio;
my %loops = ( biblio => [ $biblio->biblionumber . ') AND (SELECT 1 FROM (SELECT(SLEEP(10)))x)-- -' ] );
my %substitute = ( comment => 'some comment' );
Koha::Notice::Template->new(
{
module => 'catalogue',
code => 'CART',
branchcode => '',
message_transport_type => 'email',
content =>
'Hello [% borrower.firstname %], Some comments about those biblios [% FOR b IN biblios %][% biblio.title %][% END %]: [% comment %]',
}
)->store;
my $t = time;
my $letter = C4::Letters::GetPreparedLetter(
module => 'catalogue',
letter_code => 'CART',
tables => {
borrowers => $patron->borrowernumber,
},
message_transport_type => 'email',
loops => \%loops,
substitute => \%substitute,
);
my $exec_time = time - $t;
ok( $exec_time < 10, "We should not exec the SLEEP" )
or diag sprintf(
"Spent %ss to run GetPreparredLetter, SLEEP has certainly been executed which could lead to SQL injections",
$exec_time
);
};