Commit graph

15 commits

Author SHA1 Message Date
b296b8ae23 Bug 29350: Don't need to escape the 'delete' TT methods
Will be needed by bug 22605.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-11-02 15:58:08 +01:00
6be845a785 Bug 27336: Fix xt/find-missing-filters.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-01-11 10:27:37 +01:00
107804fb87
Bug 11529: (RM follow-up) Add WHILE to directive list
The QA tools don't current recognise the WHILE directive used in this
template update. This patch adds the keyword to the list of recognised
directives and thus allows through unfiltered variables during QA runs.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-08-05 18:43:26 +01:00
158b3c3a4c Bug 22466: Do not ask for TT methods to be filtered
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-07 18:17:32 +00:00
a8fa74ab02 Bug 22007: Also handle Price and HtmlTags
Those 2 filters should return safe output as well

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-02 20:42:19 +00:00
912fb42458 Bug 22007: Handle safe filtered output (KohaDates)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-02 20:42:19 +00:00
6932e104f3 Bug 21770: Allow html_entity for href
We certainly should not expect this filter to be used much for href, but
we have one occurrence that needs it.

Test plan:
t/template_filters.t and xt/find-missing-filters.t must return green

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-08 10:35:18 +00:00
ddef9376f2 Bug 21576: Preserve chomp chars for USE raw
See bug 21526 comments 5-7

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:53 +00:00
1dbea5dd2c Bug 21576: Handle complex uri
Only the first TT params in a href was taken into account.
This also takes care to replace into href attributes only (for instance not
title, etc.)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:52 +00:00
2e92525848 Bug 21576: Keep compatibility with QA script
The QA script call 'missing_filters', it sounds better to keep it in
order to avoid fixing it and have a weird condition (if
module->can('subroutine_name')) to maintain

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:52 +00:00
c933244fe6 Bug 21576: Add a developer script to fix missing TT filters
See bug 13618 and bug 21526.

We need a script to add missing filters, or replace wrong ones.

Test plan:
- Add unescaped variables to .tt files
- prove xt/find-missing-filters.t
will warn about them
- perl misc/devel/add_missing_filters.pl
will add the missing/wrong filters
- prove xt/find-missing-filters.t
will now be happy

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:51 +00:00
91d168200e Bug 13618: Remove html filter for LAST
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 15:54:55 +00:00
d68d8f4f36 Bug 21454: Do not require html filter on Price
Test plan:
- Apply first patch
- Confirm that tests is failing (t/template_filters.t)
- Apply second patch
- Confirm that tests return green
- Apply last patch
- Confirm that prices are displayed correctly

QA step:
Edit a template and add the following 2 lines:
[% SET p = '<script>alert("foo");</script>' %]
[% x | $Price %]
=> Display '0.00'

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:33 +00:00
7d56a5fe00 Bug 21393: Add line nubmers to ease fixing
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:33 +00:00
54e2f2b5b2 Bug 21393: Move missing filters code to a module
To make it reusable easily from QA test tools
https://gitlab.com/koha-community/qa-test-tools/issues/3

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:32 +00:00