Koha/t/db_dependent/Templates.t
Joonas Kylmälä bb16931d9d Bug 28303: Add unit test for badtemplatecheck
This tests that pluginsdir value is not modified by the call to
badtemplatecheck to make sure badtemplatecheck operates with its own
copy of pluginsdir configuration value.

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-05 10:58:13 +02:00

148 lines
6.2 KiB
Perl
Executable file

#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI;
use Test::More tests => 8;
use Test::Deep;
use Test::MockModule;
use Test::Warn;
use File::Temp qw/tempfile/;
use t::lib::Mocks;
use C4::Auth qw( get_template_and_user );
BEGIN {
use_ok('C4::Templates', qw( GetColumnDefs getlanguagecookie setlanguagecookie themelanguage gettemplate param output availablethemes badtemplatecheck ));
can_ok( 'C4::Templates',
qw/ GetColumnDefs
getlanguagecookie
setlanguagecookie
themelanguage
gettemplate
_get_template_file
param
output /);
}
my $query = CGI->new();
my $columns = C4::Templates::GetColumnDefs( $query );
is( ref( $columns ) eq 'HASH', 1, 'GetColumnDefs returns a hashref' );
# get the tables names, sorted
my @keys = sort keys %{$columns};
is( scalar @keys, 6, 'GetColumnDefs correctly returns the 5 tables defined in columns.def' );
my @tables = qw( biblio biblioitems borrowers items statistics subscription );
cmp_deeply( \@keys, \@tables, 'GetColumnDefs returns the expected tables');
subtest 'Testing themelanguage' => sub {
plan tests => 12;
my $testing_language;
my $module_language = Test::MockModule->new('C4::Languages');
$module_language->mock(
'getlanguage',
sub {
return $testing_language;
}
);
my $cgi = CGI->new();
my $htdocs = C4::Context->config('intrahtdocs');
my $section = 'intranet';
t::lib::Mocks::mock_preference( 'template', 'prog' );
# trigger first case.
$testing_language = 'en';
my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, 'about.tt', $section, $cgi);
is($theme,'prog',"Expected theme: set en - $theme");
is($lang,'en','Expected language: set en');
cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for set en' );
# trigger second case.
$testing_language = q{};
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, 'about.tt', $section, $cgi);
is($theme,'prog',"Expected theme: default en - $theme");
is($lang,'en','Expected language: default en');
cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for default en' );
# trigger third case.
my $template = $htdocs . '/prog/en/modules/about.tt';
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
is($theme,'prog',"Expected defined theme: unset - $theme");
is($lang,q{},'Expected language: unset');
cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for unset' );
# trigger bad case.
$template = $htdocs . '/prog/en/kaboom/about.tt';
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
is($lang,undef,'Expected language: not coded for');
is( $availablethemes, undef, 'We do not expect any available themes -- not coded for' );
is($theme,undef,"Expected no theme: not coded for");
return;
};
subtest 'Testing gettemplate/badtemplatecheck' => sub {
plan tests => 8;
my $cgi = CGI->new;
my $template;
warning_like { eval { $template = C4::Templates::gettemplate( '/etc/passwd', 'opac', $cgi ) }; warn $@ if $@; } qr/bad template/, 'Bad template check';
is( $template ? $template->output: '', '', 'Check output' );
# Test a few more bad paths to gettemplate triggering badtemplatecheck
warning_like { eval { C4::Templates::gettemplate( '../topsecret.tt', 'opac', $cgi ) }; warn $@ if $@; } qr/bad template/, 'No safe chars';
warning_like { eval { C4::Templates::gettemplate( '/noaccess/topsecret.tt', 'opac', $cgi ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed';
warning_like { eval { C4::Templates::gettemplate( C4::Context->config('intrahtdocs') . '2/prog/en/modules/about.tt', 'intranet', $cgi ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed too';
# Allow templates from /tmp
t::lib::Mocks::mock_config( 'pluginsdir', [ '/tmp' ] );
warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tt' ) }; warn $@ if $@; } undef, 'No warn on template from plugin dir';
# Refuse wrong extension
warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tmpl' ) }; warn $@ if $@; } qr/bad template/, 'Warn on bad extension';
# Make sure badtemplatecheck works on a copy of pluginsdir and doesn't modify its values
t::lib::Mocks::mock_config( 'pluginsdir', [ '/tmp', '/tmp2' ] );
C4::Templates::badtemplatecheck('/tmp/test.tt');
cmp_deeply( C4::Context->config('pluginsdir'), ['/tmp', '/tmp2'], "Doesn't modify configuration values" );
};
subtest "Absolute path change in _get_template_file" => sub {
plan tests => 1;
# We create a simple template in /tmp.
# We simulate an anonymous OPAC session; the OPACBaseURL template variable
# should be filled by get_template_and_user.
t::lib::Mocks::mock_config( 'pluginsdir', [ C4::Context::temporary_directory ] );
t::lib::Mocks::mock_preference( 'OPACBaseURL', 'without any doubt' );
my ( $fh, $fn ) = tempfile( SUFFIX => '.tt', UNLINK => 1, DIR => C4::Context::temporary_directory );
print $fh q|I am a [% quality %] template [% OPACBaseURL %]|;
close $fh;
my ( $template, $login, $cookie ) = C4::Auth::get_template_and_user({
template_name => $fn,
query => CGI::new,
type => "opac",
authnotrequired => 1,
});
$template->param( quality => 'good-for-nothing' );
like( $template->output, qr/a good.+template.+doubt/, 'Testing a template with an absolute path' );
};