From a1bc481b33fb3075b8bb8949bb8c34fb94286223 Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Tue, 23 Jun 2015 17:49:27 +0200 Subject: [PATCH] Revert "Bug 14408: Allow integers in template paths" This reverts commit 253b6f1f51cc73f36829658be5c8d905b2e36909. --- C4/Auth.pm | 2 +- t/db_dependent/Auth.t | 13 +------------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 1d3482e87e..23311f0083 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -139,7 +139,7 @@ sub get_template_and_user { my $in = shift; my ( $user, $cookie, $sessionID, $flags ); - my $safe_chars = 'a-zA-Z0-9_\-\/'; + my $safe_chars = 'a-zA-Z_\-\/'; die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input $in->{'authnotrequired'} ||= 0; diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index 764a30da84..279d8a5e41 100644 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -8,7 +8,7 @@ use Modern::Perl; use CGI; use Test::MockModule; use List::MoreUtils qw/all any none/; -use Test::More tests => 10; +use Test::More tests => 9; use Test::Warn; use C4::Members; use Koha::AuthUtils qw/hash_password/; @@ -127,17 +127,6 @@ $dbh->{RaiseError} = 1; }; like ( $@, qr(^bad template path), 'The file $template_name should not be accessible' ); } - ( $template, $loggedinuser, $cookies ) = get_template_and_user( - { - template_name => 'errors/500.tt', - query => $query, - type => "intranet", - authnotrequired => 1, - flagsrequired => { catalogue => 1 }, - } - ); - my $file_exists = ( -f $template->{filename} ) ? 1 : 0; - is ( $file_exists, 1, 'The file errors/500.tt should be accessible (contains integers)' ); } my $hash1 = hash_password('password'); -- 2.39.5