From defbfa29079e30a30544b1439f4e49fed98bd32c Mon Sep 17 00:00:00 2001 From: Mason James Date: Thu, 25 Jun 2015 06:38:30 +1200 Subject: [PATCH] Bug 14408 (3.16/3.14) regex fix for .tmpl files too (cherry picked from commit 04d1d375b1a6c9fa40d5df9559d6bd72ccf7d44d) Signed-off-by: Fridolin Somers --- C4/Auth.pm | 2 +- t/db_dependent/Auth.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 1d3482e87e..545e8d226a 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -140,7 +140,7 @@ sub get_template_and_user { my ( $user, $cookie, $sessionID, $flags ); my $safe_chars = 'a-zA-Z0-9_\-\/'; - die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input + die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+\.(tt$|tmpl$)/ig; #sanitize input $in->{'authnotrequired'} ||= 0; my $template = C4::Templates::gettemplate( diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index de2e396a71..764a30da84 100644 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -8,7 +8,7 @@ use Modern::Perl; use CGI; use Test::MockModule; use List::MoreUtils qw/all any none/; -use Test::More tests => 6; +use Test::More tests => 10; use Test::Warn; use C4::Members; use Koha::AuthUtils qw/hash_password/; -- 2.39.5