From 912fb42458a422248986c74fd8a1fd92df531fb5 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 14 Dec 2018 17:29:18 -0300 Subject: [PATCH] Bug 22007: Handle safe filtered output (KohaDates) Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- t/lib/QA/TemplateFilters.pm | 20 +++++++++++++++--- t/template_filters.t | 41 ++++++++++++++++++++++++++++++++++++- 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/t/lib/QA/TemplateFilters.pm b/t/lib/QA/TemplateFilters.pm index 467010e85a..c4ec77d524 100644 --- a/t/lib/QA/TemplateFilters.pm +++ b/t/lib/QA/TemplateFilters.pm @@ -133,14 +133,13 @@ sub process_tt_block { # Already escaped with a special filter # We could escape it but should be safe - or $tt_block =~ m{\s?\|\s?\$KohaDates\s?$} - or $tt_block =~ m{\s?\|\s?\$Price\s?$} + or $tt_block =~ m{\s?\|\s?\$KohaDates[^\|]*$} # Already escaped correctly with raw or $tt_block =~ m{\|\s?\$raw} # Assignment, maybe we should require to use SET (?) - or $tt_block =~ m{=} + or ( $tt_block =~ m{=} and not $tt_block =~ m{\s\|\s} ) # Already has url or uri filter or $tt_block =~ m{\|\s?ur(l|i)} @@ -166,6 +165,21 @@ sub process_tt_block { : q| | : q| |; + if ( $tt_block =~ m{\s?\|\s?\$KohaDates[^\|]*\|.*$} + ) { + $tt_block =~ + s/\s*\|\s*(uri|url|html)\s*$//; # Could be another filter... + $line =~ s{ + \[% + \s*$pre_chomp\s* + \Q$tt_block\E\s*\|\s*(uri|url|html) + \s*$post_chomp\s* + %\] + }{[%$pre_chomp$tt_block$post_chomp%]}xms; + + return ( $line, 'extra_filter_not_needed' ); + } + if ( # Use the uri filter is needed # If html filtered or not filtered diff --git a/t/template_filters.t b/t/template_filters.t index be638e1c3c..e46983578f 100644 --- a/t/template_filters.t +++ b/t/template_filters.t @@ -16,7 +16,7 @@ # along with Koha; if not, see . use Modern::Perl; -use Test::More tests => 5; +use Test::More tests => 6; use t::lib::QA::TemplateFilters; subtest 'Asset must use raw' => sub { @@ -260,3 +260,42 @@ INPUT @missing_filters = t::lib::QA::TemplateFilters::missing_filters($input); is_deeply( \@missing_filters, [], 'html_entity is a valid filter for href' ); }; + +subtest 'Do not escape KohaDates output' => sub { + plan tests => 2; + my $input = < 1 %] +[% var | \$KohaDates | html %] +[% var | \$KohaDates with_hours => 1 | html %] +INPUT + + my $expected = < 1 %] +[% var | \$KohaDates %] +[% var | \$KohaDates with_hours => 1 %] +EXPECTED + + my $new_content = t::lib::QA::TemplateFilters::fix_filters($input); + is( $new_content . "\n", $expected, ); + + + my @missing_filters = t::lib::QA::TemplateFilters::missing_filters($input); + is_deeply( + \@missing_filters, + [ + { + error => "extra_filter_not_needed", + line => "[% var | \$KohaDates | html %]", + line_number => 3, + }, + { + error => "extra_filter_not_needed", + line => "[% var | \$KohaDates with_hours => 1 | html %]", + line_number => 4, + } + ] + ); + +}; -- 2.39.5