From 948f65344eb92aa6940ec02b575d6609d1af83f5 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Sun, 27 Nov 2011 21:18:29 +1300 Subject: [PATCH] Bug 6629 : Follow up to trap vuln in webinstaller and fixing the error Signed-off-by: Katrin Fischer Patch fixes problem occuring in web installer. --- installer/InstallAuth.pm | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 2c07bbe8d4..10cbea3f3c 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -117,7 +117,7 @@ sub get_template_and_user { $tmplbase=~ s/\.tmpl$/.tt/; my $filename = "$path/modules/" . $tmplbase; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename, $tmplbase); + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, @@ -158,12 +158,14 @@ sub get_template_and_user { } sub _get_template_language { - #verify if opac language exists in staff (bug 5660) - #conditions are 1) dir exists and 2) enabled in prefs - my ($opaclang)= @_; - return 'en' unless $opaclang; - my $path= C4::Context->config('intrahtdocs')."/prog/$opaclang"; - -d $path ? $opaclang : 'en'; + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; } =item checkauth @@ -365,7 +367,7 @@ sub checkauth { my $filename = "$path/modules/$template_name"; $filename =~ s/\.tmpl$/.tt/; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, -- 2.39.5