From a8fa74ab02d037d059e4bf78b74232aeba219212 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 14 Dec 2018 17:34:52 -0300 Subject: [PATCH] Bug 22007: Also handle Price and HtmlTags Those 2 filters should return safe output as well Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- t/lib/QA/TemplateFilters.pm | 4 ++++ t/template_filters.t | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/t/lib/QA/TemplateFilters.pm b/t/lib/QA/TemplateFilters.pm index c4ec77d524..0fce6da9b2 100644 --- a/t/lib/QA/TemplateFilters.pm +++ b/t/lib/QA/TemplateFilters.pm @@ -134,6 +134,8 @@ sub process_tt_block { # Already escaped with a special filter # We could escape it but should be safe or $tt_block =~ m{\s?\|\s?\$KohaDates[^\|]*$} + or $tt_block =~ m{\s?\|\s?\$Price[^\|]*$} + or $tt_block =~ m{\s?\|\s?\$HtmlTags[^\|]*$} # Already escaped correctly with raw or $tt_block =~ m{\|\s?\$raw} @@ -166,6 +168,8 @@ sub process_tt_block { : q| |; if ( $tt_block =~ m{\s?\|\s?\$KohaDates[^\|]*\|.*$} + or $tt_block =~ m{\s?\|\s?\$Price[^\|]*\|.*$} + or $tt_block =~ m{\s?\|\s?\$HtmlTags[^\|]*\|.*$} ) { $tt_block =~ s/\s*\|\s*(uri|url|html)\s*$//; # Could be another filter... diff --git a/t/template_filters.t b/t/template_filters.t index e46983578f..fb30229eef 100644 --- a/t/template_filters.t +++ b/t/template_filters.t @@ -261,13 +261,15 @@ INPUT is_deeply( \@missing_filters, [], 'html_entity is a valid filter for href' ); }; -subtest 'Do not escape KohaDates output' => sub { +subtest 'Do not escape KohaDates|Prices|HtmlTags output' => sub { plan tests => 2; my $input = < 1 %] [% var | \$KohaDates | html %] [% var | \$KohaDates with_hours => 1 | html %] +[% var | \$Price %] +[% var | \$HtmlTags %] INPUT my $expected = < 1 %] [% var | \$KohaDates %] [% var | \$KohaDates with_hours => 1 %] +[% var | \$Price %] +[% var | \$HtmlTags %] EXPECTED my $new_content = t::lib::QA::TemplateFilters::fix_filters($input); -- 2.39.5