Bug 17989: Extend bad template check

[koha.git] / t / db_dependent / Templates.t

diff --git a/t/db_dependent/Templates.t b/t/db_dependent/Templates.t
index 5c3b7c8..1057ae5 100755 (executable)
--- a/t/db_dependent/Templates.t
+++ b/t/db_dependent/Templates.t
@@ -19,9 +19,10 @@ use Modern::Perl;
 
 use CGI;
 
-use Test::More tests => 6;
+use Test::More tests => 7;
 use Test::Deep;
 use Test::MockModule;
+use Test::Warn;
 
 use t::lib::Mocks;
 
@@ -43,20 +44,76 @@ my $columns = C4::Templates::GetColumnDefs( $query );
 
 is( ref( $columns ) eq 'HASH', 1, 'GetColumnDefs returns a hashref' );
 # get the tables names, sorted
-my @keys = sort keys %$columns;
-is( scalar @keys, 6, "GetColumnDefs correctly returns the 5 tables defined in columns.def" );
-my @tables = ( 'biblio', 'biblioitems', 'borrowers', 'items', 'statistics', 'subscription');
-cmp_deeply( \@keys, \@tables, "GetColumnDefs returns the expected tables");
+my @keys = sort keys %{$columns};
+is( scalar @keys, 6, 'GetColumnDefs correctly returns the 5 tables defined in columns.def' );
+my @tables = qw( biblio biblioitems borrowers items statistics subscription );
+cmp_deeply( \@keys, \@tables, 'GetColumnDefs returns the expected tables');
 
-subtest 'Testing themelanguage for unique themes (BZ 17982)' => sub {
-    plan tests => 1;
-
-    t::lib::Mocks::mock_preference('template', 'prog');
+subtest 'Testing themelanguage' => sub {
+    plan tests => 12;
+    my $testing_language;
     my $module_language = Test::MockModule->new('C4::Languages');
-    $module_language->mock( 'getlanguage', sub { return 'en'; } );
 
-    # This only triggers the first uniq but that is sufficient for now
-    cmp_deeply( ( C4::Templates::themelanguage( C4::Context->config('intrahtdocs'), 'about.tt' , 'intranet', 'fake_cgi' ) )[2], [ 'prog' ], 'We only expect one prog here' );
+    $module_language->mock(
+        'getlanguage',
+        sub {
+            return $testing_language;
+        }
+    );
+
+    my $cgi = CGI->new();
+    my $htdocs = C4::Context->config('intrahtdocs');
+    my $section = 'intranet';
+    t::lib::Mocks::mock_preference( 'template', 'prog' );
+
+    # trigger first case.
+    $testing_language = 'en';
+    my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, 'about.tt', $section, $cgi);
+    is($theme,'prog',"Expected theme: set en - $theme");
+    is($lang,'en','Expected language: set en');
+    cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for set en' );
+
+    # trigger second case.
+    $testing_language = q{};
+    ($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, 'about.tt', $section, $cgi);
+    is($theme,'prog',"Expected theme: default en - $theme");
+    is($lang,'en','Expected language: default en');
+    cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for default en' );
+
+    # trigger third case.
+    my $template = $htdocs . '/prog/en/modules/about.tt';
+    ($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
+    is($theme,'prog',"Expected defined theme: unset - $theme");
+    is($lang,q{},'Expected language: unset');
+    cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for unset' );
+
+    # trigger bad case.
+    $template = $htdocs . '/prog/en/kaboom/about.tt';
+    ($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
+    is($lang,undef,'Expected language: not coded for');
+    is( $availablethemes, undef, 'We do not expect any available themes -- not coded for' );
+    is($theme,undef,"Expected no theme: not coded for");
+
+    return;
+};
+
+subtest 'Testing gettemplate/badtemplatecheck' => sub {
+    plan tests => 7;
+
+    my $cgi = CGI->new;
+    my $template;
+    warning_like { eval { $template = C4::Templates::gettemplate( '/etc/passwd', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Bad template check';
+    is( $template ? $template->output: '', '', 'Check output' );
+
+    # Test a few more bad paths to gettemplate triggering badtemplatecheck
+    warning_like { eval { C4::Templates::gettemplate( '../topsecret.tt', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'No safe chars';
+    warning_like { eval { C4::Templates::gettemplate( '/noaccess/topsecret.tt', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed';
+    warning_like { eval { C4::Templates::gettemplate( C4::Context->config('intrahtdocs') . '2/prog/en/modules/about.tt', 'intranet', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed too';
+
+    # Allow templates from /tmp
+    t::lib::Mocks::mock_config( 'pluginsdir', [ '/tmp' ] );
+    warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tt' ) }; warn $@ if $@; } undef, 'No warn on template from plugin dir';
+    # Refuse wrong extension
+    warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tmpl' ) }; warn $@ if $@; } qr/bad template/, 'Warn on bad extension';
 };
 
-1;