use CGI;
-use Test::More tests => 6;
+use Test::More tests => 7;
use Test::Deep;
use Test::MockModule;
+use Test::Warn;
use t::lib::Mocks;
my @tables = qw( biblio biblioitems borrowers items statistics subscription );
cmp_deeply( \@keys, \@tables, 'GetColumnDefs returns the expected tables');
-subtest 'Testing themelanguage for unique themes (BZ 17982)' => sub {
+subtest 'Testing themelanguage' => sub {
plan tests => 12;
my $testing_language;
my $module_language = Test::MockModule->new('C4::Languages');
my $cgi = CGI->new();
my $htdocs = C4::Context->config('intrahtdocs');
my $section = 'intranet';
+ t::lib::Mocks::mock_preference( 'template', 'prog' );
# trigger first case.
$testing_language = 'en';
my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, 'about.tt', $section, $cgi);
is($theme,'prog',"Expected theme: set en - $theme");
is($lang,'en','Expected language: set en');
- cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one prog: set en' );
+ cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for set en' );
# trigger second case.
$testing_language = q{};
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, 'about.tt', $section, $cgi);
is($theme,'prog',"Expected theme: default en - $theme");
is($lang,'en','Expected language: default en');
- cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one prog: default en' );
+ cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for default en' );
# trigger third case.
my $template = $htdocs . '/prog/en/modules/about.tt';
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
is($theme,'prog',"Expected defined theme: unset - $theme");
is($lang,q{},'Expected language: unset');
- cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one prog: unset' );
+ cmp_deeply( $availablethemes, [ 'prog' ], 'We only expect one available theme for unset' );
# trigger bad case.
$template = $htdocs . '/prog/en/kaboom/about.tt';
($theme, $lang, $availablethemes) = C4::Templates::themelanguage($htdocs, $template, $section, $cgi);
is($lang,undef,'Expected language: not coded for');
- is( $availablethemes, undef, 'We only expect no prog: not coded for' );
+ is( $availablethemes, undef, 'We do not expect any available themes -- not coded for' );
is($theme,undef,"Expected no theme: not coded for");
return;
};
-1;
+subtest 'Testing gettemplate/badtemplatecheck' => sub {
+ plan tests => 7;
+
+ my $cgi = CGI->new;
+ my $template;
+ warning_like { eval { $template = C4::Templates::gettemplate( '/etc/passwd', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Bad template check';
+ is( $template ? $template->output: '', '', 'Check output' );
+
+ # Test a few more bad paths to gettemplate triggering badtemplatecheck
+ warning_like { eval { C4::Templates::gettemplate( '../topsecret.tt', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'No safe chars';
+ warning_like { eval { C4::Templates::gettemplate( '/noaccess/topsecret.tt', 'opac', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed';
+ warning_like { eval { C4::Templates::gettemplate( C4::Context->config('intrahtdocs') . '2/prog/en/modules/about.tt', 'intranet', $cgi, 1 ) }; warn $@ if $@; } qr/bad template/, 'Directory not allowed too';
+
+ # Allow templates from /tmp
+ t::lib::Mocks::mock_config( 'pluginsdir', [ '/tmp' ] );
+ warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tt' ) }; warn $@ if $@; } undef, 'No warn on template from plugin dir';
+ # Refuse wrong extension
+ warning_like { eval { C4::Templates::badtemplatecheck( '/tmp/about.tmpl' ) }; warn $@ if $@; } qr/bad template/, 'Warn on bad extension';
+};
+
projects / koha.git / blobdiff