Bug 6629 : Follow up to trap vuln in webinstaller and fixing the error

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch fixes problem occuring in web installer.

diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm
index 2c07bbe..10cbea3 100644 (file)
--- a/installer/InstallAuth.pm
+++ b/installer/InstallAuth.pm
@@ -117,7 +117,7 @@ sub get_template_and_user {
     $tmplbase=~ s/\.tmpl$/.tt/;
     my $filename = "$path/modules/" . $tmplbase;
     my $interface = 'intranet';
-    my $template = C4::Templates->new( $interface, $filename, $tmplbase);
+    my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query);
     
     my ( $user, $cookie, $sessionID, $flags ) = checkauth(
         $in->{'query'},
@@ -158,12 +158,14 @@ sub get_template_and_user {
 }
 
 sub _get_template_language {
-  #verify if opac language exists in staff (bug 5660)
-  #conditions are 1) dir exists and 2) enabled in prefs
-  my ($opaclang)= @_;
-  return 'en' unless $opaclang;
-  my $path= C4::Context->config('intrahtdocs')."/prog/$opaclang";
-  -d $path ? $opaclang : 'en';
+
+    #verify if opac language exists in staff (bug 5660)
+    #conditions are 1) dir exists and 2) enabled in prefs
+    my ($opaclang) = @_;
+    return 'en' unless $opaclang;
+    $opaclang =~ s/[^a-zA-Z_-]*//g;
+    my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang";
+    -d $path ? $opaclang : 'en';
 }
 
 =item checkauth
@@ -365,7 +367,7 @@ sub checkauth {
     my $filename = "$path/modules/$template_name";
     $filename =~ s/\.tmpl$/.tt/;
     my $interface = 'intranet';
-    my $template = C4::Templates->new( $interface, $filename);
+    my $template = C4::Templates->new( $interface, $filename, '', $query);
     $template->param(
         INPUTS => \@inputs,