Bug 21454: Do not require html filter on Price

Test plan:
- Apply first patch
- Confirm that tests is failing (t/template_filters.t)
- Apply second patch
- Confirm that tests return green
- Apply last patch
- Confirm that prices are displayed correctly

QA step:
Edit a template and add the following 2 lines:
[% SET p = '<script>alert("foo");</script>' %]
[% x | $Price %]
=> Display '0.00'

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/t/lib/QA/TemplateFilters.pm b/t/lib/QA/TemplateFilters.pm
index 4b4a3d2..2aa94b7 100644 (file)
--- a/t/lib/QA/TemplateFilters.pm
+++ b/t/lib/QA/TemplateFilters.pm
@@ -65,7 +65,8 @@ sub missing_filters {
                 next if grep { $tt_block =~ $_ } @tt_directives;
 
                 next
-                  if $tt_block =~ m{\s?\|\s?\$KohaDates\s?$}
+                  if   $tt_block =~ m{\s?\|\s?\$KohaDates\s?$}
+                    or $tt_block =~ m{\s?\|\s?\$Price\s?$}
                   ;    # We could escape it but should be safe
                 next if $tt_block =~ m{^\#};    # Is a comment, skip it