From ba25a793bbc061e268620717cfcab7bfdbc3d8b0 Mon Sep 17 00:00:00 2001
From: tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Fri, 28 Sep 2007 19:12:05 +0000
Subject: Adding some limitations to template format names

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1673 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/Template.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/LedgerSMB/Template.pm b/LedgerSMB/Template.pm
index 31b98a3c..ad48ad52 100755
--- a/LedgerSMB/Template.pm
+++ b/LedgerSMB/Template.pm
@@ -137,6 +137,9 @@ sub new {
 
 	bless $self, $class;
 
+	if ($self->{format} !~ /^\p{IsAlnum}+$/) {
+		throw Error::Simple "Invalid format";
+	}
 	if (!$self->{include_path}){
 		$self->{include_path} = $self->{'myconfig'}->{'templates'};
 		if (defined $self->{language}){
@@ -169,6 +172,9 @@ sub _valid_language {
 sub render {
 	my $self = shift;
 	my $vars = shift;
+	if ($self->{format} !~ /^\p{IsAlnum}+$/) {
+		throw Error::Simple "Invalid format";
+	}
 	my $format = "LedgerSMB::Template::$self->{format}";
 
 	eval "require $format";
@@ -217,6 +223,9 @@ sub _http_output {
 	my $self = shift;
 	my $data = shift;
 	$data ||= $self->{output};
+	if ($self->{format} !~ /^\p{IsAlnum}+$/) {
+		throw Error::Simple "Invalid format";
+	}
 	my $format = "LedgerSMB::Template::$self->{format}";
 	my $disposition = "\n";
 	my $name = $format->can('postprocess')->($self);
-- 
cgit v1.2.3