diff options
-rw-r--r-- | includes/theme.inc | 5 | ||||
-rw-r--r-- | modules/simpletest/tests/theme.test | 8 |
2 files changed, 9 insertions, 4 deletions
diff --git a/includes/theme.inc b/includes/theme.inc index 562655e90..0688e40d6 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -2027,6 +2027,11 @@ function template_page_suggestions($args) { foreach ($args as $arg) { // Remove slashes or null per SA-CORE-2009-003. $arg = str_replace(array("/", "\\", "\0"), '', $arg); + // The percent acts as a wildcard for numeric arguments since + // asterisks are not valid filename characters on many filesystems. + if (is_numeric($arg)) { + $suggestions[] = $suggestion . '-%'; + } $suggestions[] = $suggestion . '-' . $arg; if (!is_numeric($arg)) { $suggestion .= '-' . $arg; diff --git a/modules/simpletest/tests/theme.test b/modules/simpletest/tests/theme.test index 6a79e4b4c..805d85510 100644 --- a/modules/simpletest/tests/theme.test +++ b/modules/simpletest/tests/theme.test @@ -27,17 +27,17 @@ class TemplateUnitTest extends DrupalWebTestCase { variable_set('site_frontpage', 'nobody-home'); $args = array('node', '1', 'edit'); $suggestions = template_page_suggestions($args); - $this->assertEqual($suggestions, array('page-node', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions')); + $this->assertEqual($suggestions, array('page-node', 'page-node-%', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions')); // Check attack vectors. $args = array('node', '\\1'); $suggestions = template_page_suggestions($args); - $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\ from template suggestions')); + $this->assertEqual($suggestions, array('page-node', 'page-node-%', 'page-node-1'), t('Removed invalid \\ from template suggestions')); $args = array('node', '1/'); $suggestions = template_page_suggestions($args); - $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid / from template suggestions')); + $this->assertEqual($suggestions, array('page-node', 'page-node-%', 'page-node-1'), t('Removed invalid / from template suggestions')); $args = array('node', "1\0"); $suggestions = template_page_suggestions($args); - $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\0 from template suggestions')); + $this->assertEqual($suggestions, array('page-node', 'page-node-%', 'page-node-1'), t('Removed invalid \\0 from template suggestions')); // Tests for drupal_discover_template() $suggestions = array('page'); $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Safe template discovered')); |