SQL-Injection vermeiden. Fix für Revisionen 2936, 2937.

[kivitendo-erp.git] / SL / Form.pm

diff --git a/SL/Form.pm b/SL/Form.pm
index 951b850613e76deab65a6eb7ab236fe5670141e2..f43578bb623e43a5c15fb7e5deef0c0a8529215d 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -546,7 +546,7 @@ sub _prepare_html_template {
   return $file;
 }
 
-sub parse_html_template2 {
+sub parse_html_template {
   $main::lxdebug->enter_sub();
 
   my ($self, $file, $additional_params) = @_;
@@ -555,11 +555,12 @@ sub parse_html_template2 {
 
   $file = $self->_prepare_html_template($file, $additional_params);
 
-  my $template = Template->new({ 'INTERPOLATE' => 0,
-                                 'EVAL_PERL'   => 0,
-                                 'ABSOLUTE'    => 1,
-                                 'CACHE_SIZE'  => 0,
-                                 'PLUGIN_BASE' => 'SL::Template::Plugin',
+  my $template = Template->new({ 'INTERPOLATE'  => 0,
+                                 'EVAL_PERL'    => 0,
+                                 'ABSOLUTE'     => 1,
+                                 'CACHE_SIZE'   => 0,
+                                 'PLUGIN_BASE'  => 'SL::Template::Plugin',
+                                 'INCLUDE_PATH' => '.:templates/webpages',
                                }) || die;
 
   map { $additional_params->{$_} ||= $self->{$_} } keys %{ $self };
@@ -598,7 +599,7 @@ sub show_generic_error {
   $self->{title} = $title if ($title);
 
   $self->header();
-  print $self->parse_html_template2("generic/error", $add_params);
+  print $self->parse_html_template("generic/error", $add_params);
 
   die("Error: $error\n");
 }
@@ -614,7 +615,7 @@ sub show_generic_information {
   $self->{title} = $title if ($title);
 
   $self->header();
-  print $self->parse_html_template2("generic/information", $add_params);
+  print $self->parse_html_template("generic/information", $add_params);
 
   die("Information: $error\n");
 }