From aa12df20e46ae72467f8d4dc01784a500eb83f0c Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 01 Apr 2010 02:39:06 -0400
Subject: [PATCH] Add server-side plugin hooks to address group functions + better action names

---
 tests/mailfunc.php |   26 +++++++++++++++++++++++---
 1 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/tests/mailfunc.php b/tests/mailfunc.php
index 8fd2cd3..755cadc 100644
--- a/tests/mailfunc.php
+++ b/tests/mailfunc.php
@@ -51,19 +51,23 @@
     $this->assertPattern('#background="./program/blocked.gif"#', $html, "Replace external background image");
     $this->assertNoPattern('/ex3.jpg/', $html, "No references to external images");
     $this->assertNoPattern('/<meta [^>]+>/', $html, "No meta tags allowed");
-    $this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed");
+    //$this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed");
     $this->assertNoPattern('/<form [^>]+>/', $html, "No form tags allowed");
     $this->assertPattern('/Subscription form/', $html, "Include <form> contents");
-    $this->assertPattern('/<!-- input not allowed -->/', $html, "No input elements allowed");
+    $this->assertPattern('/<!-- input ignored -->/', $html, "No input elements allowed");
+    $this->assertPattern('/<!-- link ignored -->/', $html, "No external links allowed");
     $this->assertPattern('/<a[^>]+ target="_blank">/', $html, "Set target to _blank");
     $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected");
     
     // render HTML in safe mode
-    $html2 = rcmail_print_body($part, array('safe' => true));
+    $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo');
     
     $this->assertPattern('/<style [^>]+>/', $html2, "Allow styles in safe mode");
     $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)");
     $this->assertPattern("#url\('http://evilsite.net/newsletter/image/bg/bg-64.jpg'\)#", $html2, "Allow external images in CSS (safe mode)");
+    
+    $css = '<link rel="stylesheet" type="text/css" href="./bin/modcss.php?u='.urlencode('http://anysite.net/styles/mail.css').'&amp;c=foo"';
+    $this->assertPattern('#'.preg_quote($css).'#', $html2, "Filter external styleseehts with bin/modcss.php");
   }
 
   /**
@@ -110,6 +114,22 @@
     $this->assertPattern('#<a href="http://www.apple.com/legal/privacy/" target="_blank">http://www.apple.com/legal/privacy/</a>#', $html, "Links with target=_blank");
   }
 
+  /**
+   * Test mailto links in html messages
+   */
+  function test_mailto()
+  {
+    $part = $this->get_html_part('src/mailto.txt');
+    
+    // render HTML in normal mode
+    $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo');
+
+    $mailto = '<a href="mailto:me@me.com?subject=this is the subject&amp;body=this is the body"'
+      .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&amp;body=this is the body\',this)">e-mail</a>';
+
+    $this->assertPattern('|'.preg_quote($mailto, '|').'|', $html, "Extended mailto links");
+  }
+
 }
 
 ?>
\ No newline at end of file

--
Gitblit v1.9.1