From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 tests/Framework/BaseReplacer.php |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/tests/Framework/BaseReplacer.php b/tests/Framework/BaseReplacer.php
index e00b9e5..44a9604 100644
--- a/tests/Framework/BaseReplacer.php
+++ b/tests/Framework/BaseReplacer.php
@@ -17,4 +17,18 @@
 
         $this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor");
     }
+
+    /**
+     * Test replace()
+     */
+    function test_replace()
+    {
+        $base = 'http://thisshouldntbetheurl.bob.com/';
+        $html = '<A href=http://shouldbethislink.com>Test URL</A>';
+
+        $replacer = new rcube_base_replacer($base);
+        $response = $replacer->replace($html);
+
+        $this->assertSame('<A href="http://shouldbethislink.com">Test URL</A>', $response);
+    }
 }

--
Gitblit v1.9.1