From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 tests/Framework/Html.php |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/tests/Framework/Html.php b/tests/Framework/Html.php
index 107f828..60284de 100644
--- a/tests/Framework/Html.php
+++ b/tests/Framework/Html.php
@@ -17,4 +17,29 @@
 
         $this->assertInstanceOf('html', $object, "Class constructor");
     }
+
+    /**
+     * Data for test_quote()
+     */
+    function data_quote()
+    {
+        return array(
+            array('abc', 'abc'),
+            array('?', '?'),
+            array('"', '&quot;'),
+            array('<', '&lt;'),
+            array('>', '&gt;'),
+            array('&', '&amp;'),
+            array('&amp;', '&amp;amp;'),
+        );
+    }
+
+    /**
+     * Test for quote()
+     * @dataProvider data_quote
+     */
+    function test_quote($str, $result)
+    {
+        $this->assertEquals(html::quote($str), $result);
+    }
 }

--
Gitblit v1.9.1