From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 tests/Framework/Html2text.php |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/tests/Framework/Html2text.php b/tests/Framework/Html2text.php
index 1d89638..3e0df48 100644
--- a/tests/Framework/Html2text.php
+++ b/tests/Framework/Html2text.php
@@ -56,4 +56,23 @@
 
         $this->assertEquals($out, $res, $title);
     }
+
+    /**
+     *
+     */
+    function test_multiple_blockquotes()
+    {
+        $html = <<<EOF
+<br>Begin<br><blockquote>OUTER BEGIN<blockquote>INNER 1<br></blockquote><div><br></div><div>Par 1</div>
+<blockquote>INNER 2</blockquote><div><br></div><div>Par 2</div>
+<div><br></div><div>Par 3</div><div><br></div>
+<blockquote>INNER 3</blockquote>OUTER END</blockquote>
+EOF;
+        $ht = new rcube_html2text($html, false, false);
+        $res = $ht->get_text();
+
+        $this->assertContains('>> INNER 1', $res, 'Quote inner');
+        $this->assertContains('>> INNER 3', $res, 'Quote inner');
+        $this->assertContains('> OUTER END', $res, 'Quote outer');
+    }
 }

--
Gitblit v1.9.1