From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 tests/Framework/Mime.php |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/tests/Framework/Mime.php b/tests/Framework/Mime.php
index 3035ba0..4db1856 100644
--- a/tests/Framework/Mime.php
+++ b/tests/Framework/Mime.php
@@ -39,6 +39,8 @@
             19 => 'Test <"test test"@domain.tld>',
             20 => '<"test test"@domain.tld>',
             21 => '"test test"@domain.tld',
+            // invalid (#1489092)
+            22 => '"John Doe @ SomeBusinessName" <MAILER-DAEMON>',
         );
 
         $results = array(
@@ -64,6 +66,8 @@
             19 => array(1, 'Test', '"test test"@domain.tld'),
             20 => array(1, '', '"test test"@domain.tld'),
             21 => array(1, '', '"test test"@domain.tld'),
+            // invalid (#1489092)
+            22 => array(1, 'John Doe @ SomeBusinessName', 'MAILER-DAEMON'),
         );
 
         foreach ($headers as $idx => $header) {
@@ -189,6 +193,10 @@
                 array("-------\nabc def", 5),
                 "-------\nabc\ndef",
             ),
+            array(
+                array("http://xx.xxx.xx.xxx:8080/addressbooks/roundcubexxxxx%40xxxxxxxxxxxxxxxxxxxxxxx.xx.xx/testing/", 70),
+                "http://xx.xxx.xx.xxx:8080/addressbooks/roundcubexxxxx%40xxxxxxxxxxxxxxxxxxxxxxx.xx.xx/testing/",
+            ),
         );
 
         foreach ($samples as $sample) {

--
Gitblit v1.9.1