From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 tests/Framework/VCard.php |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/tests/Framework/VCard.php b/tests/Framework/VCard.php
index 15aa5d8..3353b5b 100644
--- a/tests/Framework/VCard.php
+++ b/tests/Framework/VCard.php
@@ -65,6 +65,20 @@
         $this->assertEquals("prefix", $vcard['prefix'], "Decode backslash character");
     }
 
+    /**
+     * Backslash parsing test (#1489085)
+     */
+    function test_parse_five()
+    {
+        $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\\\\\a;fir\\nst\nURL:http\\://domain.tld\nEND:VCARD";
+        $vcard = new rcube_vcard($vcard, null);
+        $vcard = $vcard->get_assoc();
+
+        $this->assertEquals("last\\a", $vcard['surname'], "Decode dummy backslash character");
+        $this->assertEquals("fir\nst", $vcard['firstname'], "Decode backslash character");
+        $this->assertEquals("http://domain.tld", $vcard['website:other'][0], "Decode dummy backslash character");
+    }
+
     function test_import()
     {
         $input = file_get_contents($this->_srcpath('apple.vcf'));

--
Gitblit v1.9.1