From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
tests/Framework/VCard.php | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/tests/Framework/VCard.php b/tests/Framework/VCard.php
index 79d2976..3353b5b 100644
--- a/tests/Framework/VCard.php
+++ b/tests/Framework/VCard.php
@@ -50,6 +50,35 @@
$this->assertRegExp('/TEL;TYPE=CELL:\+987654321/', $vcf, "Return CELL instead of MOBILE (set)");
}
+ /**
+ * Backslash escaping test (#1488896)
+ */
+ function test_parse_four()
+ {
+ $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\;;first\\\\;middle\\\\\\;\\\\;prefix;\nFN:test\nEND:VCARD";
+ $vcard = new rcube_vcard($vcard, null);
+ $vcard = $vcard->get_assoc();
+
+ $this->assertEquals("last;", $vcard['surname'], "Decode backslash character");
+ $this->assertEquals("first\\", $vcard['firstname'], "Decode backslash character");
+ $this->assertEquals("middle\\;\\", $vcard['middlename'], "Decode backslash character");
+ $this->assertEquals("prefix", $vcard['prefix'], "Decode backslash character");
+ }
+
+ /**
+ * Backslash parsing test (#1489085)
+ */
+ function test_parse_five()
+ {
+ $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\\\\\a;fir\\nst\nURL:http\\://domain.tld\nEND:VCARD";
+ $vcard = new rcube_vcard($vcard, null);
+ $vcard = $vcard->get_assoc();
+
+ $this->assertEquals("last\\a", $vcard['surname'], "Decode dummy backslash character");
+ $this->assertEquals("fir\nst", $vcard['firstname'], "Decode backslash character");
+ $this->assertEquals("http://domain.tld", $vcard['website:other'][0], "Decode dummy backslash character");
+ }
+
function test_import()
{
$input = file_get_contents($this->_srcpath('apple.vcf'));
--
Gitblit v1.9.1