From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
tests/Framework/Utils.php | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 105 insertions(+), 0 deletions(-)
diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php
index c62e688..b32974d 100644
--- a/tests/Framework/Utils.php
+++ b/tests/Framework/Utils.php
@@ -29,6 +29,7 @@
array('email@domain.name', '.name is valid Top Level Domain name'),
array('email@domain.co.jp', 'Dot in Top Level Domain name also considered valid (use co.jp as example here)'),
array('firstname-lastname@domain.com', 'Dash in address field is valid'),
+ array('test@xn--e1aaa0cbbbcacac.xn--p1ai', 'IDNA domain'),
);
}
@@ -171,6 +172,12 @@
$this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)");
$this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)");
$this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles");
+
+ $css = file_get_contents(TESTS_DIR . 'src/media.css');
+ $mod = rcube_utils::mod_css_styles($css, 'rcmbody');
+
+ $this->assertContains('#rcmbody table[class=w600]', $mod, 'Replace styles nested in @media block');
+ $this->assertContains('#rcmbody {width:600px', $mod, 'Replace body selector nested in @media block');
}
/**
@@ -262,4 +269,102 @@
$this->assertSame($v[2], $result);
}
}
+
+ /**
+ * rcube:utils::strtotime()
+ */
+ function test_strtotime()
+ {
+ $test = array(
+ '1' => 1,
+ '' => 0,
+ '2013-04-22' => 1366581600,
+ '2013/04/22' => 1366581600,
+ '2013.04.22' => 1366581600,
+ '22-04-2013' => 1366581600,
+ '22/04/2013' => 1366581600,
+ '22.04.2013' => 1366581600,
+ '22.4.2013' => 1366581600,
+ '20130422' => 1366581600,
+ );
+
+ foreach ($test as $datetime => $ts) {
+ $result = rcube_utils::strtotime($datetime);
+ $this->assertSame($ts, $result, "Error parsing date: $datetime");
+ }
+ }
+
+ /**
+ * rcube:utils::anytodatetime()
+ */
+ function test_anytodatetime()
+ {
+ $test = array(
+ '2013-04-22' => '2013-04-22',
+ '2013/04/22' => '2013-04-22',
+ '2013.04.22' => '2013-04-22',
+ '22-04-2013' => '2013-04-22',
+ '22/04/2013' => '2013-04-22',
+ '22.04.2013' => '2013-04-22',
+ '04/22/2013' => '2013-04-22',
+ '22.4.2013' => '2013-04-22',
+ '20130422' => '2013-04-22',
+ '1900-10-10' => '1900-10-10',
+ '01-01-1900' => '1900-01-01',
+ '01/30/1960' => '1960-01-30'
+ );
+
+ foreach ($test as $datetime => $ts) {
+ $result = rcube_utils::anytodatetime($datetime);
+ $this->assertSame($ts, $result ? $result->format('Y-m-d') : '', "Error parsing date: $datetime");
+ }
+ }
+
+ /**
+ * rcube:utils::normalize_string()
+ */
+ function test_normalize_string()
+ {
+ $test = array(
+ '' => '',
+ 'abc def' => 'abc def',
+ 'ÇçäâàåæéêëèïîìÅÉöôòüûùÿøØáíóúñÑÁÂÀãÃÊËÈÍÎÏÓÔõÕÚÛÙýÝ' => 'ccaaaaaeeeeiiiaeooouuuyooaiounnaaaaaeeeiiioooouuuyy',
+ 'ąáâäćçčéęëěíîłľĺńňóôöŕřśšşťţůúűüźžżýĄŚŻŹĆ' => 'aaaaccceeeeiilllnnooorrsssttuuuuzzzyaszzc',
+ 'ß' => 'ss',
+ 'ae' => 'a',
+ 'oe' => 'o',
+ 'ue' => 'u',
+ );
+
+ foreach ($test as $input => $output) {
+ $result = rcube_utils::normalize_string($input);
+ $this->assertSame($output, $result);
+ }
+ }
+
+ /**
+ * rcube:utils::is_absolute_path()
+ */
+ function test_is_absolute_path()
+ {
+ if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
+ $test = array(
+ '' => false,
+ "C:\\" => true,
+ 'some/path' => false,
+ );
+ }
+ else {
+ $test = array(
+ '' => false,
+ '/path' => true,
+ 'some/path' => false,
+ );
+ }
+
+ foreach ($test as $input => $output) {
+ $result = rcube_utils::is_absolute_path($input);
+ $this->assertSame($output, $result);
+ }
+ }
}
--
Gitblit v1.9.1