From 0aba1faa0803af6013c9ac2071e87f117e9c4835 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 26 Jul 2017 21:14:05 +0200 Subject: [ticket/security/211] Do not match javascript URIs with URL regexes SECURITY-211 --- tests/functions/make_clickable_test.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/functions') diff --git a/tests/functions/make_clickable_test.php b/tests/functions/make_clickable_test.php index 63beeb06b2..2cdefe689d 100644 --- a/tests/functions/make_clickable_test.php +++ b/tests/functions/make_clickable_test.php @@ -55,6 +55,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case 'http://testhost/viewtopic.php?t=1', 'viewtopic.php?t=1' ), + array( + 'javascript://testhost/viewtopic.php?t=1', + 'javascript://testhost/viewtopic.php?t=1' + ), array( 'email@domain.com', 'email@domain.com' @@ -92,6 +96,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case 'ftp://ftp.täst.de/', 'ftp://ftp.täst.de/' ), + array( + 'javascript://täst.de/', + 'javascript://täst.de/' + ), array( 'sip://bantu@täst.de', 'sip://bantu@täst.de' -- cgit v1.2.1 From f7d387f93c421e93ef13375bd5e0fb408e921598 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 27 Jul 2017 18:23:43 +0200 Subject: [ticket/security/211] Add test for line breaks in URL SECURITY-211 --- tests/functions/make_clickable_test.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests/functions') diff --git a/tests/functions/make_clickable_test.php b/tests/functions/make_clickable_test.php index 2cdefe689d..2bb7721d21 100644 --- a/tests/functions/make_clickable_test.php +++ b/tests/functions/make_clickable_test.php @@ -59,6 +59,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case 'javascript://testhost/viewtopic.php?t=1', 'javascript://testhost/viewtopic.php?t=1' ), + array( + "java\nscri\npt://testhost/viewtopic.php?t=1", + "java\nscri\npt://testhost/viewtopic.php?t=1" + ), array( 'email@domain.com', 'email@domain.com' -- cgit v1.2.1