Changeset 4489 in subversion
- Timestamp:
- Feb 3, 2011 4:21:26 PM (2 years ago)
- Location:
- trunk/roundcubemail
- Files:
-
- 2 edited
-
CHANGELOG (modified) (1 diff)
-
tests/mailfunc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/roundcubemail/CHANGELOG
r4487 r4489 2 2 =========================== 3 3 4 - Security: prevent from relaying malicious requests through modcss.inc 4 5 - Fix handling of non-image attachments in multipart/related messages (#1487750) 5 6 - Fix IDNA support when IDN/INTL modules are in use (#1487742) -
trunk/roundcubemail/tests/mailfunc.php
r4402 r4489 67 67 $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); 68 68 $this->assertPattern("#url\('?http://evilsite.net/newsletter/image/bg/bg-64.jpg'?\)#", $html2, "Allow external images in CSS (safe mode)"); 69 70 $css = '<link rel="stylesheet" type="text/css" href="?_task=utils&_action=modcss&u='.urlencode('http://anysite.net/styles/mail.css').'&c=foo"'; 71 $this->assertPattern('#'.preg_quote($css).'#', $html2, "Filter external styleseehts with bin/modcss.php"); 69 $css = '<link rel="stylesheet" .+_u=tmp-[a-z0-9]+\.css.+_action=modcss'; 70 $this->assertPattern('#'.$css.'#Ui', $html2, "Filter (anonymized) external styleseehts with utils/modcss.inc"); 72 71 } 73 72
Note: See TracChangeset
for help on using the changeset viewer.
