diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-10-22 14:29:44 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-10-22 14:29:44 +0200 |
commit | 48ba4414b33c8982f8232b06f06d68f3213aa986 (patch) | |
tree | c36c555e1e2cca6cfe1fdd12018da05b648798b9 /tests/MailFunc.php | |
parent | e2251db1d5b536f61fe7db57b96a9601465bd139 (diff) |
Fix download of attachments that are part of TNEF message (#1490091)
Rcube_message_part::body content should never be modified by code out of the rcube_message.
Added convenient rcube_message::get_part_body() method, making rcube_message::get_part_content() deprecated.
Diffstat (limited to 'tests/MailFunc.php')
-rw-r--r-- | tests/MailFunc.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/tests/MailFunc.php b/tests/MailFunc.php index 05f26324e..7fb78ef9e 100644 --- a/tests/MailFunc.php +++ b/tests/MailFunc.php @@ -42,7 +42,7 @@ class MailFunc extends PHPUnit_Framework_TestCase $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg'); // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); + $html = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => false)), 'foo'); $this->assertRegExp('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image"); $this->assertRegExp('#background="./program/resources/blocked.gif"#', $html, "Replace external background image"); @@ -56,7 +56,7 @@ class MailFunc extends PHPUnit_Framework_TestCase $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected"); // render HTML in safe mode - $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo'); + $html2 = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => true)), 'foo'); $this->assertRegExp('/<style [^>]+>/', $html2, "Allow styles in safe mode"); $this->assertRegExp('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); @@ -71,7 +71,7 @@ class MailFunc extends PHPUnit_Framework_TestCase function test_html_xss() { $part = $this->get_html_part('src/htmlxss.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); + $washed = rcmail_print_body($part->body, $part, array('safe' => true)); $this->assertNotRegExp('/src="skins/', $washed, "Remove local references"); $this->assertNotRegExp('/\son[a-z]+/', $washed, "Remove on* attributes"); @@ -88,7 +88,7 @@ class MailFunc extends PHPUnit_Framework_TestCase function test_html_xss2() { $part = $this->get_html_part('src/BID-26800.txt'); - $washed = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'dabody', '', $attr, true); + $washed = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => true)), 'dabody', '', $attr, true); $this->assertNotRegExp('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks"); $this->assertNotRegExp('/font-style:italic/', $washed, "Allow valid styles"); @@ -114,7 +114,7 @@ class MailFunc extends PHPUnit_Framework_TestCase function test_washtml_utf8() { $part = $this->get_html_part('src/invalidchars.html'); - $washed = rcmail_print_body($part); + $washed = rcmail_print_body($part->body, $part); $this->assertRegExp('/<p>символ<\/p>/', $washed, "Remove non-unicode characters from HTML message body"); } @@ -128,7 +128,7 @@ class MailFunc extends PHPUnit_Framework_TestCase $part->ctype_primary = 'text'; $part->ctype_secondary = 'plain'; $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt')); - $html = rcmail_print_body($part, array('safe' => true)); + $html = rcmail_print_body($part->body, $part, array('safe' => true)); $this->assertRegExp('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick"); $this->assertRegExp('#<a rel="noreferrer" target="_blank" href="http://www.apple.com/legal/privacy">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank"); @@ -143,7 +143,7 @@ class MailFunc extends PHPUnit_Framework_TestCase $part = $this->get_html_part('src/mailto.txt'); // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); + $html = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => false)), 'foo'); $mailto = '<a href="mailto:me@me.com"' .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&body=this is the body\',this)" rel="noreferrer">e-mail</a>'; @@ -157,7 +157,7 @@ class MailFunc extends PHPUnit_Framework_TestCase function test_html_comments() { $part = $this->get_html_part('src/htmlcom.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); + $washed = rcmail_print_body($part->body, $part, array('safe' => true)); // #1487759 $this->assertRegExp('|<p>test1</p>|', $washed, "Buggy HTML comments"); |