diff options
author | David Rothstein <drothstein@gmail.com> | 2012-06-03 18:35:03 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2012-06-03 18:35:03 -0400 |
commit | d98d58655d513c737f60486ecc4a92f82aece868 (patch) | |
tree | f0873d93d972aaa892664f4be348e3936e877ef1 | |
parent | 746b5ac4098ff9be66a94ba9950a62c3583eb5d5 (diff) | |
download | brdo-d98d58655d513c737f60486ecc4a92f82aece868.tar.gz brdo-d98d58655d513c737f60486ecc4a92f82aece868.tar.bz2 |
Issue #1558468 by Berdir, tim.plunkett: SA-CORE-2012-002 - Denial of Service (followup for D7 test coverage).
-rw-r--r-- | modules/filter/filter.test | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/modules/filter/filter.test b/modules/filter/filter.test index 1a21ecbbd..5471f2da3 100644 --- a/modules/filter/filter.test +++ b/modules/filter/filter.test @@ -1195,6 +1195,11 @@ class FilterUnitTestCase extends DrupalUnitTestCase { // - absolute, mail, partial // - characters/encoding, surrounding markup, security + // Create a e-mail that is too long. + $long_email = str_repeat('a', 254) . '@example.com'; + $too_long_email = str_repeat('b', 255) . '@example.com'; + + // Filter selection/pattern matching. $tests = array( // HTTP URLs. @@ -1206,10 +1211,12 @@ http://example.com or www.example.com ), // MAILTO URLs. ' -person@example.com or mailto:person2@example.com +person@example.com or mailto:person2@example.com or ' . $long_email . ' but not ' . $too_long_email . ' ' => array( '<a href="mailto:person@example.com">person@example.com</a>' => TRUE, '<a href="mailto:person2@example.com">mailto:person2@example.com</a>' => TRUE, + '<a href="mailto:' . $long_email . '">' . $long_email . '</a>' => TRUE, + '<a href="mailto:' . $too_long_email . '">' . $too_long_email . '</a>' => FALSE, ), // URI parts and special characters. ' |