diff options
author | David Rothstein <drothstein@gmail.com> | 2015-06-17 14:38:44 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-06-17 14:38:44 -0400 |
commit | 5cb79b4b217e9aa315d61284398cce132c28bea4 (patch) | |
tree | ff85c0695ee9db1178447fa29d7f76a3ff8e67f6 /modules/field_ui/field_ui.test | |
parent | 18c5da5028b7c3ba985e598bb8df45613285d437 (diff) | |
download | brdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.gz brdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.bz2 |
Drupal 7.38
Diffstat (limited to 'modules/field_ui/field_ui.test')
-rw-r--r-- | modules/field_ui/field_ui.test | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/field_ui/field_ui.test b/modules/field_ui/field_ui.test index 21767d649..8c42aa6f5 100644 --- a/modules/field_ui/field_ui.test +++ b/modules/field_ui/field_ui.test @@ -445,6 +445,19 @@ class FieldUIManageFieldsTestCase extends FieldUITestCase { $this->assertText(t('The machine-readable name is already in use. It must be unique.')); $this->assertUrl($url, array(), 'Stayed on the same page.'); } + + /** + * Tests that external URLs in the 'destinations' query parameter are blocked. + */ + function testExternalDestinations() { + $path = 'admin/structure/types/manage/article/fields/field_tags/field-settings'; + $options = array( + 'query' => array('destinations' => array('http://example.com')), + ); + $this->drupalPost($path, NULL, t('Save field settings'), $options); + + $this->assertUrl('admin/structure/types/manage/article/fields', array(), 'Stayed on the same site.'); + } } /** |