diff options
Diffstat (limited to 'rt/t/security/CVE-2011-5092-datetimeformat.t')
-rw-r--r-- | rt/t/security/CVE-2011-5092-datetimeformat.t | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/rt/t/security/CVE-2011-5092-datetimeformat.t b/rt/t/security/CVE-2011-5092-datetimeformat.t new file mode 100644 index 0000000..470f4f4 --- /dev/null +++ b/rt/t/security/CVE-2011-5092-datetimeformat.t @@ -0,0 +1,48 @@ +use strict; +use warnings; + +use RT::Test tests => undef; + +my ($base, $m) = RT::Test->started_ok; + +my $user = RT::Test->load_or_create_user( + Name => 'user', + Password => 'password', + Privileged => 1, +); + +ok $user->id, 'created user'; + +ok( + RT::Test->set_rights( + { Principal => 'privileged', Right => [qw(ModifySelf ShowTicket)] }, + ), + "granted ModifySelf to privileged" +); + +my $ticket = RT::Test->create_ticket( + Queue => 'General', + Subject => 'testing', +); + +ok $ticket->id, 'created ticket'; + +$m->login('user'); +$m->get_ok("$base/Prefs/Other.html"); +my $format = 'Formatters'; +$m->submit_form_ok({ + form_name => 'ModifyPreferences', + fields => { + DateTimeFormat => $format, + }, + button => 'Update', +}, 'update prefs'); +is $user->Preferences(RT->System, {})->{DateTimeFormat}, $format, 'set preference'; + +$m->no_warnings_ok; +$m->get_ok("$base/Ticket/Display.html?id=" . $ticket->id); +$m->next_warning_like(qr/Invalid date formatter.+?\Q$format\E/, 'invalid formatter warning'); +$m->content_lacks($_, "lacks formatter in page") for @RT::Date::FORMATTERS; + +undef $m; +done_testing; |