use strict;
use warnings;
-use RT::Test tests => 22;
+use RT::Test tests => undef;
my ($baseurl, $agent) = RT::Test->started_ok;
+ok($agent->login);
$agent->get("$baseurl/NoAuth/../Elements/HeaderJavascript");
is($agent->status, 400);
$agent->warning_like(qr/Invalid request.*aborting/,);
};
+# Do not reject a simple /. in the URL, for downloading uploaded
+# dotfiles, for example.
+$agent->get("$baseurl/Ticket/Attachment/28/9/.bashrc");
+is($agent->status, 200); # Even for a file not found, we return 200
+$agent->content_contains("Bad attachment id");
+
# do not reject these URLs, even though they contain /. outside the path
$agent->get("$baseurl/index.html?ignored=%2F%2E");
is($agent->status, 200);
$agent->get("$baseurl/index.html#/.");
is($agent->status, 200);
+undef $agent;
+done_testing;