X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Ft%2Fsecurity%2FCVE-2011-5092-localizeddatetime.t;fp=rt%2Ft%2Fsecurity%2FCVE-2011-5092-localizeddatetime.t;h=733afc08a636a2d09fe10a85fbfc46bd015cd592;hb=ed1f84b4e8f626245995ecda5afcf83092c153b2;hp=0000000000000000000000000000000000000000;hpb=fe9ea9183e8a16616d6d04a7b5c7498d28e78248;p=freeside.git

diff --git a/rt/t/security/CVE-2011-5092-localizeddatetime.t b/rt/t/security/CVE-2011-5092-localizeddatetime.t
new file mode 100644
index 000000000..733afc08a
--- /dev/null
+++ b/rt/t/security/CVE-2011-5092-localizeddatetime.t
@@ -0,0 +1,30 @@
+use strict;
+use warnings;
+
+use RT::Test tests => undef;
+
+my $root = RT::CurrentUser->new('root');
+my ($ok, $msg) = $root->UserObj->SetLang('en-us');
+ok $ok, $msg;
+
+my $year = (localtime time)[5] + 1900;
+my $date = RT::Date->new( $root );
+$date->SetToNow;
+
+like $date->AsString( Format => 'LocalizedDateTime' ),
+     qr/\Q$year\E/, 'contains full year';
+
+unlike $date->AsString( Format => 'LocalizedDateTime', DateFormat => 'date_format_short' ),
+     qr/\Q$year\E/, 'lacks full year';
+
+eval {
+    $date->AsString( Format => 'LocalizedDateTime', DateFormat => 'bogus::format' );
+};
+ok !$@, "didn't die with bogus DateFormat";
+
+eval {
+    $date->AsString( Format => 'LocalizedDateTime', TimeFormat => 'bogus::format' );
+};
+ok !$@, "didn't die with bogus TimeFormat";
+
+done_testing;