RT 4.2.11, ticket#13852

[freeside.git] / rt / t / security / CVE-2011-2084-modifyscrips-templates.t

diff --git a/rt/t/security/CVE-2011-2084-modifyscrips-templates.t b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
index f68706e..0e59c52 100644 (file)
--- a/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
+++ b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
@@ -59,32 +59,39 @@ diag "ModifyScrips";
     $scrip = RT::Scrip->new( $cu );
     $scrip->Load( $scrip_id );
     ok $scrip->id, "loaded scrip as test user";
-    is $scrip->Queue, $qa->Id, 'queue is A';
+    ok $scrip->IsAdded( $qa->Id ), 'queue is A';
 
     ok +($scrip->SetName('Testing ModifyScrips'));
 
-    set_fails( Queue => $scrip => $qb );
-    set_fails( Queue => $scrip => 0 );
-    set_fails( Queue => $scrip => undef );
-    set_fails( Queue => $scrip => '' );
+    for my $value ($qb->id, 0, undef, '') {
+        my ($ok, $why) = $scrip->AddToObject( $value );
+        my $disp = (defined($value) ? "'$value'" : "undef");
+        ok( !$ok, "Correctly not added to $disp: $why" );
+    }
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips', Object => $qb );
 
-    set_ok( Queue => $scrip => $qb );
-    set_fails( Queue => $scrip => 0 );
-    set_fails( Queue => $scrip => undef );
-    set_fails( Queue => $scrip => '' );
+    for my $value ($qb->id, 0, undef, '') {
+        my ($ok, $why) = $scrip->AddToObject( $value );
+        my $disp = (defined($value) ? "'$value'" : "undef");
+        if ($value) {
+            ok( $ok, "Correctly added to $disp: $why" );
+        } else {
+            ok( !$ok, "Correctly not added to $disp: $why" );
+        }
+    }
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips' );
 
-    set_ok( Queue => $scrip => 0 );
+    my ($ok, $why) = $scrip->AddToObject( 0 );
+    ok( $ok, "Correctly added globally: $why" );
 
-    set_fails( Template => $scrip => 2 );
+    set_fails( Template => $scrip => "Autoreply" );
 
     RT::Test->add_rights( Principal => $user, Right => 'ShowTemplate' );
 
-    set_ok( Template => $scrip => 2 );
-    is $scrip->TemplateObj->Name, 'Autoreply', 'template name is right';
+    set_ok( Template => $scrip => "Autoreply" );
+    is $scrip->Template, 'Autoreply', 'template name is right';
 }
 
 diag "ModifyTemplate";
@@ -115,12 +122,12 @@ diag "ModifyTemplate";
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate', Object => $qb );
 
-    set_ok( Queue => $template => $qb );
+    set_fails( Queue => $template => $qb );
     set_fails( Queue => $template => 0 );
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate' );
 
-    set_ok( Queue => $template => 0 );
+    set_fails( Queue => $template => 0 );
 }
 
 done_testing;