projects / freeside.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
RT 4.0.22
[freeside.git] / rt / t / security / CVE-2011-5092-graph-links.t
diff --git a/rt/t/security/CVE-2011-5092-graph-links.t b/rt/t/security/CVE-2011-5092-graph-links.t
new file mode 100644 (file)
index 0000000..5e98dd3
--- /dev/null
+++ b/rt/t/security/CVE-2011-5092-graph-links.t
@@ -0,0 +1,27 @@
+use strict;
+use warnings;
+
+use RT::Test tests => undef;
+
+my ($base, $m) = RT::Test->started_ok;
+$m->login;
+
+for my $arg (qw(LeadingLink ShowLinks)) {
+    my $ticket = RT::Test->create_ticket(
+        Queue   => 'General',
+        Subject => 'testing',
+    );
+    ok $ticket->id, 'created ticket';
+
+    ok !$ticket->ToldObj->Unix, 'no Told';
+    $m->get_ok("$base/Ticket/Graphs/index.html?$arg=SetTold;id=" . $ticket->id);
+
+    $ticket->Load($ticket->id); # cache busting
+
+    ok !$ticket->ToldObj->Unix, 'still no Told';
+    $m->content_lacks('GotoFirstItem', 'no GotoFirstItem error');
+    $m->content_like(qr|<img[^>]+?src=['"]/Ticket/Graphs/@{[$ticket->id]}|, 'found image element');
+}
+
+undef $m;
+done_testing;
Freeside billing, trouble ticketing, network monitoring and provisioning