Permalink
Browse files

Improve msgHTML tests

1 parent d1a7de4 commit 48e8cac06775d2696cbcfe9b950c484926cc9da3 @Synchro Synchro committed Jan 6, 2017
Showing with 29 additions and 0 deletions.
  1. +29 −0 test/phpmailerTest.php
@@ -1010,6 +1010,35 @@ public function testMsgHTML()
$this->assertNotEmpty($this->Mail->AltBody, 'Custom AltBody not set by msgHTML');
$this->assertTrue($this->Mail->send(), $this->Mail->ErrorInfo);
+
+ //Test that local paths without a basedir are ignored
+ $this->Mail->msgHTML('<img src="/etc/hostname">test');
+ $this->assertTrue(strpos($this->Mail->Body, 'src="/etc/hostname"') !== false);
+ //Test that local paths with a basedir are not ignored
+ $this->Mail->msgHTML('<img src="composer.json">test', realpath(self::INCLUDE_DIR));
+ $this->assertTrue(strpos($this->Mail->Body, 'src="composer.json"') === false);
+ //Test that local paths with parent traversal are ignored
+ $this->Mail->msgHTML('<img src="../composer.json">test', realpath(self::INCLUDE_DIR));
+ $this->assertTrue(strpos($this->Mail->Body, 'src="composer.json"') === false);
+ //Test that existing embedded URLs are ignored
+ $this->Mail->msgHTML('<img src="cid:5d41402abc4b2a76b9719d911017c592">test');
+ $this->assertTrue(
+ strpos($this->Mail->Body, 'src="cid:5d41402abc4b2a76b9719d911017c592"') !== false
+ );
+ //Test that absolute URLs are ignored
+ $this->Mail->msgHTML('<img src="https://github.com/PHPMailer/PHPMailer/blob/master/composer.json">test');
+ $this->assertTrue(
+ strpos($this->Mail->Body, 'src="https://github.com/PHPMailer/PHPMailer/blob/master/composer.json"') !== false
+ );
+ //Test that absolute URLs with anonymous/relative protocol are ignored
+ //Note that such URLs will not work in email anyway because they have no protocol to be relative to
+ $this->Mail->msgHTML('<img src="//github.com/PHPMailer/PHPMailer/blob/master/composer.json">test');
+ $this->assertTrue(
+ strpos(
+ $this->Mail->Body,
+ 'src="//github.com/PHPMailer/PHPMailer/blob/master/composer.json"'
+ ) !== false
+ );
}
/**

0 comments on commit 48e8cac

Please sign in to comment.