Permalink
Browse files

Correct test for leading newline injection

    Also, simplify tests for blow-ups.
  • Loading branch information...
1 parent 77b3b20 commit 64160e6d92426dbc2e1d2dc782e970f310dd2cf8 @markstos committed Dec 24, 2010
Showing with 7 additions and 12 deletions.
  1. +7 −12 t/headers.t
View
@@ -16,30 +16,25 @@ my $cgi = CGI->new;
like $cgi->header( -type => "text/html" ),
qr#Type: text/html#, 'known header, basic case: type => "text/html"';
-eval { like $cgi->header( -type => "text/html".$CGI::CRLF."evil: stuff" ),
- qr#Type: text/html evil: stuff#, 'known header'; };
+eval { $cgi->header( -type => "text/html".$CGI::CRLF."evil: stuff" ) };
like($@,qr/contains a newline/,'invalid header blows up');
like $cgi->header( -type => "text/html".$CGI::CRLF." evil: stuff " ),
qr#Content-Type: text/html evil: stuff#, 'known header, with leading and trailing whitespace on the continuation line';
-eval { like $cgi->header( -foobar => "text/html".$CGI::CRLF."evil: stuff" ),
- qr#Foobar: text/htmlevil: stuff#, 'unknown header'; };
+eval { $cgi->header( -foobar => "text/html".$CGI::CRLF."evil: stuff" ) };
like($@,qr/contains a newline/,'unknown header with CRLF embedded blows up');
-like $cgi->header( -foobar => "Content-type: evil/header" ),
- qr#^Foobar: Content-type: evil/header#m, 'unknown header with leading newlines';
+eval { $cgi->header( -foobar => $CGI::CRLF."Content-type: evil/header" ) };
+like($@,qr/contains a newline/, 'unknown header with leading newlines blows up');
-eval { like $cgi->redirect( -type => "text/html".$CGI::CRLF."evil: stuff" ),
- qr#Type: text/htmlevil: stuff#, 'redirect w/ known header'; };
+eval { $cgi->redirect( -type => "text/html".$CGI::CRLF."evil: stuff" ) };
like($@,qr/contains a newline/,'redirect with known header with CRLF embedded blows up');
-eval { like $cgi->redirect( -foobar => "text/html".$CGI::CRLF."evil: stuff" ),
- qr#Foobar: text/htmlevil: stuff#, 'redirect w/ unknown header'; };
+eval { $cgi->redirect( -foobar => "text/html".$CGI::CRLF."evil: stuff" ) };
like($@,qr/contains a newline/,'redirect with unknown header with CRLF embedded blows up');
-eval { like $cgi->redirect( $CGI::CRLF.$CGI::CRLF."Content-Type: text/html"),
- qr#Location: Content-Type#, 'redirect w/ leading newline '; };
+eval { $cgi->redirect( $CGI::CRLF.$CGI::CRLF."Content-Type: text/html") };
like($@,qr/contains a newline/,'redirect with leading newlines blows up');
{

0 comments on commit 64160e6

Please sign in to comment.