1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Description: test for Fix CVS-2010-4410
Always check for CRLF in supplied header values and require that CRLF
is followed by a whitespace, in which case the CRLF is stripped.
Die if CRLF is followed by non-whitespace character.
Bug-Debian: http://bugs.debian.org/606379
Author: Damyan Ivanov <dmn@debian.org>
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=64160
--- /dev/null
+++ b/t/120.header-crlf.t
@@ -0,0 +1,20 @@
+use strict;
+use Test::More tests => 2;
+use Test::Exception;
+use CGI::Simple;
+
+my $cgi = CGI::Simple->new;
+
+my $CRLF = $cgi->crlf;
+
+is( $cgi->header( '-Test' => "test$CRLF part" ),
+ "Test: test part"
+ . $CRLF
+ . 'Content-Type: text/html; charset=ISO-8859-1'
+ . $CRLF
+ . $CRLF
+);
+
+throws_ok { $cgi->header( '-Test' => "test$CRLF$CRLF part" ) }
+qr/Invalid header value contains a newline not followed by whitespace:/,
+ 'invalid CRLF caught';
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -11,6 +11,7 @@
PL_FILES => {},
PREREQ_PM => {
'Test::More' => 0,
+ 'Test::Exception' => 0,
'IO::Scalar' => 0
},
dist => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', },
|
