From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 10 Feb 2014 17:44:09 +0000 (+0100)
Subject: Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)
X-Git-Tag: bugzilla-4.5.3~79
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcb9385d13ce2671702323f5b1a90c4d61dcc995;p=thirdparty%2Fbugzilla.git

Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)
r=dkl a=glob
---

diff --git a/t/004template.t b/t/004template.t
index 298bb52c06..604559dc0b 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -20,7 +20,7 @@ use CGI qw(-no_debug);
 
 use File::Spec;
 use Template;
-use Test::More tests => ( scalar(@referenced_files) + $num_actual_files );
+use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files );
 
 # Capture the TESTOUT from Test::More or Test::Builder for printing errors.
 # This will handle verbosity for us automatically.
@@ -104,6 +104,20 @@ foreach my $include_path (@include_paths) {
             ok(0, "$path has bad syntax --ERROR");
             print $fh $data . "\n";
         }
+
+        # Make sure no forbidden constructs are present.
+        local $/;
+        open(FILE, '<', $path) or die "Can't open $file: $!\n";
+        $data = <FILE>;
+        close (FILE);
+
+        # Forbid single quotes to delimit URLs, see bug 926085.
+        if ($data =~ /href=\\?'/) {
+            ok(0, "$path contains blacklisted constructs: href='...'");
+        }
+        else {
+            ok(1, "$path contains no blacklisted constructs");
+        }
     }
 }