rt/t/security/CVE-2011-5092-graph-links.t

   1 use strict;
   2 use warnings;
   3
   4 use RT::Test tests => undef;
   5
   6 my ($base, $m) = RT::Test->started_ok;
   7 $m->login;
   8
   9 for my $arg (qw(LeadingLink ShowLinks)) {
  10     my $ticket = RT::Test->create_ticket(
  11         Queue   => 'General',
  12         Subject => 'testing',
  13     );
  14     ok $ticket->id, 'created ticket';
  15
  16     ok !$ticket->ToldObj->Unix, 'no Told';
  17     $m->get_ok("$base/Ticket/Graphs/index.html?$arg=SetTold;id=" . $ticket->id);
  18
  19     $ticket->Load($ticket->id); # cache busting
  20
  21     ok !$ticket->ToldObj->Unix, 'still no Told';
  22     $m->content_lacks('GotoFirstItem', 'no GotoFirstItem error');
  23     $m->content_like(qr|<img[^>]+?src=['"]/Ticket/Graphs/@{[$ticket->id]}|, 'found image element');
  24 }
  25
  26 undef $m;
  27 done_testing;