Added full output test to test-scan.

[nmh] / test / mhshow / test-textcharset

diff --git a/test/mhshow/test-textcharset b/test/mhshow/test-textcharset
index 8bba16959a1714b19a95e3793521befe7899748b..e0b154b9e859ee9a51d0724fac731bbcef474b7c 100755 (executable)
--- a/test/mhshow/test-textcharset
+++ b/test/mhshow/test-textcharset
@@ -305,6 +305,23 @@ EOF
 run_prog mhshow last >"$actual" 2>&1
 check "$expected" "$actual" : parameter value quoting with text following
 
 run_prog mhshow last >"$actual" 2>&1
 check "$expected" "$actual" : parameter value quoting with text following
 

+# check malicious parameter value quoting
+msgfile=`mhpath new`
+msgnum=`basename $msgfile`
+cat >"$msgfile" <<'EOF'
+Subject: shows difficulty of quoting with /bin/sh -c
+MIME-Version: 1.0
+Content-Type: text/html; charset="oops'; echo should not see this!"
+
+EOF
+
+cat >"$expected" <<EOF
+[ part  - text/html -   0B  ]
+EOF
+
+run_prog mhshow -noheader -form mhl.null last 2>&1 | squeeze_whitespace >"$actual"
+check "$expected" "$actual" : malicious parameter value quoting
+

 #
 # test a large file that needs to be converted to UTF-8
 #
 #
 # test a large file that needs to be converted to UTF-8
 #