X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/7e288a9d7941d2d9df94f9ee70e47061f0f36304..f7a2498729e0c642c7c7fb573deee3a35176de44:/test/mhshow/test-textcharset

diff --git a/test/mhshow/test-textcharset b/test/mhshow/test-textcharset
index f8d854fc..e0b154b9 100755
--- a/test/mhshow/test-textcharset
+++ b/test/mhshow/test-textcharset
@@ -20,8 +20,7 @@ if test "$ICONV_ENABLED" -eq 0; then
   test_skip 'test-textcharset requires that nmh have been built with iconv'
 fi
 
-require_locale en_US.utf-8 en_US.utf8
-LC_ALL=en_US.UTF-8; export LC_ALL
+require_locale en_US.UTF-8 en_US.UTF8 en_US.utf-8 en_US.utf8
 
 expected="$MH_TEST_DIR"/$$.expected
 actual="$MH_TEST_DIR"/$$.actual
@@ -306,6 +305,23 @@ EOF
 run_prog mhshow last >"$actual" 2>&1
 check "$expected" "$actual" : parameter value quoting with text following
 
+# check malicious parameter value quoting
+msgfile=`mhpath new`
+msgnum=`basename $msgfile`
+cat >"$msgfile" <<'EOF'
+Subject: shows difficulty of quoting with /bin/sh -c
+MIME-Version: 1.0
+Content-Type: text/html; charset="oops'; echo should not see this!"
+
+EOF
+
+cat >"$expected" <<EOF
+[ part  - text/html -   0B  ]
+EOF
+
+run_prog mhshow -noheader -form mhl.null last 2>&1 | squeeze_whitespace >"$actual"
+check "$expected" "$actual" : malicious parameter value quoting
+
 #
 # test a large file that needs to be converted to UTF-8
 #