X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/97d33c31f4d3fdef03610c1652b5e246184e0097..d9b33232b6e3b03d7ff0b67e28e82ee455e00d99:/test/mhshow/test-textcharset?ds=inline

diff --git a/test/mhshow/test-textcharset b/test/mhshow/test-textcharset
index 8bba1695..e0b154b9 100755
--- a/test/mhshow/test-textcharset
+++ b/test/mhshow/test-textcharset
@@ -305,6 +305,23 @@ EOF
 run_prog mhshow last >"$actual" 2>&1
 check "$expected" "$actual" : parameter value quoting with text following
 
+# check malicious parameter value quoting
+msgfile=`mhpath new`
+msgnum=`basename $msgfile`
+cat >"$msgfile" <<'EOF'
+Subject: shows difficulty of quoting with /bin/sh -c
+MIME-Version: 1.0
+Content-Type: text/html; charset="oops'; echo should not see this!"
+
+EOF
+
+cat >"$expected" <<EOF
+[ part  - text/html -   0B  ]
+EOF
+
+run_prog mhshow -noheader -form mhl.null last 2>&1 | squeeze_whitespace >"$actual"
+check "$expected" "$actual" : malicious parameter value quoting
+
 #
 # test a large file that needs to be converted to UTF-8
 #