| <testcase> |
| <info> |
| # verify that dotdot removal can be disabled! |
| <keywords> |
| HTTP |
| HTTP GET |
| HTTP proxy |
| </keywords> |
| </info> |
| |
| # |
| # Server-side |
| <reply> |
| <data> |
| HTTP/1.1 200 OK |
| Content-Length: 6 |
| Connection: close |
| |
| -foo- |
| </data> |
| |
| <data1> |
| HTTP/1.1 200 OK |
| Content-Length: 7 |
| Connection: close |
| |
| -cool- |
| </data1> |
| </reply> |
| |
| # |
| # Client-side |
| <client> |
| <server> |
| http |
| </server> |
| <name> |
| HTTP _without_ dotdot removal |
| </name> |
| <command> |
| --path-as-is --proxy http://%HOSTIP:%HTTPPORT http://test.remote.haxx.se.%TESTNUMBER:8990/../../hej/but/who/../%TESTNUMBER?stupid=me/../%TESTNUMBER#soo/../%TESTNUMBER http://test.remote.haxx.se.%TESTNUMBER:8990/../../hej/but/who/../%TESTNUMBER0001#/../%TESTNUMBER0001 |
| </command> |
| <features> |
| proxy |
| </features> |
| </client> |
| |
| # |
| # Verify data after the test has been "shot" |
| <verify> |
| <protocol> |
| GET http://test.remote.haxx.se.%TESTNUMBER:8990/../../hej/but/who/../%TESTNUMBER?stupid=me/../%TESTNUMBER HTTP/1.1
|
| Host: test.remote.haxx.se.%TESTNUMBER:8990
|
| User-Agent: curl/%VERSION
|
| Accept: */*
|
| Proxy-Connection: Keep-Alive
|
|
|
| GET http://test.remote.haxx.se.%TESTNUMBER:8990/../../hej/but/who/../%TESTNUMBER0001 HTTP/1.1
|
| Host: test.remote.haxx.se.%TESTNUMBER:8990
|
| User-Agent: curl/%VERSION
|
| Accept: */*
|
| Proxy-Connection: Keep-Alive
|
|
|
| </protocol> |
| </verify> |
| </testcase> |
