<testcase> <info> <keywords> HTTP HTTP GET followlocation </keywords> </info> # # Server-side <reply> <data> HTTP/1.1 302 OK swsclose Location: ../../../../../../../510002 Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close </data> <data2> HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close body </data2> <datacheck> HTTP/1.1 302 OK swsclose Location: ../../../../../../../510002 Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close body </datacheck> </reply> # # Client-side <client> <server> http </server> <name> HTTP follow redirect with exessive ../ </name> <command> http://%HOSTIP:%HTTPPORT/we/are/all/twits/51 -L </command> </client> # # Verify data after the test has been "shot" <verify> <strip> ^User-Agent:.* </strip> <protocol> GET /we/are/all/twits/51 HTTP/1.1 Host: 127.0.0.1:%HTTPPORT Accept: */* GET /510002 HTTP/1.1 User-Agent: curl/7.10 (i686-pc-linux-gnu) libcurl/7.10 OpenSSL/0.9.6c ipv6 zlib/1.1.3 Host: 127.0.0.1:%HTTPPORT Accept: */* </protocol> </verify> </testcase>