<testcase> <info> <keywords> HTTP HTTP GET followlocation </keywords> </info> # # Server-side <reply> <data> HTTP/1.1 302 OK swsclose Location: ../../../../../../../%TESTNUMBER0002 Date: Tue, 09 Nov 2010 14:50:00 GMT Connection: close </data> <data2> HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Tue, 09 Nov 2010 14:50:00 GMT Connection: close body </data2> <datacheck> HTTP/1.1 302 OK swsclose Location: ../../../../../../../%TESTNUMBER0002 Date: Tue, 09 Nov 2010 14:50:00 GMT Connection: close HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Tue, 09 Nov 2010 14:50:00 GMT Connection: close body </datacheck> </reply> # # Client-side <client> <server> http </server> <name> HTTP follow redirect with excessive ../ </name> <command> http://%HOSTIP:%HTTPPORT/we/are/all/twits/%TESTNUMBER -L </command> </client> # # Verify data after the test has been "shot" <verify> <protocol> GET /we/are/all/twits/%TESTNUMBER HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* GET /%TESTNUMBER0002 HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* </protocol> </verify> </testcase>