Fix a security vulnerability: eval used in quoting display name0.11.0.12

This use of eval allows arbitrary remote code execution on parsing of a maliciously formed email. Two tests are updated to match the behaviour of the new code to return the display name - these introduce extra escaping, so should be innocous.
author: Mark Longair <mhl@pobox.com> 2013-06-17 09:53:29 +0100
committer: Mark Longair <mhl@pobox.com> 2013-06-17 12:25:13 +0100
commit: 64ae21945a69441ad6a58a1069417e7a56cc15f6 (patch)
tree: 33a6d8002327856e290c717a77bdca36ecef5b3a /spec/lib
parent: e31d6252d206afb155d09eb54fb068f7695880d1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/spec/lib/mail_handler/mail_handler_spec.rb b/spec/lib/mail_handler/mail_handler_spec.rb
index 272b56d0b..d6e7ba5d2 100644
--- a/spec/lib/mail_handler/mail_handler_spec.rb
+++ b/spec/lib/mail_handler/mail_handler_spec.rb
@@ -223,7 +223,7 @@ describe 'when deriving a name, email and formatted address from a message from
 
     it 'should quote a name with quotes in it' do
         should_render_from_address('"FOI \" Person" <foiperson@localhost>',
-                                   ['FOI " Person',
+                                   ['FOI \" Person',
                                     'foiperson@localhost',
                                     '"FOI \" Person" <foiperson@localhost>'])
     end
author	Mark Longair <mhl@pobox.com>	2013-06-17 09:53:29 +0100
committer	Mark Longair <mhl@pobox.com>	2013-06-17 12:25:13 +0100
commit	64ae21945a69441ad6a58a1069417e7a56cc15f6 (patch)
tree	33a6d8002327856e290c717a77bdca36ecef5b3a /spec/lib
parent	e31d6252d206afb155d09eb54fb068f7695880d1 (diff)