From 05bc6eb40a552355ab862e3db9171d5335deb751 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 8 Sep 2017 14:25:52 +0000
Subject: merge revision(s) 59584: [Backport #13850]

	REXML: Fix a bug that unexpected methods can be called as a XPath function

	[HackerOne:249295]

	Reported by Andrea Jegher. Thanks!!!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59782 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/rexml/test_functions.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'test')

diff --git a/test/rexml/test_functions.rb b/test/rexml/test_functions.rb
index 5ac823dd8f..a77be38cc1 100644
--- a/test/rexml/test_functions.rb
+++ b/test/rexml/test_functions.rb
@@ -221,5 +221,18 @@ module REXMLTests
       m = REXML::XPath.match(doc, "//comment()[#{predicate}]")
       assert_equal( [REXML::Comment.new("COMMENT A")], m )
     end
+
+    def test_unregistered_method
+      doc = Document.new("<root/>")
+      assert_nil(XPath::first(doc.root, "to_s()"))
+    end
+
+    def test_nonexistent_function
+      doc = Document.new("<root><nonexistent/></root>")
+      # TODO: Maybe, this is not XPath spec behavior.
+      # This behavior must be reconsidered.
+      assert_equal(doc.root.elements[1],
+                   XPath::first(doc.root, "nonexistent()"))
+    end
   end
 end
-- 
cgit v1.2.3