Prepare 2.5.8 release fixing MODSEC-27.

apache2/t/regression/misc/20-pdf-xss.t

@@ -0,0 +1,54 @@
+# PDF XSS Protection
+
+{
+	type => "misc",
+	comment => "pdf-xss - GET",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+
+		SecPdfProtect On
+		SecPdfProtectMethod TokenRedirection
+		SecPdfProtectSecret FooBar
+		SecPdfProtectTimeout 10
+	),
+	match_log => {
+		debug => [ qr/PdfProtect: PDF request without a token - redirecting to/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
+	),
+},
+{
+	type => "misc",
+	comment => "pdf-xss - POST",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+
+		SecPdfProtect On
+		SecPdfProtectMethod TokenRedirection
+		SecPdfProtectSecret FooBar
+		SecPdfProtectTimeout 10
+	),
+	match_log => {
+		-error => [ qr/exit signal/, 1 ],
+		debug => [ qr/PdfProtect: Not intercepting.*method=POST\/2/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		#  Args
+		"a=1&b=2",
+	),
+},