Add test for user input in string interpolation

because there's an error when string interpolation has more than one
expression inside.

test/apps/rails3.1/app/controllers/other_controller.rb

@@ -36,4 +36,9 @@ class OtherController < ApplicationController
     @b = params[:badder!]
     render :test_partial
   end
+
+  def test_string_interp
+    @user = User.find(current_user)
+    @greeting = "Hello, #{greeted += 1; @user.name}!"
+  end
 end

test/apps/rails3.1/app/views/other/test_string_interp.html.erb

+<%= raw @greeting %>

test/apps/rails3.1/config/routes.rb

@@ -15,6 +15,7 @@ Rails31::Application.routes.draw do
     put 'dee', :to => :d
     get 'test_partial1'
     get 'test_partial2'
+    get 'test_string_interp'
   end
 
   match 'e', :to => 'other#e', :as => 'eeeee'

test/tests/test_rails31.rb

@@ -13,7 +13,7 @@ class Rails31Tests < Test::Unit::TestCase
   def expected
     @expected ||= {
       :model => 0,
-      :template => 14,
+      :template => 15,
       :controller => 1,
       :warning => 48 }
   end
@@ -527,6 +527,15 @@ class Rails31Tests < Test::Unit::TestCase
       :file => /\/g\.html\.erb/
   end
 
+  def test_xss_multiple_exp_in_string_interpolation
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :line => 1,
+      :message => /^Unescaped\ model\ attribute/,
+      :confidence => 0,
+      :file => /test_string_interp\.html\.erb/
+  end
+
   def test_cross_site_scripting_select_tag_CVE_2012_3463
     assert_warning :type => :template,
       :warning_type => "Cross Site Scripting",