diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 07:25:49 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 07:25:49 -0700 |
| commit | 22aa0b3092458d6de77837be45721f2722b8d5e0 (patch) | |
| tree | 59c6e57532717b2757c64097e9300ccba3b0ef3b /modules/gallery/tests/Xss_Security_Test.php | |
| parent | effccfd41d2618cfd41ce6db0834c2298fdb42d8 (diff) | |
Add $theme-> methods to Xss whitelist for HTML safety.
Updating XSS golden file.
Diffstat (limited to 'modules/gallery/tests/Xss_Security_Test.php')
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 16e5a856..b385580d 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -96,6 +96,43 @@ class Xss_Security_Test extends Unit_Test_Case { $frame = null; } else if ($frame && $token[0] == T_VARIABLE) { $frame->expr_append($token[1]); + if ($token[1] == '$theme') { + if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("thumb_proportion", "site_menu", "album_menu", "tag_menu", "photo_menu", + "context_menu", "pager", "site_status", "messages", "album_blocks", + "album_bottom", "album_top", "body_attributes", "credits", + "dynamic_bottom", "dynamic_top", "footer", "head", "header_bottom", + "header_top", "page_bottom", "page_top", "photo_blocks", "photo_bottom", + "photo_top", "resize_bottom", "resize_top", "sidebar_blocks", "sidebar_bottom", + "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + + $frame->is_safe_html(true); + } else if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("css", "script", "url")) && + self::_token_matches("(", $tokens, $token_number + 3) && + // Only allow constant strings here + self::_token_matches(array(T_CONSTANT_ENCAPSED_STRING), $tokens, $token_number + 4)) { + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); + + $token_number += 4; + $token = $tokens[$token_number]; + + $frame->is_safe_html(true); + } + } } else if ($frame && $token[0] == T_STRING) { $frame->expr_append($token[1]); // t() and t2() are special in that they're guaranteed to return a SafeString(). |