summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
authorTim Almdal <tnalmdal@shaw.ca>2009-11-18 10:34:39 -0800
committerTim Almdal <tnalmdal@shaw.ca>2009-11-18 10:34:39 -0800
commit4fe5801c885088e5e6c11b8a20a561415941b864 (patch)
treecf165e7bf32e7782e555f07871ff393ed8e2caeb /modules/gallery
parent3f600d46e44268ef95734249a12d706bdefd87be (diff)
Simplify the maintenance of the xss golden file by having each module contibute its own golden file to a consolidated one. This will make it easier for -contrib modules or themes to be included in the xss security test w/o having to keep modifying a central golden file.
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/tests/Xss_Security_Test.php14
-rw-r--r--modules/gallery/tests/xss_data.txt210
2 files changed, 13 insertions, 211 deletions
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index b296d97c..801db8dd 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -302,8 +302,20 @@ class Xss_Security_Test extends Unit_Test_Case {
*/
$new = TMPPATH . "xss_data.txt";
$fd = fopen($new, "wb");
+ $canonical = TMPPATH . "xss_data_golden.txt";
+ $fd_canonical = fopen($canonical, "wb");
+ $current_type = $current_plugin = "";
ksort($found);
foreach ($found as $view => $frames) {
+ list ($type, $plugin) = explode("/", $view);
+ if ($type != $current_type || $plugin != $current_plugin) {
+ $golden_file = ($type == "modules" ? MODPATH : THEMEPATH) . "{$plugin}/tests/xss_data.txt";
+ if (file_exists($golden_file)) {
+ fwrite($fd_canonical, file_get_contents($golden_file));
+ }
+ $current_type = $type;
+ $current_plugin = $plugin;
+ }
foreach ($frames as $frame) {
$state = "DIRTY";
if ($frame->in_script_block() && $frame->in_href_attribute()) {
@@ -344,9 +356,9 @@ class Xss_Security_Test extends Unit_Test_Case {
}
}
fclose($fd);
+ fclose($fd_canonical);
// Compare with the expected report from our golden file.
- $canonical = MODPATH . "gallery/tests/xss_data.txt";
exec("diff $canonical $new", $output, $return_value);
$this->assert_false(
$return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) );
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 3eaa6561..8814284b 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -1,45 +1,3 @@
-modules/akismet/views/admin_akismet.html.php 16 DIRTY $form
-modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR $api_key
-modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urlencode($blog_url)
-modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd")
-modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true))
-modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created)
-modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render()
-modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id
-modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
-modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url()
-modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url()
-modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75)
-modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created)
-modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 197 DIRTY $pager
-modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id;
-modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
-modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri
-modules/comment/views/comment.mrss.php 13 DIRTY_JS $feed->uri
-modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed->previous_page_uri
-modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri
-modules/comment/views/comment.mrss.php 21 DIRTY $pub_date
-modules/comment/views/comment.mrss.php 22 DIRTY $pub_date
-modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri
-modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date
-modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url
-modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height
-modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width
-modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id
-modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
-modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php")
-modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms)
-modules/digibug/views/digibug_form.html.php 6 DIRTY form::close()
-modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"]
-modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"]
-modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $form
modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even")
modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name
modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity)
@@ -216,171 +174,3 @@ modules/gallery/views/upgrader.html.php 77 DIRTY $modul
modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":""
modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":""
modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected)
-modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url()
-modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
-modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured)
-modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url
-modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url()
-modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url()
-modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url()
-modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url()
-modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url()
-modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url()
-modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url()
-modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url()
-modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf")
-modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf")
-modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf")
-modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__")
-modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree
-modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid
-modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column)
-modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order)
-modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id
-modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id
-modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo"
-modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true)
-modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":""
-modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25))
-modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only"
-modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id
-modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":""
-modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $album->id
-modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child));
-modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only"
-modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id
-modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id
-modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form
-modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key
-modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key
-modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri
-modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri
-modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri
-modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri
-modules/rss/views/feed.mrss.php 21 DIRTY $pub_date
-modules/rss/views/feed.mrss.php 22 DIRTY $pub_date
-modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created);
-modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true)
-modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height
-modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width
-modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true)
-modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height
-modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width
-modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true)
-modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height
-modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width
-modules/rss/views/feed.mrss.php 54 DIRTY_ATTR $child->resize_url(true)
-modules/rss/views/feed.mrss.php 55 DIRTY_ATTR @filesize($child->resize_path())
-modules/rss/views/feed.mrss.php 56 DIRTY_ATTR $child->mime_type
-modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_height
-modules/rss/views/feed.mrss.php 58 DIRTY_ATTR $child->resize_width
-modules/rss/views/feed.mrss.php 62 DIRTY_ATTR $child->file_url(true)
-modules/rss/views/feed.mrss.php 63 DIRTY_ATTR @filesize($child->file_path())
-modules/rss/views/feed.mrss.php 64 DIRTY_ATTR $child->mime_type
-modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->height
-modules/rss/views/feed.mrss.php 66 DIRTY_ATTR $child->width
-modules/rss/views/feed.mrss.php 70 DIRTY_ATTR $child->file_url(true)
-modules/rss/views/feed.mrss.php 71 DIRTY_ATTR @filesize($child->file_path())
-modules/rss/views/feed.mrss.php 72 DIRTY_ATTR $child->height
-modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $child->width
-modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type
-modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url)
-modules/search/views/search.html.php 30 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 31 DIRTY_JS $item->url()
-modules/search/views/search.html.php 32 DIRTY $item->thumb_img()
-modules/search/views/search.html.php 43 DIRTY $theme->paginator()
-modules/server_add/views/admin_server_add.html.php 5 DIRTY $form
-modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id
-modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document"
-modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file"
-modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__")
-modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf")
-modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree
-modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id
-modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count
-modules/tag/views/tag_block.html.php 27 DIRTY $cloud
-modules/tag/views/tag_block.html.php 29 DIRTY $form
-modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7)
-modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count
-modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url()
-modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf")
-modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__")
-modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf")
-modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id
-modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":""
-modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id
-modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true))
-modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login)
-modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id
-modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"")
-modules/user/views/admin_users.html.php 125 DIRTY $v
-modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id
-modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id
-modules/user/views/user_form.html.php 7 DIRTY $form
-modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width
-modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
-modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
-themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head()
-themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu()
-themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php 73 DIRTY $content
-themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar
-themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer()
-themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits()
-themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom()
-themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
-themes/admin_wind/views/block.html.php 5 DIRTY $id
-themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id
-themes/admin_wind/views/block.html.php 13 DIRTY $title
-themes/admin_wind/views/block.html.php 16 DIRTY $content
-themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url)
-themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url)
-themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg
-themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url)
-themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url)
-themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id
-themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class
-themes/wind/views/album.html.php 18 DIRTY_JS $child->url()
-themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail"))
-themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class
-themes/wind/views/album.html.php 24 DIRTY_JS $child->url()
-themes/wind/views/album.html.php 42 DIRTY $theme->paginator()
-themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor
-themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id
-themes/wind/views/block.html.php 6 DIRTY $title
-themes/wind/views/block.html.php 8 DIRTY $content
-themes/wind/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"g-album":""
-themes/wind/views/dynamic.html.php 13 DIRTY_JS $child->url()
-themes/wind/views/dynamic.html.php 14 DIRTY_ATTR $child->id
-themes/wind/views/dynamic.html.php 15 DIRTY_ATTR $child->thumb_url()
-themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $child->thumb_width
-themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height
-themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator()
-themes/wind/views/movie.html.php 5 DIRTY $theme->paginator()
-themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}"))
-themes/wind/views/page.html.php 9 DIRTY $page_title
-themes/wind/views/page.html.php 33 DIRTY_JS $theme->url()
-themes/wind/views/page.html.php 42 DIRTY $new_width
-themes/wind/views/page.html.php 43 DIRTY $new_height
-themes/wind/views/page.html.php 44 DIRTY $thumb_proportion
-themes/wind/views/page.html.php 81 DIRTY $header_text
-themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url()
-themes/wind/views/page.html.php 87 DIRTY $theme->user_menu()
-themes/wind/views/page.html.php 104 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null)
-themes/wind/views/page.html.php 120 DIRTY $content
-themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html")
-themes/wind/views/page.html.php 133 DIRTY $footer_text
-themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url
-themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url
-themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url
-themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url
-themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width
-themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height
-themes/wind/views/photo.html.php 18 DIRTY $theme->paginator()
-themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url()
-themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize"))
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 04:19:00 +0000