summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/tests')
-rw-r--r--modules/gallery/tests/Xss_Security_Test.php4
-rw-r--r--modules/gallery/tests/xss_data.txt30
2 files changed, 26 insertions, 8 deletions
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index 7a6589bd..85624517 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -66,7 +66,7 @@ class Xss_Security_Test extends Unit_Test_Case {
// of opening / closing tag count since it would be meaningless.
// Handle multiple start / end blocks on the same line?
- $opening_script_pos = $closing_script_pos = 0;
+ $opening_script_pos = $closing_script_pos = -1;
if (preg_match_all('{</script>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) {
$last_match = array_pop($matches[0]);
if (is_array($last_match)) {
@@ -75,7 +75,7 @@ class Xss_Security_Test extends Unit_Test_Case {
$closing_script_pos = $last_match;
}
}
- if (preg_match('{<script\b[^>]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) {
+ if (preg_match_all('{<script\b[^>]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) {
$last_match = array_pop($matches[0]);
if (is_array($last_match)) {
$opening_script_pos = $last_match[1];
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index fa1f8cdf..7e536e90 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -50,7 +50,7 @@ modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry
modules/gallery/views/admin_block_news.html.php 7 DIRTY text::limit_words(strip_tags($entry["description"]),25);
modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72)
modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY_ATTR $photo->thumb_url()
-modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf
+modules/gallery/views/admin_dashboard.html.php 5 DIRTY_JS $csrf
modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks
modules/gallery/views/admin_graphics.html.php 22 DIRTY newView("admin_graphics_none.html")
modules/gallery/views/admin_graphics.html.php 24 DIRTY newView("admin_graphics_$active.html",array("tk"=>$tk->$active,"is_active"=>true))
@@ -88,6 +88,7 @@ modules/gallery/views/admin_maintenance.html.php 146 DIRTY_ATTR $tas
modules/gallery/views/admin_maintenance.html.php 147 DIRTY gallery::date_time($task->updated)
modules/gallery/views/admin_maintenance.html.php 150 DIRTY $task->name
modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->status
+modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name
modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name
modules/gallery/views/admin_modules.html.php 9 DIRTY access::csrf_form_field()
@@ -95,7 +96,8 @@ modules/gallery/views/admin_modules.html.php 19 DIRTY_ATTR ($i%
modules/gallery/views/admin_modules.html.php 22 DIRTY form::checkbox($data,'1',module::is_active($module_name))
modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version
modules/gallery/views/admin_theme_options.html.php 5 DIRTY $form
-modules/gallery/views/admin_themes.html.php 5 DIRTY $csrf
+modules/gallery/views/admin_themes.html.php 3 DIRTY_JS url::site("admin/themes/choose")
+modules/gallery/views/admin_themes.html.php 5 DIRTY_JS $csrf
modules/gallery/views/admin_themes.html.php 20 DIRTY $themes[$site]->name
modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->description
modules/gallery/views/admin_themes.html.php 36 DIRTY $info->name
@@ -123,6 +125,7 @@ modules/gallery/views/l10n_client.html.php 58 DIRTY form::
modules/gallery/views/l10n_client.html.php 62 DIRTY form::textarea("l10n-edit-plural-translation-many","",' rows="2"')
modules/gallery/views/l10n_client.html.php 67 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"')
modules/gallery/views/maintenance.html.php 46 DIRTY user::get_login_form("login/auth_html")
+modules/gallery/views/move_browse.html.php 4 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__")
modules/gallery/views/move_browse.html.php 39 DIRTY $tree
modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field()
modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25);
@@ -134,7 +137,11 @@ modules/gallery/views/move_tree.html.php 11 DIRTY $child
modules/gallery/views/move_tree.html.php 13 DIRTY_JS $child->id
modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child->id
modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs)
-modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs["id"]
+modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"]
+modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf")
+modules/gallery/views/movieplayer.html.php 13 DIRTY_JS url::abs_file("lib/flowplayer.h264streaming.swf")
+modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__")
+modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf")
modules/gallery/views/permissions_browse.html.php 41 DIRTY_ATTR $parent->id
modules/gallery/views/permissions_browse.html.php 42 DIRTY_JS $parent->id
modules/gallery/views/permissions_browse.html.php 47 DIRTY_ATTR $item->id
@@ -181,6 +188,10 @@ modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item-
modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(),true)
modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->url(array(),true)
modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(),true)
+modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__")
modules/organize/views/organize_dialog.html.php 22 DIRTY $album_tree
modules/organize/views/organize_dialog.html.php 29 DIRTY $micro_thumb_grid
modules/organize/views/organize_dialog.html.php 37 DIRTY form::dropdown(array("id"=>"gOrganizeSortColumn"),album::get_sort_order_options(),$album->sort_column)
@@ -189,6 +200,7 @@ modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $chi
modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id
modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"gAlbum":"gPhoto"
modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"gThumbnail","ref"=>$child->id),90,true)
+modules/organize/views/organize_thumb_grid.html.php 14 DIRTY_JS url::site("organize/content/$album->id/".($offset+25))
modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"gViewOnly"
modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id
modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":""
@@ -198,8 +210,8 @@ modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR acce
modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id
modules/organize/views/organize_tree.html.php 19 DIRTY_ATTR $child->id
modules/recaptcha/views/admin_recaptcha.html.php 10 DIRTY $form
-modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY $public_key
-modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY $public_key
+modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key
+modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key
modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri
modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri
modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri
@@ -239,14 +251,19 @@ modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id
modules/server_add/views/admin_server_add.html.php 24 DIRTY $form
modules/server_add/views/server_add_tree.html.php 12 DIRTY_JS html::js_string($dir)
modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document"
+modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__")
+modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf")
modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree
-modules/tag/views/admin_tags.html.php 13 DIRTY $csrf
+modules/tag/views/admin_tags.html.php 13 DIRTY_JS $csrf
modules/tag/views/admin_tags.html.php 50 DIRTY_ATTR $tag->id
modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count
modules/tag/views/tag_block.html.php 15 DIRTY $cloud
modules/tag/views/tag_block.html.php 17 DIRTY $form
modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7)
modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count
+modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf")
+modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__")
+modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf")
modules/user/views/admin_users.html.php 67 DIRTY_ATTR $user->id
modules/user/views/admin_users.html.php 67 DIRTY_ATTR text::alternate("gOddRow","gEvenRow")
modules/user/views/admin_users.html.php 67 DIRTY_ATTR $user->admin?"admin":""
@@ -258,6 +275,7 @@ modules/user/views/admin_users.html.php 121 DIRTY_ATTR ($gr
modules/user/views/admin_users.html.php 123 DIRTY $v
modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id
modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id
+modules/user/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset")
modules/user/views/login_ajax.html.php 37 DIRTY $form
modules/watermark/views/admin_watermarks.html.php 19 DIRTY_ATTR $width
modules/watermark/views/admin_watermarks.html.php 19 DIRTY_ATTR $height
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 18:51:16 +0000