summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/tests')
-rw-r--r--modules/gallery/tests/File_Proxy_Controller_Test.php2
-rw-r--r--modules/gallery/tests/Html_Helper_Test.php2
-rw-r--r--modules/gallery/tests/Item_Helper_Test.php159
-rw-r--r--modules/gallery/tests/Item_Model_Test.php119
-rw-r--r--modules/gallery/tests/Legal_File_Helper_Test.php32
-rw-r--r--modules/gallery/tests/Movie_Helper_Test.php3
-rw-r--r--modules/gallery/tests/Photo_Helper_Test.php3
-rw-r--r--modules/gallery/tests/SafeString_Test.php4
-rw-r--r--modules/gallery/tests/controller_auth_data.txt1
-rw-r--r--modules/gallery/tests/xss_data.txt133
10 files changed, 369 insertions, 89 deletions
diff --git a/modules/gallery/tests/File_Proxy_Controller_Test.php b/modules/gallery/tests/File_Proxy_Controller_Test.php
index 562100e4..06068d62 100644
--- a/modules/gallery/tests/File_Proxy_Controller_Test.php
+++ b/modules/gallery/tests/File_Proxy_Controller_Test.php
@@ -66,7 +66,7 @@ class File_Proxy_Controller_Test extends Gallery_Unit_Test_Case {
public function movie_thumbnails_are_jpgs_test() {
$movie = test::random_movie();
$name = legal_file::change_extension($movie->name, "jpg");
- $_SERVER["REQUEST_URI"] = url::file("var/thumbs/{$movie->name}");
+ $_SERVER["REQUEST_URI"] = url::file("var/thumbs/$name");
$controller = new File_Proxy_Controller();
$this->assert_same($movie->thumb_path(), $controller->__call("", array()));
}
diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php
index 476faa5a..4643e6fd 100644
--- a/modules/gallery/tests/Html_Helper_Test.php
+++ b/modules/gallery/tests/Html_Helper_Test.php
@@ -27,7 +27,7 @@ class Html_Helper_Test extends Gallery_Unit_Test_Case {
public function purify_test() {
$safe_string = html::purify("hello <p >world</p>");
- $expected = method_exists("purifier", "purify")
+ $expected = (class_exists("purifier") && method_exists("purifier", "purify"))
? "hello <p>world</p>"
: "hello &lt;p &gt;world&lt;/p&gt;";
$this->assert_equal($expected, $safe_string->unescaped());
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index f5b99bec..f4995c53 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -164,11 +164,9 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case {
$this->assert_same(item::root()->id, item::find_by_path("")->id);
// Verify that we don't get confused by the part names, using the fallback code.
- db::build()
- ->update("items")
- ->set(array("relative_path_cache" => null))
- ->where("id", "IN", array($level3->id, $level3b->id))
- ->execute();
+ self::_remove_relative_path_caches();
+ self::_remove_relative_path_caches();
+
$this->assert_same(
$level3->id,
item::find_by_path("{$level1->name}/{$level2->name}/{$level3->name}")->id);
@@ -180,11 +178,154 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case {
// Verify that we don't get false positives
$this->assert_false(
item::find_by_path("foo/bar/baz")->loaded());
+ }
- // Verify that the fallback code works
- $this->assert_same(
- $level3b->id,
- item::find_by_path("{$level1->name}/{$level2b->name}/{$level3b->name}")->id);
+ public function find_by_path_with_jpg_test() {
+ $parent = test::random_album();
+ $jpg = test::random_photo($parent);
+
+ $jpg_path = "{$parent->name}/{$jpg->name}";
+ $flv_path = legal_file::change_extension($jpg_path, "flv");
+
+ // Check normal operation.
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "albums")->id);
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "resizes")->id);
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "thumbs")->id);
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path)->id);
+
+ // Check that we don't get false positives.
+ $this->assert_equal(null, item::find_by_path($flv_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "resizes")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path)->id);
+
+ // Check normal operation without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "albums")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "resizes")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path, "thumbs")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($jpg->id, item::find_by_path($jpg_path)->id);
+
+ // Check that we don't get false positives without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal(null, item::find_by_path($flv_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "resizes")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path)->id);
+ }
+
+ public function find_by_path_with_png_test() {
+ $parent = test::random_album();
+ $png = test::random_photo_unsaved($parent);
+ $png->set_data_file(MODPATH . "gallery/images/graphicsmagick.png");
+ $png->save();
+
+ $png_path = "{$parent->name}/{$png->name}";
+ $jpg_path = legal_file::change_extension($png_path, "jpg");
+
+ // Check normal operation.
+ $this->assert_equal($png->id, item::find_by_path($png_path, "albums")->id);
+ $this->assert_equal($png->id, item::find_by_path($png_path, "resizes")->id);
+ $this->assert_equal($png->id, item::find_by_path($png_path, "thumbs")->id);
+ $this->assert_equal($png->id, item::find_by_path($png_path)->id);
+
+ // Check that we don't get false positives.
+ $this->assert_equal(null, item::find_by_path($jpg_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path, "resizes")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path)->id);
+
+ // Check normal operation without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal($png->id, item::find_by_path($png_path, "albums")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($png->id, item::find_by_path($png_path, "resizes")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($png->id, item::find_by_path($png_path, "thumbs")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($png->id, item::find_by_path($png_path)->id);
+
+ // Check that we don't get false positives without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal(null, item::find_by_path($jpg_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path, "resizes")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path)->id);
+ }
+
+ public function find_by_path_with_flv_test() {
+ $parent = test::random_album();
+ $flv = test::random_movie($parent);
+
+ $flv_path = "{$parent->name}/{$flv->name}";
+ $jpg_path = legal_file::change_extension($flv_path, "jpg");
+
+ // Check normal operation.
+ $this->assert_equal($flv->id, item::find_by_path($flv_path, "albums")->id);
+ $this->assert_equal($flv->id, item::find_by_path($jpg_path, "thumbs")->id);
+ $this->assert_equal($flv->id, item::find_by_path($flv_path)->id);
+
+ // Check that we don't get false positives.
+ $this->assert_equal(null, item::find_by_path($jpg_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path)->id);
+
+ // Check normal operation without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal($flv->id, item::find_by_path($flv_path, "albums")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($flv->id, item::find_by_path($jpg_path, "thumbs")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($flv->id, item::find_by_path($flv_path)->id);
+
+ // Check that we don't get false positives without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal(null, item::find_by_path($jpg_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($flv_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($jpg_path)->id);
+ }
+
+ public function find_by_path_with_album_test() {
+ $parent = test::random_album();
+ $album = test::random_movie($parent);
+
+ $album_path = "{$parent->name}/{$album->name}";
+ $thumb_path = "{$album_path}/.album.jpg";
+
+ // Check normal operation.
+ $this->assert_equal($album->id, item::find_by_path($album_path, "albums")->id);
+ $this->assert_equal($album->id, item::find_by_path($thumb_path, "thumbs")->id);
+ $this->assert_equal($album->id, item::find_by_path($album_path)->id);
+
+ // Check that we don't get false positives.
+ $this->assert_equal(null, item::find_by_path($thumb_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($album_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($thumb_path)->id);
+
+ // Check normal operation without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal($album->id, item::find_by_path($album_path, "albums")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($album->id, item::find_by_path($thumb_path, "thumbs")->id);
+ self::_remove_relative_path_caches();
+ $this->assert_equal($album->id, item::find_by_path($album_path)->id);
+
+ // Check that we don't get false positives without relative path cache.
+ self::_remove_relative_path_caches();
+ $this->assert_equal(null, item::find_by_path($thumb_path, "albums")->id);
+ $this->assert_equal(null, item::find_by_path($album_path, "thumbs")->id);
+ $this->assert_equal(null, item::find_by_path($thumb_path)->id);
+ }
+
+ private function _remove_relative_path_caches() {
+ // This gets used *many* times in the find_by_path tests above to check the fallback code.
+ db::build()
+ ->update("items")
+ ->set("relative_path_cache", null)
+ ->execute();
}
public function find_by_relative_url_test() {
diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php
index fcb5c2ad..b6849413 100644
--- a/modules/gallery/tests/Item_Model_Test.php
+++ b/modules/gallery/tests/Item_Model_Test.php
@@ -124,11 +124,124 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$this->assert_equal($fullsize_file, file_get_contents($photo->file_path()));
}
- public function item_rename_wont_accept_slash_test() {
- $item = test::random_photo();
+ public function photo_rename_wont_accept_slash_test() {
+ $item = test::random_photo_unsaved();
$item->name = "/no_slashes/allowed/";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_slashes", $errors["name"]);
+ }
+ // Should be corrected on save.
$item->save();
$this->assert_equal("no_slashes_allowed.jpg", $item->name);
+ // Should be corrected on update.
+ $item->name = "/no_slashes/allowed/";
+ $item->save();
+ $this->assert_equal("no_slashes_allowed.jpg", $item->name);
+ }
+
+ public function photo_rename_wont_accept_backslash_test() {
+ $item = test::random_photo_unsaved();
+ $item->name = "\\no_backslashes\\allowed\\";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_backslashes", $errors["name"]);
+ }
+ // Should be corrected on save.
+ $item->save();
+ $this->assert_equal("no_backslashes_allowed.jpg", $item->name);
+ // Should be corrected on update.
+ $item->name = "\\no_backslashes\\allowed\\";
+ $item->save();
+ $this->assert_equal("no_backslashes_allowed.jpg", $item->name);
+ }
+
+ public function photo_rename_wont_accept_trailing_period_test() {
+ $item = test::random_photo_unsaved();
+ $item->name = "no_trailing_period_allowed.";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_trailing_period", $errors["name"]);
+ }
+ // Should be corrected on save.
+ $item->save();
+ $this->assert_equal("no_trailing_period_allowed.jpg", $item->name);
+ // Should be corrected on update.
+ $item->name = "no_trailing_period_allowed.";
+ $item->save();
+ $this->assert_equal("no_trailing_period_allowed.jpg", $item->name);
+ }
+
+ public function album_rename_wont_accept_slash_test() {
+ $item = test::random_album_unsaved();
+ $item->name = "/no_album_slashes/allowed/";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_slashes", $errors["name"]);
+ }
+ // Should be corrected on save.
+ $item->save();
+ $this->assert_equal("no_album_slashes_allowed", $item->name);
+ // Should be corrected on update.
+ $item->name = "/no_album_slashes/allowed/";
+ $item->save();
+ $this->assert_equal("no_album_slashes_allowed", $item->name);
+ }
+
+ public function album_rename_wont_accept_backslash_test() {
+ $item = test::random_album_unsaved();
+ $item->name = "\\no_album_backslashes\\allowed\\";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_backslashes", $errors["name"]);
+ }
+ // Should be corrected on save.
+ $item->save();
+ $this->assert_equal("no_album_backslashes_allowed", $item->name);
+ // Should be corrected on update.
+ $item->name = "\\no_album_backslashes\\allowed\\";
+ $item->save();
+ $this->assert_equal("no_album_backslashes_allowed", $item->name);
+ }
+
+ public function album_rename_wont_accept_trailing_period_test() {
+ $item = test::random_album_unsaved();
+ $item->name = ".no_trailing_period.allowed.";
+ // Should fail on validate.
+ try {
+ $item->validate();
+ $this->assert_true(false, "Shouldn't get here");
+ } catch (ORM_Validation_Exception $e) {
+ $errors = $e->validation->errors();
+ $this->assert_same("no_trailing_period", $errors["name"]);
+ }
+ // Should be corrected on save.
+ $item->save();
+ $this->assert_equal(".no_trailing_period.allowed", $item->name);
+ // Should be corrected on update.
+ $item->name = ".no_trailing_period.allowed.";
+ $item->save();
+ $this->assert_equal(".no_trailing_period.allowed", $item->name);
}
public function move_album_test() {
@@ -362,6 +475,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$response = item::root()->as_restful_array();
$this->assert_true($response["can_edit"]);
+ access::deny(identity::everybody(), "edit", item::root());
identity::set_active_user(identity::guest());
$response = item::root()->as_restful_array();
$this->assert_false($response["can_edit"]);
@@ -371,6 +485,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
$response = item::root()->as_restful_array();
$this->assert_true($response["can_add"]);
+ access::deny(identity::everybody(), "add", item::root());
identity::set_active_user(identity::guest());
$response = item::root()->as_restful_array();
$this->assert_false($response["can_add"]);
diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php
index 7ed5214b..aab41c41 100644
--- a/modules/gallery/tests/Legal_File_Helper_Test.php
+++ b/modules/gallery/tests/Legal_File_Helper_Test.php
@@ -37,7 +37,7 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
$this->assert_equal(null, legal_file::get_movie_types_by_extension("php.flv")); // invalid w/ .
// No extension returns full array
- $this->assert_equal(3, count(legal_file::get_movie_types_by_extension()));
+ $this->assert_equal(5, count(legal_file::get_movie_types_by_extension()));
}
public function get_types_by_extension_test() {
@@ -47,7 +47,7 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
$this->assert_equal(null, legal_file::get_types_by_extension("php.flv")); // invalid w/ .
// No extension returns full array
- $this->assert_equal(7, count(legal_file::get_types_by_extension()));
+ $this->assert_equal(9, count(legal_file::get_types_by_extension()));
}
public function get_photo_extensions_test() {
@@ -69,7 +69,7 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
$this->assert_equal(false, legal_file::get_movie_extensions("php.jpg")); // invalid w/ .
// No extension returns full array
- $this->assert_equal(3, count(legal_file::get_movie_extensions()));
+ $this->assert_equal(5, count(legal_file::get_movie_extensions()));
}
public function get_extensions_test() {
@@ -79,12 +79,12 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
$this->assert_equal(false, legal_file::get_extensions("php.jpg")); // invalid w/ .
// No extension returns full array
- $this->assert_equal(7, count(legal_file::get_extensions()));
+ $this->assert_equal(9, count(legal_file::get_extensions()));
}
public function get_filters_test() {
- // All 7 extensions both uppercase and lowercase
- $this->assert_equal(14, count(legal_file::get_filters()));
+ // All 9 extensions both uppercase and lowercase
+ $this->assert_equal(18, count(legal_file::get_filters()));
}
public function get_photo_types_test() {
@@ -94,7 +94,7 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
public function get_movie_types_test() {
// Note that this is one *more* than movie extensions since video/flv is added.
- $this->assert_equal(4, count(legal_file::get_movie_types()));
+ $this->assert_equal(6, count(legal_file::get_movie_types()));
}
public function change_extension_test() {
@@ -194,4 +194,22 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case {
}
}
}
+
+ public function sanitize_dirname_with_no_rename_test() {
+ $this->assert_equal("foo", legal_file::sanitize_dirname("foo"));
+ $this->assert_equal("foo.bar", legal_file::sanitize_dirname("foo.bar"));
+ $this->assert_equal(".foo.bar...baz", legal_file::sanitize_dirname(".foo.bar...baz"));
+ $this->assert_equal("foo bar spaces", legal_file::sanitize_dirname("foo bar spaces"));
+ $this->assert_equal("j'écris@un#nom_bizarre(mais quand_même_ça_passe \$ÇÀ@€",
+ legal_file::sanitize_dirname("j'écris@un#nom_bizarre(mais quand_même_ça_passe \$ÇÀ@€"));
+ }
+
+ public function sanitize_filename_with_corrections_test() {
+ $this->assert_equal("foo_bar", legal_file::sanitize_dirname("/foo/bar/"));
+ $this->assert_equal("foo_bar", legal_file::sanitize_dirname("\\foo\\bar\\"));
+ $this->assert_equal(".foo..bar", legal_file::sanitize_dirname(".foo..bar."));
+ $this->assert_equal("foo_bar", legal_file::sanitize_dirname("_foo__bar_"));
+ $this->assert_equal("album", legal_file::sanitize_dirname("_"));
+ $this->assert_equal("album", legal_file::sanitize_dirname(null));
+ }
} \ No newline at end of file
diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php
index 03fa2da9..9107827a 100644
--- a/modules/gallery/tests/Movie_Helper_Test.php
+++ b/modules/gallery/tests/Movie_Helper_Test.php
@@ -71,6 +71,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -91,6 +92,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -101,5 +103,6 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
// therefore will never be executed.
$this->assert_equal(array(0, 0, "video/x-flv", "flv", 0),
movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv"));
+ unlink(TMPPATH . "test_php_with_flv_extension.flv");
}
}
diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php
index 79b5ccfd..7ba8324f 100644
--- a/modules/gallery/tests/Photo_Helper_Test.php
+++ b/modules/gallery/tests/Photo_Helper_Test.php
@@ -37,6 +37,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension"));
+ unlink(TMPPATH . "test_jpg_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -56,6 +57,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php"));
+ unlink(TMPPATH . "test_jpg_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -66,5 +68,6 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_php_with_jpg_extension.jpg");
}
}
diff --git a/modules/gallery/tests/SafeString_Test.php b/modules/gallery/tests/SafeString_Test.php
index 946410d4..dab7d7df 100644
--- a/modules/gallery/tests/SafeString_Test.php
+++ b/modules/gallery/tests/SafeString_Test.php
@@ -91,7 +91,7 @@ class SafeString_Test extends Gallery_Unit_Test_Case {
public function purify_test() {
$safe_string = SafeString::purify("hello <p >world</p>");
- $expected = method_exists("purifier", "purify")
+ $expected = (class_exists("purifier") && method_exists("purifier", "purify"))
? "hello <p>world</p>"
: "hello &lt;p &gt;world&lt;/p&gt;";
$this->assert_equal($expected, $safe_string);
@@ -100,7 +100,7 @@ class SafeString_Test extends Gallery_Unit_Test_Case {
public function purify_twice_test() {
$safe_string = SafeString::purify("hello <p >world</p>");
$safe_string_2 = SafeString::purify($safe_string);
- $expected = method_exists("purifier", "purify")
+ $expected = (class_exists("purifier") && method_exists("purifier", "purify"))
? "hello <p>world</p>"
: "hello &lt;p &gt;world&lt;/p&gt;";
$this->assert_equal($expected, $safe_string_2);
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index 9473f9f6..4cd9f047 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,6 +1,5 @@
modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF
modules/comment/helpers/comment_rss.php feed DIRTY_AUTH
-modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH
modules/g2_import/controllers/admin_g2_import.php autocomplete DIRTY_CSRF
modules/g2_import/controllers/g2.php map DIRTY_CSRF
modules/gallery/controllers/admin.php __call DIRTY_AUTH
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 51347f86..2152858a 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -39,12 +39,10 @@ modules/comment/views/comments.html.php 31 DIRTY_ATTR $com
modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id
modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url()
modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50)
-modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php")
-modules/digibug/views/digibug_form.html.php 6 DIRTY form::hidden($key,$value)
modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"]
modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"]
-modules/g2_import/views/admin_g2_import.html.php 7 DIRTY_JS url::site("__ARGS__")
-modules/g2_import/views/admin_g2_import.html.php 52 DIRTY $form
+modules/g2_import/views/admin_g2_import.html.php 5 DIRTY_JS url::site("__ARGS__")
+modules/g2_import/views/admin_g2_import.html.php 47 DIRTY $form
modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even")
modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity)
modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY_JS user_profile::url($entry->user->id)
@@ -58,7 +56,8 @@ modules/gallery/views/admin_block_photo_stream.html.php 5 DIRTY_JS $photo
modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72)
modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY_ATTR $photo->thumb_url()
modules/gallery/views/admin_dashboard.html.php 5 DIRTY_JS $csrf
-modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks
+modules/gallery/views/admin_dashboard.html.php 37 DIRTY $obsolete_modules_message
+modules/gallery/views/admin_dashboard.html.php 42 DIRTY $blocks
modules/gallery/views/admin_graphics.html.php 25 DIRTY newView("admin_graphics_none.html")
modules/gallery/views/admin_graphics.html.php 27 DIRTY newView("admin_graphics_$active.html",array("tk"=>$tk->$active,"is_active"=>true))
modules/gallery/views/admin_graphics.html.php 34 DIRTY newView("admin_graphics_$id.html",array("tk"=>$tk->$id,"is_active"=>false))
@@ -98,19 +97,21 @@ modules/gallery/views/admin_maintenance.html.php 181 DIRTY $task-
modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name
modules/gallery/views/admin_maintenance_task.html.php 75 DIRTY $task->name
-modules/gallery/views/admin_modules.html.php 51 DIRTY access::csrf_form_field()
-modules/gallery/views/admin_modules.html.php 61 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_modules.html.php 64 DIRTY form::checkbox($data,'1',module::is_active($module_name))
-modules/gallery/views/admin_modules.html.php 66 DIRTY $module_info->version
-modules/gallery/views/admin_modules.html.php 74 DIRTY_JS $module_info->author_url
-modules/gallery/views/admin_modules.html.php 81 DIRTY_ATTR $module_info->author_name
-modules/gallery/views/admin_modules.html.php 85 DIRTY $module_info->author_name
-modules/gallery/views/admin_modules.html.php 93 DIRTY_JS $module_info->info_url
-modules/gallery/views/admin_modules.html.php 106 DIRTY_JS $module_info->discuss_url
+modules/gallery/views/admin_modules.html.php 51 DIRTY $obsolete_modules_message
+modules/gallery/views/admin_modules.html.php 57 DIRTY access::csrf_form_field()
+modules/gallery/views/admin_modules.html.php 67 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_modules.html.php 70 DIRTY form::checkbox($data,'1',module::is_active($module_name))
+modules/gallery/views/admin_modules.html.php 72 DIRTY $module_info->version
+modules/gallery/views/admin_modules.html.php 80 DIRTY_JS $module_info->author_url
+modules/gallery/views/admin_modules.html.php 87 DIRTY_ATTR $module_info->author_name
+modules/gallery/views/admin_modules.html.php 91 DIRTY $module_info->author_name
+modules/gallery/views/admin_modules.html.php 99 DIRTY_JS $module_info->info_url
+modules/gallery/views/admin_modules.html.php 112 DIRTY_JS $module_info->discuss_url
modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $css_class
modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY $message
modules/gallery/views/admin_modules_confirm.html.php 16 DIRTY access::csrf_form_field()
modules/gallery/views/admin_modules_confirm.html.php 18 DIRTY form::hidden($module,1)
+modules/gallery/views/admin_movies.html.php 43 DIRTY $form
modules/gallery/views/admin_sidebar.html.php 50 DIRTY $available
modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active
modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref
@@ -215,20 +216,20 @@ modules/gallery/views/menu.html.php 18 DIRTY $eleme
modules/gallery/views/menu_ajax_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":""
modules/gallery/views/menu_ajax_link.html.php 4 DIRTY_ATTR $menu->css_class
modules/gallery/views/menu_ajax_link.html.php 5 DIRTY_JS $menu->url
-modules/gallery/views/menu_ajax_link.html.php 7 DIRTY $menu->ajax_handler
+modules/gallery/views/menu_ajax_link.html.php 7 DIRTY_ATTR $menu->ajax_handler
modules/gallery/views/menu_dialog.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":""
modules/gallery/views/menu_dialog.html.php 4 DIRTY_ATTR $menu->css_class
modules/gallery/views/menu_dialog.html.php 5 DIRTY_JS $menu->url
modules/gallery/views/menu_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":""
modules/gallery/views/menu_link.html.php 4 DIRTY_ATTR $menu->css_class
modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu->url
-modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($url,"",$attrs)
-modules/gallery/views/movieplayer.html.php 4 DIRTY_JS $attrs["id"]
-modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $max_size
-modules/gallery/views/movieplayer.html.php 23 DIRTY_JS url::abs_file("lib/flowplayer.swf")
-modules/gallery/views/movieplayer.html.php 30 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming-byterange.swf")
-modules/gallery/views/movieplayer.html.php 48 DIRTY_JS $width
-modules/gallery/views/movieplayer.html.php 48 DIRTY_JS $height
+modules/gallery/views/movieplayer.html.php 2 DIRTY html::attributes($div_attrs)
+modules/gallery/views/movieplayer.html.php 3 DIRTY html::attributes($video_attrs)
+modules/gallery/views/movieplayer.html.php 4 DIRTY html::attributes($source_attrs)
+modules/gallery/views/movieplayer.html.php 8 DIRTY_JS $div_attrs["id"]
+modules/gallery/views/movieplayer.html.php 10 DIRTY_JS $width
+modules/gallery/views/movieplayer.html.php 11 DIRTY_JS $height
+modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/mediaelementjs/")
modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__")
modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf")
modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id
@@ -265,14 +266,15 @@ modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form
modules/gallery/views/reauthenticate.html.php 9 DIRTY $form
modules/gallery/views/upgrade_checker_block.html.php 19 DIRTY $new_version
modules/gallery/views/upgrader.html.php 76 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 94 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
-modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR in_array($id,$failed)?"failed":""
-modules/gallery/views/upgrader.html.php 103 DIRTY_ATTR $id
-modules/gallery/views/upgrader.html.php 107 DIRTY $module->version
-modules/gallery/views/upgrader.html.php 110 DIRTY $module->code_version
-modules/gallery/views/upgrader.html.php 120 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 97 DIRTY $obsolete_modules_message
+modules/gallery/views/upgrader.html.php 103 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 111 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
+modules/gallery/views/upgrader.html.php 111 DIRTY_ATTR in_array($id,$failed)?"failed":""
+modules/gallery/views/upgrader.html.php 112 DIRTY_ATTR $id
+modules/gallery/views/upgrader.html.php 116 DIRTY $module->version
+modules/gallery/views/upgrader.html.php 119 DIRTY $module->code_version
+modules/gallery/views/upgrader.html.php 129 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 132 DIRTY_ATTR $done?"muted":""
modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected)
modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true))
modules/gallery/views/user_profile.html.php 43 DIRTY $info->view
@@ -342,16 +344,15 @@ modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $ite
modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height
modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width
modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url)
-modules/search/views/search.html.php 39 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 40 DIRTY_JS $item->url()
-modules/search/views/search.html.php 41 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
modules/search/views/search.html.php 43 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 53 DIRTY $theme->paginator()
-modules/search/views/search_link.html.php 14 DIRTY_ATTR $item->id
-modules/search/views/search_link.html.php 16 DIRTY_ATTR $item->parent_id
-modules/server_add/views/admin_server_add.html.php 8 DIRTY_JS url::site("__ARGS__")
-modules/server_add/views/admin_server_add.html.php 19 DIRTY $form
-modules/server_add/views/admin_server_add.html.php 30 DIRTY_ATTR $id
+modules/search/views/search.html.php 44 DIRTY_JS $item->url()
+modules/search/views/search.html.php 45 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
+modules/search/views/search.html.php 47 DIRTY_ATTR $item_class
+modules/search/views/search.html.php 57 DIRTY $theme->paginator()
+modules/search/views/search_link.html.php 15 DIRTY_ATTR $album_id
+modules/server_add/views/admin_server_add.html.php 6 DIRTY_JS url::site("__ARGS__")
+modules/server_add/views/admin_server_add.html.php 14 DIRTY $form
+modules/server_add/views/admin_server_add.html.php 25 DIRTY_ATTR $id
modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document"
modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file"
modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__")
@@ -359,8 +360,8 @@ modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::s
modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree
modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id
modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count
-modules/tag/views/tag_block.html.php 28 DIRTY $cloud
-modules/tag/views/tag_block.html.php 30 DIRTY $form
+modules/tag/views/tag_block.html.php 26 DIRTY $cloud
+modules/tag/views/tag_block.html.php 28 DIRTY $form
modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7)
modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count
modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url()
@@ -387,19 +388,19 @@ modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
themes/admin_wind/views/admin.html.php 4 DIRTY $theme->html_attributes()
themes/admin_wind/views/admin.html.php 34 DIRTY $theme->admin_head()
themes/admin_wind/views/admin.html.php 46 DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php 51 DIRTY $theme->get_combined("css")
-themes/admin_wind/views/admin.html.php 54 DIRTY $theme->get_combined("script")
-themes/admin_wind/views/admin.html.php 58 DIRTY $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php 67 DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php 70 DIRTY $theme->user_menu()
-themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_menu()
-themes/admin_wind/views/admin.html.php 76 DIRTY $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php 83 DIRTY $content
-themes/admin_wind/views/admin.html.php 89 DIRTY $sidebar
-themes/admin_wind/views/admin.html.php 94 DIRTY $theme->admin_footer()
-themes/admin_wind/views/admin.html.php 97 DIRTY $theme->admin_credits()
-themes/admin_wind/views/admin.html.php 102 DIRTY $theme->admin_page_bottom()
+themes/admin_wind/views/admin.html.php 50 DIRTY $theme->get_combined("css")
+themes/admin_wind/views/admin.html.php 51 DIRTY $theme->get_combined("script")
+themes/admin_wind/views/admin.html.php 55 DIRTY $theme->admin_page_top()
+themes/admin_wind/views/admin.html.php 63 DIRTY $theme->admin_header_top()
+themes/admin_wind/views/admin.html.php 64 DIRTY_JS item::root()->url()
+themes/admin_wind/views/admin.html.php 67 DIRTY $theme->user_menu()
+themes/admin_wind/views/admin.html.php 70 DIRTY $theme->admin_menu()
+themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_header_bottom()
+themes/admin_wind/views/admin.html.php 80 DIRTY $content
+themes/admin_wind/views/admin.html.php 86 DIRTY $sidebar
+themes/admin_wind/views/admin.html.php 91 DIRTY $theme->admin_footer()
+themes/admin_wind/views/admin.html.php 94 DIRTY $theme->admin_credits()
+themes/admin_wind/views/admin.html.php 99 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
themes/admin_wind/views/block.html.php 5 DIRTY $id
themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id
@@ -434,18 +435,18 @@ themes/wind/views/page.html.php 10 DIRTY $page_
themes/wind/views/page.html.php 32 DIRTY $new_width
themes/wind/views/page.html.php 33 DIRTY $new_height
themes/wind/views/page.html.php 34 DIRTY $thumb_proportion
-themes/wind/views/page.html.php 74 DIRTY_JS $theme->url()
-themes/wind/views/page.html.php 79 DIRTY $theme->get_combined("css")
-themes/wind/views/page.html.php 82 DIRTY $theme->get_combined("script")
-themes/wind/views/page.html.php 92 DIRTY $header_text
-themes/wind/views/page.html.php 94 DIRTY_JS item::root()->url()
-themes/wind/views/page.html.php 98 DIRTY $theme->user_menu()
-themes/wind/views/page.html.php 113 DIRTY_ATTR $breadcrumb->last?"g-active":""
-themes/wind/views/page.html.php 114 DIRTY_ATTR $breadcrumb->first?"g-first":""
-themes/wind/views/page.html.php 115 DIRTY_JS $breadcrumb->url
-themes/wind/views/page.html.php 128 DIRTY $content
-themes/wind/views/page.html.php 134 DIRTY newView("sidebar.html")
-themes/wind/views/page.html.php 141 DIRTY $footer_text
+themes/wind/views/page.html.php 68 DIRTY_JS $theme->url()
+themes/wind/views/page.html.php 72 DIRTY $theme->get_combined("css")
+themes/wind/views/page.html.php 73 DIRTY $theme->get_combined("script")
+themes/wind/views/page.html.php 83 DIRTY $header_text
+themes/wind/views/page.html.php 85 DIRTY_JS item::root()->url()
+themes/wind/views/page.html.php 89 DIRTY $theme->user_menu()
+themes/wind/views/page.html.php 104 DIRTY_ATTR $breadcrumb->last?"g-active":""
+themes/wind/views/page.html.php 105 DIRTY_ATTR $breadcrumb->first?"g-first":""
+themes/wind/views/page.html.php 106 DIRTY_JS $breadcrumb->url
+themes/wind/views/page.html.php 119 DIRTY $content
+themes/wind/views/page.html.php 125 DIRTY newView("sidebar.html")
+themes/wind/views/page.html.php 132 DIRTY $footer_text
themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url
themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url
themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 11:39:14 +0000