summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/tests')
-rw-r--r--modules/gallery/tests/Access_Helper_Test.php1
-rw-r--r--modules/gallery/tests/Album_Helper_Test.php2
-rw-r--r--modules/gallery/tests/Gallery_Installer_Test.php2
-rw-r--r--modules/gallery/tests/Gallery_Rest_Helper_Test.php12
-rw-r--r--modules/gallery/tests/Item_Model_Test.php2
-rw-r--r--modules/gallery/tests/Url_Security_Test.php43
-rw-r--r--modules/gallery/tests/xss_data.txt2
7 files changed, 54 insertions, 10 deletions
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index ac41743a..da72f12f 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -72,6 +72,7 @@ class Access_Helper_Test extends Unit_Test_Case {
access::deny(identity::everybody(), "view", $item);
access::deny(identity::registered_users(), "view", $item);
+ $item->reload();
$user = identity::create_user("access_test", "Access Test", "*****", "user@user.com");
foreach ($user->groups() as $group) {
diff --git a/modules/gallery/tests/Album_Helper_Test.php b/modules/gallery/tests/Album_Helper_Test.php
index 1284b8cc..ef0905da 100644
--- a/modules/gallery/tests/Album_Helper_Test.php
+++ b/modules/gallery/tests/Album_Helper_Test.php
@@ -38,7 +38,7 @@ class Album_Helper_Test extends Unit_Test_Case {
}
public function create_conflicting_album_test() {
- $rand = rand();
+ $rand = "name_" . rand();
$root = ORM::factory("item", 1);
$album1 = album::create($root, $rand, $rand, $rand);
$album2 = album::create($root, $rand, $rand, $rand);
diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php
index 43399fb4..74a07b1a 100644
--- a/modules/gallery/tests/Gallery_Installer_Test.php
+++ b/modules/gallery/tests/Gallery_Installer_Test.php
@@ -41,7 +41,7 @@ class Gallery_Installer_Test extends Unit_Test_Case {
$this->assert_equal("Gallery", $root->title);
$this->assert_equal(1, $root->left_ptr);
$this->assert_equal($max_right_ptr, $root->right_ptr);
- $this->assert_equal(null, $root->parent_id);
+ $this->assert_equal(0, $root->parent_id);
$this->assert_equal(1, $root->level);
}
}
diff --git a/modules/gallery/tests/Gallery_Rest_Helper_Test.php b/modules/gallery/tests/Gallery_Rest_Helper_Test.php
index c5c8a890..dac221b3 100644
--- a/modules/gallery/tests/Gallery_Rest_Helper_Test.php
+++ b/modules/gallery/tests/Gallery_Rest_Helper_Test.php
@@ -94,8 +94,8 @@ class Gallery_Rest_Helper_Test extends Unit_Test_Case {
"path" => $photo->relative_url(),
"thumb_url" => $photo->thumb_url(),
"thumb_dimensions" => array(
- "width" => $photo->thumb_width,
- "height" => $photo->thumb_height),
+ "width" => (string)$photo->thumb_width,
+ "height" => (string)$photo->thumb_height),
"has_thumb" => true,
"title" => $photo->title))))),
gallery_rest::get($request));
@@ -115,14 +115,14 @@ class Gallery_Rest_Helper_Test extends Unit_Test_Case {
"parent_path" => $child->relative_url(),
"title" => $photo->title,
"thumb_url" => $photo->thumb_url(),
- "thumb_size" => array("height" => $photo->thumb_height,
- "width" => $photo->thumb_width),
+ "thumb_size" => array("height" => (string)$photo->thumb_height,
+ "width" => (string)$photo->thumb_width),
"resize_url" => $photo->resize_url(),
"resize_size" => array("height" => $photo->resize_height,
"width" => $photo->resize_width),
"url" => $photo->file_url(),
- "size" => array("height" => $photo->height,
- "width" => $photo->width),
+ "size" => array("height" => (string)$photo->height,
+ "width" => (string)$photo->width),
"description" => $photo->description,
"slug" => $photo->slug))),
gallery_rest::get($request));
diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php
index c1df70c6..b41740d6 100644
--- a/modules/gallery/tests/Item_Model_Test.php
+++ b/modules/gallery/tests/Item_Model_Test.php
@@ -45,7 +45,7 @@ class Item_Model_Test extends Unit_Test_Case {
public function updating_view_count_only_doesnt_change_updated_date_test() {
$item = test::random_photo();
$item->reload();
- $this->assert_same(0, $item->view_count);
+ $this->assert_equal(0, $item->view_count);
// Force the updated date to something well known
db::build()
diff --git a/modules/gallery/tests/Url_Security_Test.php b/modules/gallery/tests/Url_Security_Test.php
new file mode 100644
index 00000000..de25880f
--- /dev/null
+++ b/modules/gallery/tests/Url_Security_Test.php
@@ -0,0 +1,43 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Url_Security_Test extends Unit_Test_Case {
+ public function setup() {
+ $this->save = array(Router::$current_uri, Router::$complete_uri, $_GET);
+ }
+
+ public function teardown() {
+ list(Router::$current_uri, Router::$complete_uri, $_GET) = $this->save;
+ }
+
+ public function xss_in_current_url_test() {
+ Router::$current_uri = "foo/<xss>/bar";
+ Router::$complete_uri = "foo/<xss>/bar?foo=bar";
+ $this->assert_same("foo/&lt;xss&gt;/bar", url::current());
+ $this->assert_same("foo/&lt;xss&gt;/bar?foo=bar", url::current(true));
+ }
+
+ public function xss_in_merged_url_test() {
+ Router::$current_uri = "foo/<xss>/bar";
+ Router::$complete_uri = "foo/<xss>/bar?foo=bar";
+ $_GET = array("foo" => "bar");
+ $this->assert_same("foo/&lt;xss&gt;/bar?foo=bar", url::merge(array()));
+ $this->assert_same("foo/&lt;xss&gt;/bar?foo=bar&amp;a=b", url::merge(array("a" => "b")));
+ }
+} \ No newline at end of file
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index a264286c..1530c73e 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -137,7 +137,7 @@ modules/gallery/views/l10n_client.html.php 26 DIRTY $strin
modules/gallery/views/l10n_client.html.php 32 DIRTY $l10n_search_form
modules/gallery/views/l10n_client.html.php 41 DIRTY access::csrf_form_field()
modules/gallery/views/l10n_client.html.php 42 DIRTY form::hidden("l10n-message-key")
-modules/gallery/views/l10n_client.html.php 43 DIRTY form::textarea("l10n-edit-translation","",' rows="5" class="translationField"')
+modules/gallery/views/l10n_client.html.php 43 DIRTY form::textarea("l10n-edit-translation","",' id="l10n-edit-translation" rows="5" class="translationField"')
modules/gallery/views/l10n_client.html.php 46 DIRTY form::textarea("l10n-edit-plural-translation-zero","",' rows="2"')
modules/gallery/views/l10n_client.html.php 50 DIRTY form::textarea("l10n-edit-plural-translation-one","",' rows="2"')
modules/gallery/views/l10n_client.html.php 54 DIRTY form::textarea("l10n-edit-plural-translation-two","",' rows="2"')
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 07:17:12 +0000