summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
AgeCommit message (Collapse)Author
2009-09-23Correct indentationTim Almdal
2009-09-17- Add theme->movie_menu() to whitelisted methods.Andy Staudacher
- xss_data checkpoint
2009-09-15Also check for rss feeds in controller auth checkAndy Staudacher
2009-09-15Controller auth / CSRF fixesAndy Staudacher
2009-09-15Add exception for REST controllers (no fixes necessary).Andy Staudacher
2009-09-15CSRF / auth fixes, golden data file checkpointAndy Staudacher
2009-09-15First functional version of Controller_Auth_TestAndy Staudacher
2009-09-15Initial skeleton of Controller_Auth code audit test (non functional).Andy Staudacher
2009-09-15Improve language preference (Acccept-Language header matching): Boost ↵Andy Staudacher
same-language match over exact locale match for lower qvalue.
2009-09-12Updated for url format changes applied in ↵Bharat Mediratta
2aad580f53dbc06bb170c710467b47a5a532c6c8.
2009-09-11rawurlencode() path components in relative_path_cache andBharat Mediratta
relative_url_cache so that they're safe for browser use.
2009-09-10Rename ORM_MPTT::is_descendant() to ORM_MPTT::contains() to make theBharat Mediratta
API a little clearer. Write a test for it, too.
2009-09-08Fix a thinko-- of course we want urls to be the path to the file itself.Bharat Mediratta
2009-09-08Change $this->_photo to just $photoBharat Mediratta
2009-09-08Fix test to support new slug code.Bharat Mediratta
2009-09-08Update item::convert_filename_to_slug() to eliminate leading andBharat Mediratta
trailing hyphens.
2009-09-07Add item::validate_url_safe() with a test.Bharat Mediratta
2009-09-07Update golden file.Bharat Mediratta
2009-09-07Add support for a per-item "slug" which will be the user-visible urlBharat Mediratta
component for that given item. Album hierarchies are represented by nested slugs. By default, we convert the filename to a slug when you create an album, photo or movie.
2009-09-05Bugfixes for locales::locale_from_http_request(), and adding tests.Andy Staudacher
(And the tests should illustrate that kohana 2.4's API doesn't quite fit our purpose of simply getting the best match between the accepted (client) and the installed (g3) locales.)
2009-09-05Update XSS test golden data file.Andy Staudacher
2009-09-04XSS test golden data file updateAndy Staudacher
2009-09-04Simplifying SafeString a bit: From a XSS HTML security point of view, treat ↵Andy Staudacher
clean() and purify() the same. No longer run a safe HTML string through the HTML purifier (since it's already marked as safe). This also addresses the issue of calling purify() when no purifier is installed. In that case, we'd run clean() on a clean string (double HTML encoding). If this approach doesn't work out, we can still modify the fallback code of purify() to check if the string is already clean before calling clean() instead of purify().
2009-09-03Checkpoint.Bharat Mediratta
2009-09-03Fix tests for new purifier API.Bharat Mediratta
2009-09-03Fix test for new purifier API.Bharat Mediratta
2009-09-03Ensure that purify isn't applied twice for an already purified SafeStringAndy Staudacher
2009-09-03Merge branch 'master' into talmdalTim Almdal
2009-09-03fix the expected return value of photos controllerTim Almdal
2009-09-03fix the expected return value of album controllerTim Almdal
2009-09-03Change the Html_Helper and SafeString tests to change the expeced results ↵Tim Almdal
based on whether HtmlPurifier module is installed or not
2009-09-02Fix formatting, and use a properly named file inBharat Mediratta
change_photo_no_csrf_fails_test() so that GD doesn't bomb.
2009-09-01Update XSS scanner golden fileAndy Staudacher
2009-09-01Remove debugging codeAndy Staudacher
2009-09-01Fix bug in XSS scanner for <script> block @ position 0 of inline_htmlAndy Staudacher
2009-08-31Update XSS test golden fileAndy Staudacher
2009-08-31Add XSS check for HTML attributesAndy Staudacher
2009-08-31Add XSS check to ensure that html::js_string() is not preceded by a quote.Andy Staudacher
2009-08-31Adding XSS test for href="javascript: and onclick="..."Andy Staudacher
2009-08-31Rename mark_safe() to mark_clean()Andy Staudacher
2009-08-30Updating golden XSS-test data fileAndy Staudacher
2009-08-30Check for href="<?= $foo ?>" (malicious "javascript:..." string)Andy Staudacher
2009-08-30Updating XSS golden fileAndy Staudacher
2009-08-30Tabs to spaces cleanupAndy Staudacher
2009-08-30Rename clean_js to js_string and have it return a complete JS string (with ↵Andy Staudacher
delimiters) instead of just the string contents. Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
2009-08-30Improve no_tabs test to print out a complete list of files + line numbers + ↵Andy Staudacher
line snippet.
2009-08-30Add $theme-> methods to Xss whitelist for HTML safety.Andy Staudacher
Updating XSS golden file.
2009-08-29Update all code to use helper method html::clean(), html::purify(), ... ↵Andy Staudacher
instead of SafeString directly.
2009-08-29Adding html::clean(), ::purify(), etc.Andy Staudacher
2009-08-29Undo url helper changes - url methods no longer return a SafeString.Andy Staudacher
Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
generated by cgit v1.2.3 (git 2.51.0) at 2025-10-30 04:33:30 +0000