summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
AgeCommit message (Collapse)Author
2009-09-08Fix test to support new slug code.Bharat Mediratta
2009-09-08Update item::convert_filename_to_slug() to eliminate leading andBharat Mediratta
trailing hyphens.
2009-09-07Add item::validate_url_safe() with a test.Bharat Mediratta
2009-09-07Update golden file.Bharat Mediratta
2009-09-07Add support for a per-item "slug" which will be the user-visible urlBharat Mediratta
component for that given item. Album hierarchies are represented by nested slugs. By default, we convert the filename to a slug when you create an album, photo or movie.
2009-09-05Bugfixes for locales::locale_from_http_request(), and adding tests.Andy Staudacher
(And the tests should illustrate that kohana 2.4's API doesn't quite fit our purpose of simply getting the best match between the accepted (client) and the installed (g3) locales.)
2009-09-05Update XSS test golden data file.Andy Staudacher
2009-09-04XSS test golden data file updateAndy Staudacher
2009-09-04Simplifying SafeString a bit: From a XSS HTML security point of view, treat ↵Andy Staudacher
clean() and purify() the same. No longer run a safe HTML string through the HTML purifier (since it's already marked as safe). This also addresses the issue of calling purify() when no purifier is installed. In that case, we'd run clean() on a clean string (double HTML encoding). If this approach doesn't work out, we can still modify the fallback code of purify() to check if the string is already clean before calling clean() instead of purify().
2009-09-03Checkpoint.Bharat Mediratta
2009-09-03Fix tests for new purifier API.Bharat Mediratta
2009-09-03Fix test for new purifier API.Bharat Mediratta
2009-09-03Ensure that purify isn't applied twice for an already purified SafeStringAndy Staudacher
2009-09-03Merge branch 'master' into talmdalTim Almdal
2009-09-03fix the expected return value of photos controllerTim Almdal
2009-09-03fix the expected return value of album controllerTim Almdal
2009-09-03Change the Html_Helper and SafeString tests to change the expeced results ↵Tim Almdal
based on whether HtmlPurifier module is installed or not
2009-09-02Fix formatting, and use a properly named file inBharat Mediratta
change_photo_no_csrf_fails_test() so that GD doesn't bomb.
2009-09-01Update XSS scanner golden fileAndy Staudacher
2009-09-01Remove debugging codeAndy Staudacher
2009-09-01Fix bug in XSS scanner for <script> block @ position 0 of inline_htmlAndy Staudacher
2009-08-31Update XSS test golden fileAndy Staudacher
2009-08-31Add XSS check for HTML attributesAndy Staudacher
2009-08-31Add XSS check to ensure that html::js_string() is not preceded by a quote.Andy Staudacher
2009-08-31Adding XSS test for href="javascript: and onclick="..."Andy Staudacher
2009-08-31Rename mark_safe() to mark_clean()Andy Staudacher
2009-08-30Updating golden XSS-test data fileAndy Staudacher
2009-08-30Check for href="<?= $foo ?>" (malicious "javascript:..." string)Andy Staudacher
2009-08-30Updating XSS golden fileAndy Staudacher
2009-08-30Tabs to spaces cleanupAndy Staudacher
2009-08-30Rename clean_js to js_string and have it return a complete JS string (with ↵Andy Staudacher
delimiters) instead of just the string contents. Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
2009-08-30Improve no_tabs test to print out a complete list of files + line numbers + ↵Andy Staudacher
line snippet.
2009-08-30Add $theme-> methods to Xss whitelist for HTML safety.Andy Staudacher
Updating XSS golden file.
2009-08-29Update all code to use helper method html::clean(), html::purify(), ... ↵Andy Staudacher
instead of SafeString directly.
2009-08-29Adding html::clean(), ::purify(), etc.Andy Staudacher
2009-08-29Undo url helper changes - url methods no longer return a SafeString.Andy Staudacher
Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
2009-08-29Merge commit 'upstream/master'Andy Staudacher
Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php
2009-08-29Fixing all detected XSS vectors in PHP->JS code.Andy Staudacher
Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS)
2009-08-29Add more factory methods for convenience:Andy Staudacher
SafeString::purify() and SafeString::of_safe_html(). Removing SafeString::mark_html_safe() since it's no longer needed.
2009-08-29Clean up the test and get it working.Bharat Mediratta
2009-08-29Adding SafeString::for_html_attr()Andy Staudacher
2009-08-29Fix for 641... extend viewable functionality to comments. Viewable unit test ↵Tim Almdal
is not working.
2009-08-29Have url::site() and other methods return a SafeString, just as t() and t2().Andy Staudacher
Benefits: - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter. - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter.
2009-08-29Standardize the access to the create_random_item methodTim Almdal
2009-08-29Adding SafeString which is going to replace p::clean() and p::purify().Andy Staudacher
Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test
2009-08-05Change the children and descendants APIs to be more consistent and toBharat Mediratta
remove Gallery3 concepts from ORM_MPTT. The following API methods: ORM_MPTT::children ORM_MPTT::children_count ORM_MPTT::descendants ORM_MPTT::descendants_count All now take a $where clause that allow you to pass through additional field parameters. old API: $album->children(10, 0, "photos") $album->children_count("photos") new API: $album->children(10, 0, array("type" => "photos")) $album->children_count(array("type" => "photos")) This gives us a more flexible API and simplifies the code. While I was in there, I changed the way we deal with default orderby values so that we just assign the default value in the function definition, which allows us to get rid of all conditionals in the implementation which results in simpler code.
2009-08-05Revert "Allow a theme to override the page refresh mechanism. Create a new"Tim Almdal
This reverts commit 1f014aae6c16bbda62d8f5937180f11ccb0eb1b1.
2009-08-03Merge branch 'master' of git@github.com:gallery/gallery3Tim Almdal
2009-08-02Change the API for getting to the original state of an ORM.Bharat Mediratta
Old API: $obj->original("field_name") New API: $obj->original()->field_name This allows us to revert the varous xxx_updated events back to passing an original ORM as well as the the updated one. This makes for a cleaner event API. Old API: comment_updated($comment) { $comment->original("field_name") } Old API: comment_updated($old, $new) { $old->field_name }
2009-07-30Merge branch 'master' of git@github.com:gallery/gallery3Tim Almdal
generated by cgit v1.2.3 (git 2.51.0) at 2025-11-02 14:59:16 +0000