From 2e23ae98c43ae099a0b7b18f3c65fae21401aa43 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 17 Sep 2009 14:12:43 -0700
Subject: - Add theme->movie_menu() to whitelisted methods. - xss_data
 checkpoint

---
 modules/gallery/tests/Xss_Security_Test.php |  3 ++-
 modules/gallery/tests/xss_data.txt          | 25 +++++++++++++------------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index 85624517..16541017 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -144,7 +144,8 @@ class Xss_Security_Test extends Unit_Test_Case {
                                "dynamic_bottom", "dynamic_top", "footer", "head", "header_bottom",
                                "header_top", "page_bottom", "page_top", "photo_blocks", "photo_bottom",
                                "photo_top", "resize_bottom", "resize_top", "sidebar_blocks", "sidebar_bottom",
-                               "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top")) &&
+                               "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top",
+                               "movie_menu")) &&
                 self::_token_matches("(", $tokens, $token_number + 3)) {
 
               $method = $tokens[$token_number + 2][1];
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 193d2ca1..57da8730 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -295,10 +295,11 @@ themes/admin_default/views/admin.html.php                    68  DIRTY    $sideb
 themes/admin_default/views/admin.html.php                    73  DIRTY    $theme->admin_footer()
 themes/admin_default/views/admin.html.php                    75  DIRTY    $theme->admin_credits()
 themes/admin_default/views/admin.html.php                    79  DIRTY    $theme->admin_page_bottom()
-themes/admin_default/views/block.html.php                    2   DIRTY    $id
-themes/admin_default/views/block.html.php                    2   DIRTY_ATTR $css_id
-themes/admin_default/views/block.html.php                    10  DIRTY    $title
-themes/admin_default/views/block.html.php                    13  DIRTY    $content
+themes/admin_default/views/block.html.php                    3   DIRTY_ATTR $anchor
+themes/admin_default/views/block.html.php                    5   DIRTY    $id
+themes/admin_default/views/block.html.php                    5   DIRTY_ATTR $css_id
+themes/admin_default/views/block.html.php                    13  DIRTY    $title
+themes/admin_default/views/block.html.php                    16  DIRTY    $content
 themes/admin_default/views/pager.html.php                    13  DIRTY_JS str_replace('{page}',1,$url)
 themes/admin_default/views/pager.html.php                    20  DIRTY_JS str_replace('{page}',$previous_page,$url)
 themes/admin_default/views/pager.html.php                    27  DIRTY    $from_to_msg
@@ -309,10 +310,10 @@ themes/default/views/album.html.php                          16  DIRTY_ATTR $ite
 themes/default/views/album.html.php                          18  DIRTY_JS $child->url()
 themes/default/views/album.html.php                          19  DIRTY    $child->thumb_img(array("class"=>"gThumbnail"))
 themes/default/views/album.html.php                          23  DIRTY_JS $child->url()
-themes/default/views/block.html.php                          2   DIRTY_ATTR $anchor
-themes/default/views/block.html.php                          3   DIRTY_ATTR $css_id
-themes/default/views/block.html.php                          4   DIRTY    $title
-themes/default/views/block.html.php                          6   DIRTY    $content
+themes/default/views/block.html.php                          3   DIRTY_ATTR $anchor
+themes/default/views/block.html.php                          5   DIRTY_ATTR $css_id
+themes/default/views/block.html.php                          6   DIRTY    $title
+themes/default/views/block.html.php                          8   DIRTY    $content
 themes/default/views/dynamic.html.php                        11  DIRTY_ATTR $child->is_album()?"gAlbum":""
 themes/default/views/dynamic.html.php                        13  DIRTY_JS $child->url()
 themes/default/views/dynamic.html.php                        14  DIRTY_ATTR $child->id
@@ -329,10 +330,10 @@ themes/default/views/page.html.php                           42  DIRTY    $new_h
 themes/default/views/page.html.php                           43  DIRTY    $thumb_proportion
 themes/default/views/page.html.php                           82  DIRTY    $header_text
 themes/default/views/page.html.php                           84  DIRTY_JS item::root()->url()
-themes/default/views/page.html.php                           98  DIRTY_JS $parent->url("show={$theme->item()->id}")
-themes/default/views/page.html.php                           112 DIRTY    $content
-themes/default/views/page.html.php                           118 DIRTY    newView("sidebar.html")
-themes/default/views/page.html.php                           125 DIRTY    $footer_text
+themes/default/views/page.html.php                           102 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null)
+themes/default/views/page.html.php                           117 DIRTY    $content
+themes/default/views/page.html.php                           123 DIRTY    newView("sidebar.html")
+themes/default/views/page.html.php                           130 DIRTY    $footer_text
 themes/default/views/pager.html.php                          13  DIRTY_JS str_replace('{page}',1,$url)
 themes/default/views/pager.html.php                          20  DIRTY_JS str_replace('{page}',$previous_page,$url)
 themes/default/views/pager.html.php                          27  DIRTY    $from_to_msg
-- 
cgit v1.2.3