From fd437aec2bbd3e65b330b0790af970ca7e078636 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 4 Jun 2010 13:58:49 -0700 Subject: Correct XSS Security Test golden file for recent changes. Update the controller_auth data file for the rename of admin_comments to admin_manage_comments. --- modules/gallery/tests/controller_auth_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/tests/controller_auth_data.txt') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 0aa26057..94e7a07f 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,4 +1,4 @@ -modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF modules/comment/helpers/comment_rss.php feed DIRTY_AUTH modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/digibug/controllers/digibug.php close_window DIRTY_AUTH -- cgit v1.2.3 From 6ebbb4fbf5cc5559f433300871078be41d615cf6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 20 Jun 2010 09:51:39 -0700 Subject: Updated golden files. --- modules/gallery/tests/controller_auth_data.txt | 2 + modules/gallery/tests/xss_data.txt | 82 ++++++++++++++++++++------ 2 files changed, 65 insertions(+), 19 deletions(-) (limited to 'modules/gallery/tests/controller_auth_data.txt') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 94e7a07f..8263f79d 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -23,6 +23,8 @@ modules/gallery/controllers/user_profile.php show modules/gallery/controllers/user_profile.php contact DIRTY_AUTH modules/gallery/controllers/user_profile.php send DIRTY_AUTH modules/gallery/controllers/welcome_message.php index DIRTY_AUTH +modules/organize/controllers/organize.php dialog DIRTY_CSRF +modules/organize/controllers/organize.php add_album_fields DIRTY_AUTH modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH modules/rest/controllers/rest.php __call DIRTY_CSRF|DIRTY_AUTH modules/rss/controllers/rss.php feed DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 7fce42a1..4ead8a3f 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -33,8 +33,8 @@ modules/comment/views/comment.mrss.php 29 DIRTY $child modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 24 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comments.html.php 28 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 31 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url() modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50) @@ -122,6 +122,50 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info- modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form +modules/gallery/views/error_admin.html.php 150 DIRTY $type +modules/gallery/views/error_admin.html.php 150 DIRTY $code +modules/gallery/views/error_admin.html.php 153 DIRTY $message +modules/gallery/views/error_admin.html.php 156 DIRTY_ATTR $error_id +modules/gallery/views/error_admin.html.php 161 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 161 DIRTY $line +modules/gallery/views/error_admin.html.php 166 DIRTY_ATTR ($num==$line)?"highlight":"" +modules/gallery/views/error_admin.html.php 166 DIRTY $num +modules/gallery/views/error_admin.html.php 166 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 178 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 178 DIRTY_JS $source_id +modules/gallery/views/error_admin.html.php 178 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 178 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 180 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 180 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 187 DIRTY $step["function"] +modules/gallery/views/error_admin.html.php 188 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 188 DIRTY_JS $args_id +modules/gallery/views/error_admin.html.php 192 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 197 DIRTY $name +modules/gallery/views/error_admin.html.php 200 DIRTY Kohana_Exception::safe_dump($arg,$name) +modules/gallery/views/error_admin.html.php 208 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 208 DIRTY_ATTR ($num==$step["line"])?"highlight":"" +modules/gallery/views/error_admin.html.php 208 DIRTY $num +modules/gallery/views/error_admin.html.php 208 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 218 DIRTY_ATTR $env_id=$error_id."environment" +modules/gallery/views/error_admin.html.php 218 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 220 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 222 DIRTY_ATTR $env_id=$error_id."environment_included" +modules/gallery/views/error_admin.html.php 222 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 222 DIRTY count($included) +modules/gallery/views/error_admin.html.php 223 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 228 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 235 DIRTY_ATTR $env_id=$error_id."environment_loaded" +modules/gallery/views/error_admin.html.php 235 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 235 DIRTY count($included) +modules/gallery/views/error_admin.html.php 236 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 241 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 249 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) +modules/gallery/views/error_admin.html.php 250 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 250 DIRTY $var +modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 257 DIRTY $key +modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") @@ -235,16 +279,16 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item- modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url -modules/organize/views/organize_dialog.html.php 92 DIRTY_JS $domain -modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $access_key -modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $protocol -modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $file_filter -modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $sort_order -modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $sort_fields -modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $album->id -modules/organize/views/organize_dialog.html.php 99 DIRTY_JS $rest_uri -modules/organize/views/organize_dialog.html.php 100 DIRTY_JS $controller_uri -modules/organize/views/organize_dialog.html.php 124 DIRTY_JS $swf_url +modules/organize/views/organize_dialog.html.php 90 DIRTY_JS $domain +modules/organize/views/organize_dialog.html.php 91 DIRTY_JS $access_key +modules/organize/views/organize_dialog.html.php 92 DIRTY_JS request::protocol() +modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $file_filter +modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $sort_order +modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $sort_fields +modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $album->id +modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $rest_uri +modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $controller_uri +modules/organize/views/organize_dialog.html.php 122 DIRTY_JS $swf_uri modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key @@ -316,13 +360,13 @@ themes/admin_wind/views/admin.html.php 43 DIRTY $theme themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_header_top() themes/admin_wind/views/admin.html.php 52 DIRTY_JS item::root()->url() themes/admin_wind/views/admin.html.php 55 DIRTY $theme->user_menu() -themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 59 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 66 DIRTY $content -themes/admin_wind/views/admin.html.php 72 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 83 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 58 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 61 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 68 DIRTY $content +themes/admin_wind/views/admin.html.php 74 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 81 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 85 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id -- cgit v1.2.3 From eee8c27f2666d65c03c36698a612a055e9b55d5e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 08:43:02 -0700 Subject: Correct the controller auth golden file from when the simple_uploader was renamed to flash_uploader --- modules/gallery/tests/controller_auth_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests/controller_auth_data.txt') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 8263f79d..f7ceed90 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,6 +9,8 @@ modules/gallery/controllers/albums.php show modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php start DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php finish DIRTY_AUTH modules/gallery/controllers/login.php ajax DIRTY_AUTH modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH @@ -16,8 +18,6 @@ modules/gallery/controllers/login.php auth_html modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF -modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH -modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH modules/gallery/controllers/upgrader.php index DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH -- cgit v1.2.3