From ab2e2d2d7786f834b26b0330dd2b6f682f23bd96 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 8 Aug 2010 15:00:23 -0700 Subject: Add the $max_level param to all calls to _sanitize_for_dump() --- modules/gallery/tests/Kohana_Exception_Test.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Kohana_Exception_Test.php b/modules/gallery/tests/Kohana_Exception_Test.php index 48bc5184..df7cf9ff 100644 --- a/modules/gallery/tests/Kohana_Exception_Test.php +++ b/modules/gallery/tests/Kohana_Exception_Test.php @@ -37,22 +37,22 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { public function sanitize_for_dump_match_key_test() { $this->assert_equal("removed for display", - Kohana_Exception::_sanitize_for_dump("original value", "password")); + Kohana_Exception::_sanitize_for_dump("original value", "password", 5)); $this->assert_equal("original value", - Kohana_Exception::_sanitize_for_dump("original value", "meow")); + Kohana_Exception::_sanitize_for_dump("original value", "meow", 5)); } public function sanitize_for_dump_match_key_loosely_test() { $this->assert_equal("removed for display", - Kohana_Exception::_sanitize_for_dump("original value", "this secret key")); + Kohana_Exception::_sanitize_for_dump("original value", "this secret key", 5)); } public function sanitize_for_dump_match_value_test() { // Looks like a hash / secret value. $this->assert_equal("removed for display", - Kohana_Exception::_sanitize_for_dump("p$2a178b841c6391d6368f131", "meow")); + Kohana_Exception::_sanitize_for_dump("p$2a178b841c6391d6368f131", "meow", 5)); $this->assert_equal("original value", - Kohana_Exception::_sanitize_for_dump("original value", "meow")); + Kohana_Exception::_sanitize_for_dump("original value", "meow", 5)); } public function sanitize_for_dump_array_test() { @@ -64,7 +64,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { "three" => "removed for display"); $this->assert_equal($expected, - Kohana_Exception::_sanitize_for_dump($var, "ignored")); + Kohana_Exception::_sanitize_for_dump($var, "ignored", 5)); } public function sanitize_for_dump_nested_array_test() { @@ -73,7 +73,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { $expected = array("safe" => "original value 1", "safe 2" => array("some hash" => "removed for display")); $this->assert_equal($expected, - Kohana_Exception::_sanitize_for_dump($var, "ignored")); + Kohana_Exception::_sanitize_for_dump($var, "ignored", 5)); } public function sanitize_for_dump_user_test() { @@ -83,7 +83,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { $user->email = "value 2"; $user->full_name = "value 3"; $this->assert_equal('User_Model object for "john" - details omitted for display', - Kohana_Exception::_sanitize_for_dump($user, "ignored")); + Kohana_Exception::_sanitize_for_dump($user, "ignored", 5)); } public function sanitize_for_dump_database_test() { @@ -91,7 +91,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { array("connection" => array("user" => "john", "name" => "gallery_3"), "cache" => array())); $this->assert_equal("Kohana_Exception_Test_Database object - details omitted for display", - Kohana_Exception::_sanitize_for_dump($db, "ignored")); + Kohana_Exception::_sanitize_for_dump($db, "ignored", 5)); } public function sanitize_for_dump_nested_database_test() { @@ -104,7 +104,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { array("some" => "foo", "bar (type: Kohana_Exception_Test_Database)" => "Kohana_Exception_Test_Database object - details omitted for display"), - Kohana_Exception::_sanitize_for_dump($var, "ignored")); + Kohana_Exception::_sanitize_for_dump($var, "ignored", 5)); } public function sanitize_for_dump_object_test() { @@ -117,7 +117,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { "private: email_address" => "removed for display", "password" => "removed for display"); $this->assert_equal($expected, - Kohana_Exception::_sanitize_for_dump($obj, "ignored")); + Kohana_Exception::_sanitize_for_dump($obj, "ignored", 5)); } public function sanitize_for_dump_nested_object_test() { @@ -142,7 +142,7 @@ class Kohana_Exception_Test extends Gallery_Unit_Test_Case { "foo" => array("bar (type: User_Model)" => 'User_Model object for "john" - details omitted for display')); $this->assert_equal($expected, - Kohana_Exception::_sanitize_for_dump($obj, "ignored")); + Kohana_Exception::_sanitize_for_dump($obj, "ignored", 5)); } } -- cgit v1.2.3 From f5b7e207c8c6dc92f82b3607d57459e794b7990e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 8 Aug 2010 15:02:58 -0700 Subject: Verified. --- modules/gallery/tests/xss_data.txt | 123 ++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 62 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 02483865..f135c522 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -77,23 +77,23 @@ modules/gallery/views/admin_languages.html.php 62 DIRTY form:: modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) modules/gallery/views/admin_languages.html.php 113 DIRTY $share_translations_form -modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity) -modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity) -modules/gallery/views/admin_maintenance.html.php 26 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 29 DIRTY $task->description -modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" -modules/gallery/views/admin_maintenance.html.php 71 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" -modules/gallery/views/admin_maintenance.html.php 72 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 142 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 143 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 146 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 158 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 40 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 40 DIRTY_ATTR log::severity_class($task->severity) +modules/gallery/views/admin_maintenance.html.php 41 DIRTY_ATTR log::severity_class($task->severity) +modules/gallery/views/admin_maintenance.html.php 42 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 45 DIRTY $task->description +modules/gallery/views/admin_maintenance.html.php 86 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 86 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" +modules/gallery/views/admin_maintenance.html.php 87 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" +modules/gallery/views/admin_maintenance.html.php 88 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 91 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 106 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 157 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 157 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 158 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 159 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 174 DIRTY $task->status modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name @@ -122,50 +122,50 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info- modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 8 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form -modules/gallery/views/error_admin.html.php 150 DIRTY $type -modules/gallery/views/error_admin.html.php 150 DIRTY $code -modules/gallery/views/error_admin.html.php 153 DIRTY $message -modules/gallery/views/error_admin.html.php 156 DIRTY_ATTR $error_id -modules/gallery/views/error_admin.html.php 161 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 161 DIRTY $line -modules/gallery/views/error_admin.html.php 166 DIRTY_ATTR ($num==$line)?"highlight":"" -modules/gallery/views/error_admin.html.php 166 DIRTY $num -modules/gallery/views/error_admin.html.php 166 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 178 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 178 DIRTY_JS $source_id -modules/gallery/views/error_admin.html.php 178 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 178 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 180 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 180 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 187 DIRTY $step["function"] -modules/gallery/views/error_admin.html.php 188 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 188 DIRTY_JS $args_id -modules/gallery/views/error_admin.html.php 192 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 197 DIRTY $name -modules/gallery/views/error_admin.html.php 200 DIRTY Kohana_Exception::safe_dump($arg,$name) -modules/gallery/views/error_admin.html.php 208 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 208 DIRTY_ATTR ($num==$step["line"])?"highlight":"" -modules/gallery/views/error_admin.html.php 208 DIRTY $num -modules/gallery/views/error_admin.html.php 208 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 218 DIRTY_ATTR $env_id=$error_id."environment" -modules/gallery/views/error_admin.html.php 218 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 220 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 222 DIRTY_ATTR $env_id=$error_id."environment_included" -modules/gallery/views/error_admin.html.php 222 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 222 DIRTY count($included) -modules/gallery/views/error_admin.html.php 223 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 228 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 235 DIRTY_ATTR $env_id=$error_id."environment_loaded" -modules/gallery/views/error_admin.html.php 235 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 235 DIRTY count($included) -modules/gallery/views/error_admin.html.php 236 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 241 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 249 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) -modules/gallery/views/error_admin.html.php 250 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 250 DIRTY $var -modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 257 DIRTY $key -modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) +modules/gallery/views/error_admin.html.php 183 DIRTY $type +modules/gallery/views/error_admin.html.php 183 DIRTY $code +modules/gallery/views/error_admin.html.php 186 DIRTY $message +modules/gallery/views/error_admin.html.php 189 DIRTY_ATTR $error_id +modules/gallery/views/error_admin.html.php 194 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 194 DIRTY $line +modules/gallery/views/error_admin.html.php 199 DIRTY_ATTR ($num==$line)?"highlight":"" +modules/gallery/views/error_admin.html.php 199 DIRTY $num +modules/gallery/views/error_admin.html.php 199 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 211 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 211 DIRTY_JS $source_id +modules/gallery/views/error_admin.html.php 211 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 211 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 213 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 213 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 220 DIRTY $step["function"] +modules/gallery/views/error_admin.html.php 221 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 221 DIRTY_JS $args_id +modules/gallery/views/error_admin.html.php 225 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 230 DIRTY $name +modules/gallery/views/error_admin.html.php 233 DIRTY Kohana_Exception::safe_dump($arg,$name) +modules/gallery/views/error_admin.html.php 241 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 241 DIRTY_ATTR ($num==$step["line"])?"highlight":"" +modules/gallery/views/error_admin.html.php 241 DIRTY $num +modules/gallery/views/error_admin.html.php 241 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env_id=$error_id."environment" +modules/gallery/views/error_admin.html.php 251 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 253 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 255 DIRTY_ATTR $env_id=$error_id."environment_included" +modules/gallery/views/error_admin.html.php 255 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 255 DIRTY count($included) +modules/gallery/views/error_admin.html.php 256 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 268 DIRTY_ATTR $env_id=$error_id."environment_loaded" +modules/gallery/views/error_admin.html.php 268 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 268 DIRTY count($included) +modules/gallery/views/error_admin.html.php 269 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 274 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 282 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) +modules/gallery/views/error_admin.html.php 283 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 283 DIRTY $var +modules/gallery/views/error_admin.html.php 284 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 290 DIRTY $key +modules/gallery/views/error_admin.html.php 294 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") @@ -191,7 +191,6 @@ modules/gallery/views/l10n_client.html.php 62 DIRTY form:: modules/gallery/views/l10n_client.html.php 67 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"') modules/gallery/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset") modules/gallery/views/login_ajax.html.php 44 DIRTY $form -modules/gallery/views/maintenance.html.php 46 DIRTY auth::get_login_form("login/auth_html") modules/gallery/views/menu.html.php 4 DIRTY $menu->css_id?"id='$menu->css_id'":"" modules/gallery/views/menu.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu.html.php 6 DIRTY $element->render() -- cgit v1.2.3 From 8da37d595cc81e3c340dd98fdb621b6955a3ad3f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 8 Aug 2010 15:25:21 -0700 Subject: Verified. --- modules/gallery/tests/controller_auth_data.txt | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 3c9b3afc..0864a928 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -14,7 +14,6 @@ modules/gallery/controllers/login.php auth_ajax modules/gallery/controllers/login.php html DIRTY_AUTH modules/gallery/controllers/login.php auth_html DIRTY_AUTH modules/gallery/controllers/logout.php index DIRTY_AUTH -modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/upgrader.php index DIRTY_AUTH modules/gallery/controllers/uploader.php start DIRTY_AUTH -- cgit v1.2.3 From 2dda8e22a7a32db8a5577aad0cff2b47ac0f9c63 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 8 Aug 2010 16:54:31 -0700 Subject: Use the gallery helper date/time functions wherever we format date time for the browser. Fixes ticket #1278. --- modules/comment/views/comments.html.php | 6 +++--- modules/comment/views/user_profile_comments.html.php | 4 ++-- modules/gallery/helpers/gallery.php | 4 ++-- modules/gallery/tests/xss_data.txt | 2 +- modules/info/views/info_block.html.php | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index da45f57b..b524f5da 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -36,11 +36,11 @@ author()->guest): ?> date("Y-M-d H:i:s", $comment->created), - "name" => html::clean($comment->author_name()))); ?> + array("date" => gallery::date_time($comment->created), + "name" => html::clean($comment->author_name()))); ?> %name said', - array("date" => date("Y-M-d H:i:s", $comment->created), + array("date" => gallery::date_time($comment->created), "url" => user_profile::url($comment->author_id), "name" => html::clean($comment->author_name()))); ?> diff --git a/modules/comment/views/user_profile_comments.html.php b/modules/comment/views/user_profile_comments.html.php index a2a641ba..377b2d95 100644 --- a/modules/comment/views/user_profile_comments.html.php +++ b/modules/comment/views/user_profile_comments.html.php @@ -4,8 +4,8 @@

  • - date("Y-M-d H:i:s", $comment->created), + gallery::date_time($comment->created), "title" => $comment->item()->title)); ?> item()->thumb_img(array(), 50) ?> diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 54d16322..3f83b23d 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -60,7 +60,7 @@ class gallery_Core { * @return string */ static function date_time($timestamp) { - return date(module::get_var("gallery", "date_time_format", "Y-M-d H:i:s"), $timestamp); + return date(module::get_var("gallery", "date_time_format"), $timestamp); } /** @@ -69,7 +69,7 @@ class gallery_Core { * @return string */ static function date($timestamp) { - return date(module::get_var("gallery", "date_format", "Y-M-d"), $timestamp); + return date(module::get_var("gallery", "date_format"), $timestamp); } /** diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index f135c522..ef92970b 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -267,7 +267,7 @@ modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $use modules/gallery/views/user_profile.html.php 43 DIRTY $info->view modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) -modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) +modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured) modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index ac177ee7..ebe9bd28 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -19,7 +19,7 @@ captured): ?>

  • - captured)?> + captured)?>
    • owner): ?> -- cgit v1.2.3