From 4a7fc1a9815099d64b17133da238ef4470071328 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 1 Sep 2010 23:21:56 -0700 Subject: Fix up the test so it works with the changes for ticket #1216. Also note the name change to the first test. Form a php reflection point of view Sendmail_Test (class name) == sendmail_test (method name) so the method gets treated as a constructor instead of a test method. --- modules/gallery/tests/Sendmail_Test.php | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Sendmail_Test.php b/modules/gallery/tests/Sendmail_Test.php index 92974e5c..aee6abf5 100644 --- a/modules/gallery/tests/Sendmail_Test.php +++ b/modules/gallery/tests/Sendmail_Test.php @@ -19,24 +19,18 @@ */ class Sendmail_Test extends Gallery_Unit_Test_Case { public function setup() { - Kohana_Config::instance()->set("sendmail.from", "from@gallery3.com"); + module::set_var("gallery", "email_from", "from@gallery3.com"); + module::set_var("gallery", "email_reply_to", "reply_to@gallery3.com"); } - public function sendmail_test() { - $domain = Input::instance()->server("HTTP_HOST"); + public function sendmail_basic_test() { $expected = "To: receiver@someemail.com\r\n" . "From: from@gallery3.com\n" . - "Reply-To: public@$domain\r\n" . + "Reply-To: reply_to@gallery3.com\r\n" . "Subject: Test Email Unit test\r\n\r\n" . "The mail message body"; $result = Sendmail_For_Test::factory() ->to("receiver@someemail.com") - /* - * @todo figure out why this test fails so badly, when the following - * line is not supplied. It doesn't seem to be set by setup method - * as you would expect. - */ - ->from("from@gallery3.com") ->subject("Test Email Unit test") ->message("The mail message body") ->send() @@ -46,16 +40,15 @@ class Sendmail_Test extends Gallery_Unit_Test_Case { } public function sendmail_reply_to_test() { - $domain = Input::instance()->server("HTTP_HOST"); $expected = "To: receiver@someemail.com\r\n" . - "From: admin@$domain\n" . - "Reply-To: reply-to@gallery3.com\r\n" . + "From: from@gallery3.com\n" . + "Reply-To: reply_to@gallery3.com\r\n" . "Subject: Test Email Unit test\r\n\r\n" . "The mail message body"; $result = Sendmail_For_Test::factory() ->to("receiver@someemail.com") ->subject("Test Email Unit test") - ->reply_to("reply-to@gallery3.com") + ->reply_to("reply_to@gallery3.com") ->message("The mail message body") ->send() ->send_text; @@ -63,10 +56,9 @@ class Sendmail_Test extends Gallery_Unit_Test_Case { } public function sendmail_html_message_test() { - $domain = Input::instance()->server("HTTP_HOST"); $expected = "To: receiver@someemail.com\r\n" . - "From: admin@$domain\n" . - "Reply-To: public@$domain\n" . + "From: from@gallery3.com\n" . + "Reply-To: reply_to@gallery3.com\n" . "MIME-Version: 1.0\n" . "Content-Type: text/html; charset=UTF-8\r\n" . "Subject: Test Email Unit test\r\n\r\n" . @@ -85,8 +77,8 @@ class Sendmail_Test extends Gallery_Unit_Test_Case { public function sendmail_wrapped_message_test() { $domain = Input::instance()->server("HTTP_HOST"); $expected = "To: receiver@someemail.com\r\n" . - "From: admin@$domain\n" . - "Reply-To: public@$domain\r\n" . + "From: from@gallery3.com\n" . + "Reply-To: reply_to@gallery3.com\r\n" . "Subject: Test Email Unit test\r\n\r\n" . "This is a long message that needs to go\n" . "over forty characters If we get lucky we\n" . -- cgit v1.2.3 From ec2c9dad64ecb8aca6ab71461e76715f39071c9f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 6 Sep 2010 15:20:04 -0700 Subject: Verified checkpoint. --- modules/gallery/tests/controller_auth_data.txt | 1 + modules/gallery/tests/xss_data.txt | 90 ++++++++++++-------------- 2 files changed, 43 insertions(+), 48 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 8b776fb9..212577c7 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -17,6 +17,7 @@ modules/gallery/controllers/logout.php index modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/upgrader.php index DIRTY_AUTH modules/gallery/controllers/uploader.php start DIRTY_AUTH +modules/gallery/controllers/uploader.php status DIRTY_AUTH modules/gallery/controllers/uploader.php finish DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 3eae3d07..4405dad3 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -88,15 +88,15 @@ modules/gallery/views/admin_maintenance.html.php 87 DIRTY_ATTR $tas modules/gallery/views/admin_maintenance.html.php 88 DIRTY gallery::date_time($task->updated) modules/gallery/views/admin_maintenance.html.php 91 DIRTY $task->name modules/gallery/views/admin_maintenance.html.php 106 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 157 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 157 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 158 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 159 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 174 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 162 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 162 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 163 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 164 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 167 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 179 DIRTY $task->status modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name -modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name +modules/gallery/views/admin_maintenance_task.html.php 75 DIRTY $task->name modules/gallery/views/admin_modules.html.php 51 DIRTY access::csrf_form_field() modules/gallery/views/admin_modules.html.php 60 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_modules.html.php 63 DIRTY form::checkbox($data,'1',module::is_active($module_name)) @@ -109,7 +109,7 @@ modules/gallery/views/admin_sidebar.html.php 50 DIRTY $avail modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY $text -modules/gallery/views/admin_theme_options.html.php 36 DIRTY $form +modules/gallery/views/admin_theme_options.html.php 5 DIRTY $form modules/gallery/views/admin_themes.html.php 3 DIRTY_JS url::site("admin/themes/choose") modules/gallery/views/admin_themes.html.php 5 DIRTY_JS $csrf modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->name @@ -168,10 +168,13 @@ modules/gallery/views/error_admin.html.php 284 DIRTY $var modules/gallery/views/error_admin.html.php 285 DIRTY_ATTR $env_id modules/gallery/views/error_admin.html.php 291 DIRTY $key modules/gallery/views/error_admin.html.php 295 DIRTY Kohana_Exception::safe_dump($value,$key) -modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("uploader/add_photo/{$album->id}") -modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") -modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit +modules/gallery/views/form_uploadify.html.php 16 DIRTY_JS url::site("uploader/status/_S/_E") +modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS $flash_minimum_version +modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.swf") +modules/gallery/views/form_uploadify.html.php 29 DIRTY_JS url::site("uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 33 DIRTY_JS url::file("lib/uploadify/cancel.png") +modules/gallery/views/form_uploadify.html.php 34 DIRTY_JS $simultaneous_upload_limit +modules/gallery/views/form_uploadify.html.php 160 DIRTY_ATTR request::protocol() modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field() modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"") @@ -207,17 +210,6 @@ modules/gallery/views/menu_dialog.html.php 5 DIRTY_JS $menu- modules/gallery/views/menu_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_link.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu->url -modules/gallery/views/move_browse.html.php 5 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") -modules/gallery/views/move_browse.html.php 40 DIRTY $tree -modules/gallery/views/move_browse.html.php 44 DIRTY access::csrf_form_field() -modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); -modules/gallery/views/move_tree.html.php 4 DIRTY_JS $parent->id -modules/gallery/views/move_tree.html.php 6 DIRTY_JS $parent->id -modules/gallery/views/move_tree.html.php 8 DIRTY_ATTR $parent->id -modules/gallery/views/move_tree.html.php 10 DIRTY_ATTR $child->id -modules/gallery/views/move_tree.html.php 11 DIRTY $child->thumb_img(array(),25); -modules/gallery/views/move_tree.html.php 13 DIRTY_JS $child->id -modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child->id modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") @@ -281,18 +273,19 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item- modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url -modules/organize/views/organize_dialog.html.php 90 DIRTY_JS $domain -modules/organize/views/organize_dialog.html.php 91 DIRTY_JS $access_key -modules/organize/views/organize_dialog.html.php 92 DIRTY_JS request::protocol() -modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $file_filter -modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $sort_order -modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $sort_fields -modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $album->id -modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $rest_uri -modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $controller_uri -modules/organize/views/organize_dialog.html.php 104 DIRTY_JS $flash_minimum_version="10.0.0" -modules/organize/views/organize_dialog.html.php 122 DIRTY_JS $swf_uri -modules/organize/views/organize_dialog.html.php 136 DIRTY_ATTR request::protocol() +modules/organize/views/organize_dialog.html.php 86 DIRTY_JS $domain +modules/organize/views/organize_dialog.html.php 87 DIRTY_JS $access_key +modules/organize/views/organize_dialog.html.php 88 DIRTY_JS request::protocol() +modules/organize/views/organize_dialog.html.php 89 DIRTY_JS $file_filter +modules/organize/views/organize_dialog.html.php 90 DIRTY_JS $sort_order +modules/organize/views/organize_dialog.html.php 91 DIRTY_JS $sort_fields +modules/organize/views/organize_dialog.html.php 92 DIRTY_JS $album->id +modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $selected_id +modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $rest_uri +modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $controller_uri +modules/organize/views/organize_dialog.html.php 101 DIRTY_JS $flash_minimum_version="10.0.0" +modules/organize/views/organize_dialog.html.php 119 DIRTY_JS $swf_uri +modules/organize/views/organize_dialog.html.php 132 DIRTY_ATTR request::protocol() modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key @@ -385,10 +378,10 @@ themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_re themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class themes/wind/views/album.html.php 18 DIRTY_JS $child->url() -themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) -themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 24 DIRTY_JS $child->url() -themes/wind/views/album.html.php 42 DIRTY $theme->paginator() +themes/wind/views/album.html.php 20 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) +themes/wind/views/album.html.php 25 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 26 DIRTY_JS $child->url() +themes/wind/views/album.html.php 44 DIRTY $theme->paginator() themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id themes/wind/views/block.html.php 6 DIRTY $title @@ -410,16 +403,17 @@ themes/wind/views/page.html.php 44 DIRTY $thumb themes/wind/views/page.html.php 81 DIRTY $header_text themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 108 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 126 DIRTY $content -themes/wind/views/page.html.php 132 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 139 DIRTY $footer_text +themes/wind/views/page.html.php 108 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 129 DIRTY $content +themes/wind/views/page.html.php 135 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 142 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height -themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() -themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() -themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-item-id-{$item->id}","class"=>"g-resize")) +themes/wind/views/photo.html.php 7 DIRTY_JS $theme->item()->width +themes/wind/views/photo.html.php 7 DIRTY_JS $theme->item()->height +themes/wind/views/photo.html.php 17 DIRTY_JS url::site("items/dimensions/".$theme->item()->id) +themes/wind/views/photo.html.php 31 DIRTY $theme->paginator() +themes/wind/views/photo.html.php 36 DIRTY_JS $item->file_url() +themes/wind/views/photo.html.php 38 DIRTY $item->resize_img(array("id"=>"g-item-id-{$item->id}","class"=>"g-resize")) -- cgit v1.2.3 From 8fed0fb2e20d72f43f8730b557c044dbe844196f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 7 Sep 2010 22:42:01 -0700 Subject: Updated for b6fa33faf789749f4de3f4eadf8832748372c980 --- modules/gallery/tests/xss_data.txt | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 4405dad3..8d26092b 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -273,19 +273,19 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item- modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url -modules/organize/views/organize_dialog.html.php 86 DIRTY_JS $domain -modules/organize/views/organize_dialog.html.php 87 DIRTY_JS $access_key -modules/organize/views/organize_dialog.html.php 88 DIRTY_JS request::protocol() -modules/organize/views/organize_dialog.html.php 89 DIRTY_JS $file_filter -modules/organize/views/organize_dialog.html.php 90 DIRTY_JS $sort_order -modules/organize/views/organize_dialog.html.php 91 DIRTY_JS $sort_fields -modules/organize/views/organize_dialog.html.php 92 DIRTY_JS $album->id -modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $selected_id -modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $rest_uri -modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $controller_uri -modules/organize/views/organize_dialog.html.php 101 DIRTY_JS $flash_minimum_version="10.0.0" -modules/organize/views/organize_dialog.html.php 119 DIRTY_JS $swf_uri -modules/organize/views/organize_dialog.html.php 132 DIRTY_ATTR request::protocol() +modules/organize/views/organize_dialog.html.php 90 DIRTY_JS $domain +modules/organize/views/organize_dialog.html.php 91 DIRTY_JS $access_key +modules/organize/views/organize_dialog.html.php 92 DIRTY_JS request::protocol() +modules/organize/views/organize_dialog.html.php 93 DIRTY_JS $file_filter +modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $sort_order +modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $sort_fields +modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $album->id +modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $selected_id +modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $rest_uri +modules/organize/views/organize_dialog.html.php 99 DIRTY_JS $controller_uri +modules/organize/views/organize_dialog.html.php 105 DIRTY_JS $flash_minimum_version="10.0.0" +modules/organize/views/organize_dialog.html.php 123 DIRTY_JS $swf_uri +modules/organize/views/organize_dialog.html.php 136 DIRTY_ATTR request::protocol() modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key @@ -330,8 +330,8 @@ modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::s modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count -modules/tag/views/tag_block.html.php 25 DIRTY $cloud -modules/tag/views/tag_block.html.php 27 DIRTY $form +modules/tag/views/tag_block.html.php 26 DIRTY $cloud +modules/tag/views/tag_block.html.php 28 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() -- cgit v1.2.3 From 509b647c65d0b56760952ff886eed06625f4ac5f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 11 Sep 2010 01:48:26 -0700 Subject: upgrader/index does not require CSRF --- modules/gallery/tests/controller_auth_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 212577c7..03032fd9 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -15,7 +15,7 @@ modules/gallery/controllers/login.php html modules/gallery/controllers/login.php auth_html DIRTY_AUTH modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF -modules/gallery/controllers/upgrader.php index DIRTY_AUTH +modules/gallery/controllers/upgrader.php index DIRTY_CSRF|DIRTY_AUTH modules/gallery/controllers/uploader.php start DIRTY_AUTH modules/gallery/controllers/uploader.php status DIRTY_AUTH modules/gallery/controllers/uploader.php finish DIRTY_AUTH -- cgit v1.2.3 From 34a71e7cd34bc184abbf9060ec4b316ba1c66bc5 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 11 Sep 2010 01:48:44 -0700 Subject: Verified. --- modules/gallery/tests/xss_data.txt | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 8d26092b..6821c963 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -42,7 +42,7 @@ modules/digibug/views/digibug_form.html.php 4 DIRTY form:: modules/digibug/views/digibug_form.html.php 6 DIRTY form::hidden($key,$value) modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] -modules/g2_import/views/admin_g2_import.html.php 30 DIRTY $form +modules/g2_import/views/admin_g2_import.html.php 9 DIRTY $form modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) @@ -248,14 +248,15 @@ modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permi modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form -modules/gallery/views/upgrader.html.php 59 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 63 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 71 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" -modules/gallery/views/upgrader.html.php 72 DIRTY_ATTR $id -modules/gallery/views/upgrader.html.php 76 DIRTY $module->version -modules/gallery/views/upgrader.html.php 79 DIRTY $module->code_version -modules/gallery/views/upgrader.html.php 101 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 104 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 76 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 94 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" +modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR in_array($id,$failed)?"failed":"" +modules/gallery/views/upgrader.html.php 103 DIRTY_ATTR $id +modules/gallery/views/upgrader.html.php 107 DIRTY $module->version +modules/gallery/views/upgrader.html.php 110 DIRTY $module->code_version +modules/gallery/views/upgrader.html.php 120 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view @@ -338,15 +339,17 @@ modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag-> modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":"" modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) -modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) -modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id -modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"") -modules/user/views/admin_users.html.php 125 DIRTY $v +modules/user/views/admin_users.html.php 72 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->admin?"g-admin":"" +modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->id +modules/user/views/admin_users.html.php 74 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) +modules/user/views/admin_users.html.php 88 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) +modules/user/views/admin_users.html.php 91 DIRTY db::build()->from("items")->where("owner_id","=",$user->id)->count_records() +modules/user/views/admin_users.html.php 127 DIRTY_ATTR $group->id +modules/user/views/admin_users.html.php 127 DIRTY_ATTR ($group->special?"g-default-group":"") +modules/user/views/admin_users.html.php 129 DIRTY $v +modules/user/views/admin_users_delete_user.html.php 6 DIRTY $form modules/user/views/admin_users_group.html.php 24 DIRTY_JS $user->id modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group->id modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width -- cgit v1.2.3 From f84c4a6192ea0e47ca5b2006baa0bfd7e09a682c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 11 Sep 2010 23:37:12 -0700 Subject: Uniqify the name and slug when we move an item to a new location with a conflict. This fixes #1364. --- modules/gallery/models/item.php | 50 ++++++++++++++++----------- modules/gallery/tests/Item_Model_Test.php | 57 ++++++++++++++----------------- 2 files changed, 55 insertions(+), 52 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index cdba0241..3ceb5e37 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -357,26 +357,7 @@ class Item_Model extends ORM_MPTT { } } - // Randomize the name or slug if there's a conflict. Preserve the extension. - // @todo Improve this. Random numbers are not user friendly - $base_name = pathinfo($this->name, PATHINFO_FILENAME); - $base_ext = pathinfo($this->name, PATHINFO_EXTENSION); - $base_slug = $this->slug; - while (ORM::factory("item") - ->where("parent_id", "=", $this->parent_id) - ->and_open() - ->where("name", "=", $this->name) - ->or_where("slug", "=", $this->slug) - ->close() - ->find()->id) { - $rand = rand(); - if ($base_ext) { - $this->name = "$base_name-$rand.$base_ext"; - } else { - $this->name = "$base_name-$rand"; - } - $this->slug = "$base_slug-$rand"; - } + $this->_randomize_name_or_slug_on_conflict(); parent::save(); @@ -427,6 +408,8 @@ class Item_Model extends ORM_MPTT { $this->relative_url_cache = null; } + $this->_randomize_name_or_slug_on_conflict(); + parent::save(); // Now update the filesystem and any database caches if there were significant value @@ -504,6 +487,33 @@ class Item_Model extends ORM_MPTT { return $this; } + /** + * Check to see if there's another item that occupies the same name or slug that this item + * intends to use, and if so choose a new name/slug while preserving the extension. + * @todo Improve this. Random numbers are not user friendly + */ + private function _randomize_name_or_slug_on_conflict() { + $base_name = pathinfo($this->name, PATHINFO_FILENAME); + $base_ext = pathinfo($this->name, PATHINFO_EXTENSION); + $base_slug = $this->slug; + while (ORM::factory("item") + ->where("parent_id", "=", $this->parent_id) + ->where("id", "<>", $this->id) + ->and_open() + ->where("name", "=", $this->name) + ->or_where("slug", "=", $this->slug) + ->close() + ->find()->id) { + $rand = rand(); + if ($base_ext) { + $this->name = "$base_name-$rand.$base_ext"; + } else { + $this->name = "$base_name-$rand"; + } + $this->slug = "$base_slug-$rand"; + } + } + /** * Return the Item_Model representing the cover for this album. * @return Item_Model or null if there's no cover diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index bd123098..90c54e3c 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -136,20 +136,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } - public function item_rename_fails_with_existing_name_test() { + public function item_rename_over_existing_name_gets_uniqified_test() { // Create a test photo $item = test::random_photo(); $item2 = test::random_photo(); - try { - $item->name = $item2->name; - $item->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_true(in_array("conflict", $e->validation->errors())); - return; - } + $item->name = $item2->name; + $item->save(); - $this->assert_false(true, "rename should conflict"); + // foo.jpg should become foo-####.jpg + $this->assert_true( + preg_match("/" . str_replace(".jpg", "", $item2->name) . "-\d+\.jpg/", $item->name)); } public function move_album_test() { @@ -208,24 +205,21 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_equal("file", file_get_contents($photo->file_path())); } - public function move_album_fails_conflicting_target_test() { + public function move_album_with_conflicting_target_gets_uniqified_test() { $album = test::random_album(); $source = test::random_album_unsaved($album); $source->name = $album->name; $source->save(); // $source and $album have the same name, so if we move $source into the root they should - // conflict. + // conflict and get randomized - try { - $source->parent_id = item::root()->id; - $source->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal( - array("name" => "conflict", "slug" => "conflict"), $e->validation->errors()); - return; - } - $this->assert_true(false, "Shouldn't get here"); + $source->parent_id = item::root()->id; + $source->save(); + + // foo should become foo-#### + $this->assert_true(preg_match("/{$album->name}-\d+/", $source->name)); + $this->assert_true(preg_match("/{$album->slug}-\d+/", $source->slug)); } public function move_album_fails_wrong_target_type_test() { @@ -245,7 +239,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } - public function move_photo_fails_conflicting_target_test() { + public function move_photo_with_conflicting_target_gets_uniqified_test() { $photo1 = test::random_photo(); $album = test::random_album(); $photo2 = test::random_photo_unsaved($album); @@ -253,18 +247,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo2->save(); // $photo1 and $photo2 have the same name, so if we move $photo1 into the root they should - // conflict. + // conflict and get uniqified. - try { - $photo2->parent_id = item::root()->id; - $photo2->save(); - } catch (Exception $e) { - // pass - $this->assert_equal( - array("name" => "conflict", "slug" => "conflict"), $e->validation->errors()); - return; - } - $this->assert_true(false, "Shouldn't get here"); + $photo2->parent_id = item::root()->id; + $photo2->save(); + + // foo.jpg should become foo-####.jpg + $this->assert_true( + preg_match("/" . str_replace(".jpg", "", $photo1->name) . "-\d+\.jpg/", $photo2->name)); + + // foo should become foo + $this->assert_true(preg_match("/{$photo1->slug}/", $photo2->name)); } public function move_album_inside_descendent_fails_test() { -- cgit v1.2.3 From 1a0d76c43e3545771ae3e1c6ad6ba255beeae32d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 13 Sep 2010 22:23:09 -0700 Subject: When moving a single item, just copy its permissions from its parent album. This is totally legal since an items permissions must be the same as its parent's, and it's much faster for large installs where a complete recalculation can be very costly. Should fix #1360. --- modules/gallery/helpers/access.php | 30 ++++++++++++++++++++++++---- modules/gallery/helpers/gallery_event.php | 6 +++++- modules/gallery/helpers/gallery_task.php | 2 +- modules/gallery/tests/Access_Helper_Test.php | 4 ++++ 4 files changed, 36 insertions(+), 6 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 86ea9572..52a36298 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -263,21 +263,43 @@ class access_Core { } /** - * Recalculate the permissions for a given item and its hierarchy. $item must be an album. + * Recalculate the permissions for an album's hierarchy. */ - static function recalculate_permissions($item) { + static function recalculate_album_permissions($album) { foreach (self::_get_all_groups() as $group) { foreach (ORM::factory("permission")->find_all() as $perm) { if ($perm->name == "view") { - self::_update_access_view_cache($group, $item); + self::_update_access_view_cache($group, $album); } else { - self::_update_access_non_view_cache($group, $perm->name, $item); + self::_update_access_non_view_cache($group, $perm->name, $album); } } } model_cache::clear(); } + /** + * Recalculate the permissions for a single photo. + */ + static function recalculate_photo_permissions($photo) { + $parent = $photo->parent(); + $parent_access_cache = ORM::factory("access_cache")->where("item_id", "=", $parent->id)->find(); + $photo_access_cache = ORM::factory("access_cache")->where("item_id", "=", $photo->id)->find(); + foreach (self::_get_all_groups() as $group) { + foreach (ORM::factory("permission")->find_all() as $perm) { + $field = "{$perm->name}_{$group->id}"; + if ($perm->name == "view") { + $photo->$field = $parent->$field; + } else { + $photo_access_cache->$field = $parent_access_cache->$field; + } + } + } + $photo_access_cache->save(); + $photo->save(); + model_cache::clear(); + } + /** * Register a permission so that modules can use it. * diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 78a9f5a9..b59bb9b9 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,7 +157,11 @@ class gallery_event_Core { } static function item_moved($item, $old_parent) { - access::recalculate_permissions($item->parent()); + if ($item->is_album()) { + access::recalculate_album_permissions($item->parent()); + } else { + access::recalculate_photo_permissions($item); + } // If the new parent doesn't have an album cover, make this it. if (!$item->parent()->album_cover_item_id) { diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 985346ba..3b173928 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -571,7 +571,7 @@ class gallery_task_Core { // The new cache rows are there, but they're incorrectly populated so we have to fix // them. If this turns out to be too slow, we'll have to refactor // access::recalculate_permissions to allow us to do it in slices. - access::recalculate_permissions(item::root()); + access::recalculate_album_permissions(item::root()); $state = self::FIX_STATE_DONE; } break; diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index c092e3fd..32b3020f 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -359,11 +359,13 @@ class Access_Helper_Test extends Gallery_Unit_Test_Case { $public_album = test::random_album(); $public_photo = test::random_photo($public_album); access::allow(identity::everybody(), "view", $public_album); + access::allow(identity::everybody(), "edit", $public_album); item::root()->reload(); // Account for MPTT changes $private_album = test::random_album(); access::deny(identity::everybody(), "view", $private_album); + access::deny(identity::everybody(), "edit", $private_album); $private_photo = test::random_photo($private_album); // Make sure that we now have a public photo and private photo. @@ -385,6 +387,8 @@ class Access_Helper_Test extends Gallery_Unit_Test_Case { // Make sure that the public_photo is now private, and the private_photo is now public. $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo)); + $this->assert_false(access::group_can(identity::everybody(), "edit", $public_photo)); $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo)); + $this->assert_true(access::group_can(identity::everybody(), "edit", $private_photo)); } } -- cgit v1.2.3