From 3aa7a3fcdac3b05f3139f933d470fe9e08bfe922 Mon Sep 17 00:00:00 2001 From: Chad Kieffer Date: Tue, 17 Nov 2009 22:32:25 -0700 Subject: Address RTL issues reported in ticket #869. Placement of checkboxes and radio buttons and sidebar block management lists. --- modules/gallery/css/gallery.css | 10 ++++++++++ modules/gallery/views/admin_sidebar.html.php | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/css/gallery.css b/modules/gallery/css/gallery.css index 113f0e09..e06c4dd9 100644 --- a/modules/gallery/css/gallery.css +++ b/modules/gallery/css/gallery.css @@ -4,6 +4,7 @@ * Sheet organization: * 1) End-user * 2) Admin + * 3) Right to left language styles */ /** ******************************************************************* @@ -87,3 +88,12 @@ padding: .5em; margin-bottom: 1em; } + +/** ******************************************************************* + * 3) Right to left language styles + **********************************************************************/ + +.rtl #g-block-admin .g-left { + margin-left: 1em; + margin-right: 0; +} \ No newline at end of file diff --git a/modules/gallery/views/admin_sidebar.html.php b/modules/gallery/views/admin_sidebar.html.php index b394aa19..75499cb0 100644 --- a/modules/gallery/views/admin_sidebar.html.php +++ b/modules/gallery/views/admin_sidebar.html.php @@ -43,16 +43,16 @@
"> -
-

+
+

-
-

+
+

    -- cgit v1.2.3 From 3f600d46e44268ef95734249a12d706bdefd87be Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 18 Nov 2009 08:53:35 -0800 Subject: Update the xss golden file so tests pass. --- modules/gallery/tests/xss_data.txt | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 9146ddb2..3eaa6561 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -119,7 +119,7 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info- modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"),$hidden) -modules/gallery/views/in_place_edit.html.php 5 DIRTY form::input("input",$form["input"]," class='textbox'") +modules/gallery/views/in_place_edit.html.php 5 DIRTY form::input("input",$form["input"]," class=\"textbox\"") modules/gallery/views/in_place_edit.html.php 12 DIRTY form::close() modules/gallery/views/in_place_edit.html.php 14 DIRTY $errors["input"] modules/gallery/views/kohana_error_page.php 102 DIRTY $message @@ -203,10 +203,10 @@ modules/gallery/views/permissions_form.html.php 75 DIRTY_JS $item- modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $group->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permission->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id -modules/gallery/views/simple_uploader.html.php 7 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/simple_uploader.html.php 8 DIRTY_JS url::site("simple_uploader/add_photo/{$item->id}") -modules/gallery/views/simple_uploader.html.php 15 DIRTY_JS url::file("lib/uploadify/cancel.png") -modules/gallery/views/simple_uploader.html.php 43 DIRTY_JS t("Completed") +modules/gallery/views/simple_uploader.html.php 20 DIRTY_JS url::file("lib/uploadify/uploadify.swf") +modules/gallery/views/simple_uploader.html.php 21 DIRTY_JS url::site("simple_uploader/add_photo/{$item->id}") +modules/gallery/views/simple_uploader.html.php 28 DIRTY_JS url::file("lib/uploadify/cancel.png") +modules/gallery/views/simple_uploader.html.php 56 DIRTY_JS t("Completed") modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 69 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" @@ -232,15 +232,16 @@ modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::s modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") -modules/organize/views/organize_dialog.html.php 20 DIRTY $album_tree -modules/organize/views/organize_dialog.html.php 27 DIRTY $micro_thumb_grid -modules/organize/views/organize_dialog.html.php 35 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) -modules/organize/views/organize_dialog.html.php 36 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) +modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree +modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid +modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) +modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) -modules/organize/views/organize_thumb_grid.html.php 14 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) +modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" +modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" @@ -248,7 +249,7 @@ modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $alb modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id -modules/organize/views/organize_tree.html.php 19 DIRTY_ATTR $child->id +modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key @@ -346,8 +347,9 @@ themes/wind/views/album.html.php 16 DIRTY_ATTR $chi themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class themes/wind/views/album.html.php 18 DIRTY_JS $child->url() themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) -themes/wind/views/album.html.php 23 DIRTY_JS $child->url() -themes/wind/views/album.html.php 41 DIRTY $theme->paginator() +themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 24 DIRTY_JS $child->url() +themes/wind/views/album.html.php 42 DIRTY $theme->paginator() themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id themes/wind/views/block.html.php 6 DIRTY $title @@ -373,10 +375,10 @@ themes/wind/views/page.html.php 104 DIRTY_JS $paren themes/wind/views/page.html.php 120 DIRTY $content themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html") themes/wind/views/page.html.php 133 DIRTY $footer_text -themes/wind/views/paginator.html.php 32 DIRTY_JS $first_page_url -themes/wind/views/paginator.html.php 41 DIRTY_JS $previous_page_url -themes/wind/views/paginator.html.php 69 DIRTY_JS $next_page_url -themes/wind/views/paginator.html.php 78 DIRTY_JS $last_page_url +themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url +themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url +themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url +themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() -- cgit v1.2.3 From 4fe5801c885088e5e6c11b8a20a561415941b864 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 18 Nov 2009 10:34:39 -0800 Subject: Simplify the maintenance of the xss golden file by having each module contibute its own golden file to a consolidated one. This will make it easier for -contrib modules or themes to be included in the xss security test w/o having to keep modifying a central golden file. --- modules/akismet/tests/xss_data.txt | 3 + modules/comment/tests/xss_data.txt | 33 +++++ modules/digibug/tests/xss_data.txt | 3 + modules/exif/tests/xss_data.txt | 2 + modules/g2_import/tests/xss_data.txt | 1 + modules/gallery/tests/Xss_Security_Test.php | 14 +- modules/gallery/tests/xss_data.txt | 210 ---------------------------- modules/image_block/tests/xss_data.txt | 2 + modules/info/tests/xss_data.txt | 2 + modules/notification/tests/xss_data.txt | 8 ++ modules/organize/tests/xss_data.txt | 22 +++ modules/recaptcha/tests/xss_data.txt | 3 + modules/rss/tests/xss_data.txt | 32 +++++ modules/search/tests/xss_data.txt | 4 + modules/server_add/tests/xss_data.txt | 7 + modules/tag/tests/xss_data.txt | 7 + modules/user/tests/xss_data.txt | 15 ++ modules/watermark/tests/xss_data.txt | 3 + themes/admin_wind/tests/xss_data.txt | 22 +++ themes/wind/tests/xss_data.txt | 41 ++++++ 20 files changed, 223 insertions(+), 211 deletions(-) create mode 100644 modules/akismet/tests/xss_data.txt create mode 100644 modules/comment/tests/xss_data.txt create mode 100644 modules/digibug/tests/xss_data.txt create mode 100644 modules/exif/tests/xss_data.txt create mode 100644 modules/g2_import/tests/xss_data.txt create mode 100644 modules/image_block/tests/xss_data.txt create mode 100644 modules/info/tests/xss_data.txt create mode 100644 modules/notification/tests/xss_data.txt create mode 100644 modules/organize/tests/xss_data.txt create mode 100644 modules/recaptcha/tests/xss_data.txt create mode 100644 modules/rss/tests/xss_data.txt create mode 100644 modules/search/tests/xss_data.txt create mode 100644 modules/server_add/tests/xss_data.txt create mode 100644 modules/tag/tests/xss_data.txt create mode 100644 modules/user/tests/xss_data.txt create mode 100644 modules/watermark/tests/xss_data.txt create mode 100644 themes/admin_wind/tests/xss_data.txt create mode 100644 themes/wind/tests/xss_data.txt (limited to 'modules') diff --git a/modules/akismet/tests/xss_data.txt b/modules/akismet/tests/xss_data.txt new file mode 100644 index 00000000..97f239a2 --- /dev/null +++ b/modules/akismet/tests/xss_data.txt @@ -0,0 +1,3 @@ +modules/akismet/views/admin_akismet.html.php 16 DIRTY $form +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR $api_key +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urlencode($blog_url) diff --git a/modules/comment/tests/xss_data.txt b/modules/comment/tests/xss_data.txt new file mode 100644 index 00000000..0a7fb818 --- /dev/null +++ b/modules/comment/tests/xss_data.txt @@ -0,0 +1,33 @@ +modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") +modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) +modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) +modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() +modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id +modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() +modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() +modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) +modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) +modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 197 DIRTY $pager +modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; +modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri +modules/comment/views/comment.mrss.php 13 DIRTY_JS $feed->uri +modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed->previous_page_uri +modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri +modules/comment/views/comment.mrss.php 21 DIRTY $pub_date +modules/comment/views/comment.mrss.php 22 DIRTY $pub_date +modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri +modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date +modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width +modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) diff --git a/modules/digibug/tests/xss_data.txt b/modules/digibug/tests/xss_data.txt new file mode 100644 index 00000000..c65afb66 --- /dev/null +++ b/modules/digibug/tests/xss_data.txt @@ -0,0 +1,3 @@ +modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") +modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms) +modules/digibug/views/digibug_form.html.php 6 DIRTY form::close() diff --git a/modules/exif/tests/xss_data.txt b/modules/exif/tests/xss_data.txt new file mode 100644 index 00000000..7ed830ad --- /dev/null +++ b/modules/exif/tests/xss_data.txt @@ -0,0 +1,2 @@ +modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] +modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] diff --git a/modules/g2_import/tests/xss_data.txt b/modules/g2_import/tests/xss_data.txt new file mode 100644 index 00000000..e3914a0d --- /dev/null +++ b/modules/g2_import/tests/xss_data.txt @@ -0,0 +1 @@ +modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $form diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index b296d97c..801db8dd 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -302,8 +302,20 @@ class Xss_Security_Test extends Unit_Test_Case { */ $new = TMPPATH . "xss_data.txt"; $fd = fopen($new, "wb"); + $canonical = TMPPATH . "xss_data_golden.txt"; + $fd_canonical = fopen($canonical, "wb"); + $current_type = $current_plugin = ""; ksort($found); foreach ($found as $view => $frames) { + list ($type, $plugin) = explode("/", $view); + if ($type != $current_type || $plugin != $current_plugin) { + $golden_file = ($type == "modules" ? MODPATH : THEMEPATH) . "{$plugin}/tests/xss_data.txt"; + if (file_exists($golden_file)) { + fwrite($fd_canonical, file_get_contents($golden_file)); + } + $current_type = $type; + $current_plugin = $plugin; + } foreach ($frames as $frame) { $state = "DIRTY"; if ($frame->in_script_block() && $frame->in_href_attribute()) { @@ -344,9 +356,9 @@ class Xss_Security_Test extends Unit_Test_Case { } } fclose($fd); + fclose($fd_canonical); // Compare with the expected report from our golden file. - $canonical = MODPATH . "gallery/tests/xss_data.txt"; exec("diff $canonical $new", $output, $return_value); $this->assert_false( $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 3eaa6561..8814284b 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -1,45 +1,3 @@ -modules/akismet/views/admin_akismet.html.php 16 DIRTY $form -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR $api_key -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urlencode($blog_url) -modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") -modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) -modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) -modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() -modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() -modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) -modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) -modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 197 DIRTY $pager -modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; -modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri -modules/comment/views/comment.mrss.php 13 DIRTY_JS $feed->uri -modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed->previous_page_uri -modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri -modules/comment/views/comment.mrss.php 21 DIRTY $pub_date -modules/comment/views/comment.mrss.php 22 DIRTY $pub_date -modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri -modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date -modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") -modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms) -modules/digibug/views/digibug_form.html.php 6 DIRTY form::close() -modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] -modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] -modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $form modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) @@ -216,171 +174,3 @@ modules/gallery/views/upgrader.html.php 77 DIRTY $modul modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) -modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() -modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) -modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) -modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url -modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() -modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() -modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() -modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url() -modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url() -modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url() -modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url() -modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() -modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") -modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree -modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid -modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) -modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) -modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id -modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id -modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" -modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) -modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" -modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) -modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" -modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id -modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" -modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $album->id -modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); -modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" -modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id -modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id -modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form -modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key -modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri -modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri -modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri -modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri -modules/rss/views/feed.mrss.php 21 DIRTY $pub_date -modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); -modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 54 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 55 DIRTY_ATTR @filesize($child->resize_path()) -modules/rss/views/feed.mrss.php 56 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 58 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 62 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 63 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 64 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 66 DIRTY_ATTR $child->width -modules/rss/views/feed.mrss.php 70 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 71 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 72 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $child->width -modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type -modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) -modules/search/views/search.html.php 30 DIRTY_ATTR $item_class -modules/search/views/search.html.php 31 DIRTY_JS $item->url() -modules/search/views/search.html.php 32 DIRTY $item->thumb_img() -modules/search/views/search.html.php 43 DIRTY $theme->paginator() -modules/server_add/views/admin_server_add.html.php 5 DIRTY $form -modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id -modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" -modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file" -modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__") -modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf") -modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree -modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id -modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count -modules/tag/views/tag_block.html.php 27 DIRTY $cloud -modules/tag/views/tag_block.html.php 29 DIRTY $form -modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) -modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count -modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() -modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") -modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") -modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":"" -modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) -modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) -modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id -modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"") -modules/user/views/admin_users.html.php 125 DIRTY $v -modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id -modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id -modules/user/views/user_form.html.php 7 DIRTY $form -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 73 DIRTY $content -themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom() -themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor -themes/admin_wind/views/block.html.php 5 DIRTY $id -themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id -themes/admin_wind/views/block.html.php 13 DIRTY $title -themes/admin_wind/views/block.html.php 16 DIRTY $content -themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) -themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) -themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg -themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url) -themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url) -themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id -themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 18 DIRTY_JS $child->url() -themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) -themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 24 DIRTY_JS $child->url() -themes/wind/views/album.html.php 42 DIRTY $theme->paginator() -themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor -themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id -themes/wind/views/block.html.php 6 DIRTY $title -themes/wind/views/block.html.php 8 DIRTY $content -themes/wind/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"g-album":"" -themes/wind/views/dynamic.html.php 13 DIRTY_JS $child->url() -themes/wind/views/dynamic.html.php 14 DIRTY_ATTR $child->id -themes/wind/views/dynamic.html.php 15 DIRTY_ATTR $child->thumb_url() -themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $child->thumb_width -themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height -themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) -themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 42 DIRTY $new_width -themes/wind/views/page.html.php 43 DIRTY $new_height -themes/wind/views/page.html.php 44 DIRTY $thumb_proportion -themes/wind/views/page.html.php 81 DIRTY $header_text -themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 104 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 120 DIRTY $content -themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 133 DIRTY $footer_text -themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url -themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url -themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height -themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() -themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() -themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) diff --git a/modules/image_block/tests/xss_data.txt b/modules/image_block/tests/xss_data.txt new file mode 100644 index 00000000..1e7ce6ce --- /dev/null +++ b/modules/image_block/tests/xss_data.txt @@ -0,0 +1,2 @@ +modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() +modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) diff --git a/modules/info/tests/xss_data.txt b/modules/info/tests/xss_data.txt new file mode 100644 index 00000000..c4dd00cc --- /dev/null +++ b/modules/info/tests/xss_data.txt @@ -0,0 +1,2 @@ +modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) +modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url diff --git a/modules/notification/tests/xss_data.txt b/modules/notification/tests/xss_data.txt new file mode 100644 index 00000000..1a80a6e8 --- /dev/null +++ b/modules/notification/tests/xss_data.txt @@ -0,0 +1,8 @@ +modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() +modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() +modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() +modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url() +modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url() +modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() diff --git a/modules/organize/tests/xss_data.txt b/modules/organize/tests/xss_data.txt new file mode 100644 index 00000000..ced5602b --- /dev/null +++ b/modules/organize/tests/xss_data.txt @@ -0,0 +1,22 @@ +modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") +modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree +modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid +modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) +modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) +modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id +modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id +modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" +modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) +modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" +modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) +modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" +modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id +modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" +modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $album->id +modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); +modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" +modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id +modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id diff --git a/modules/recaptcha/tests/xss_data.txt b/modules/recaptcha/tests/xss_data.txt new file mode 100644 index 00000000..2729d196 --- /dev/null +++ b/modules/recaptcha/tests/xss_data.txt @@ -0,0 +1,3 @@ +modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form +modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key +modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key diff --git a/modules/rss/tests/xss_data.txt b/modules/rss/tests/xss_data.txt new file mode 100644 index 00000000..468e403b --- /dev/null +++ b/modules/rss/tests/xss_data.txt @@ -0,0 +1,32 @@ +modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri +modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri +modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri +modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri +modules/rss/views/feed.mrss.php 21 DIRTY $pub_date +modules/rss/views/feed.mrss.php 22 DIRTY $pub_date +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); +modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width +modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width +modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) +modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width +modules/rss/views/feed.mrss.php 54 DIRTY_ATTR $child->resize_url(true) +modules/rss/views/feed.mrss.php 55 DIRTY_ATTR @filesize($child->resize_path()) +modules/rss/views/feed.mrss.php 56 DIRTY_ATTR $child->mime_type +modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_height +modules/rss/views/feed.mrss.php 58 DIRTY_ATTR $child->resize_width +modules/rss/views/feed.mrss.php 62 DIRTY_ATTR $child->file_url(true) +modules/rss/views/feed.mrss.php 63 DIRTY_ATTR @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 64 DIRTY_ATTR $child->mime_type +modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->height +modules/rss/views/feed.mrss.php 66 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 70 DIRTY_ATTR $child->file_url(true) +modules/rss/views/feed.mrss.php 71 DIRTY_ATTR @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 72 DIRTY_ATTR $child->height +modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type +modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) diff --git a/modules/search/tests/xss_data.txt b/modules/search/tests/xss_data.txt new file mode 100644 index 00000000..f0665988 --- /dev/null +++ b/modules/search/tests/xss_data.txt @@ -0,0 +1,4 @@ +modules/search/views/search.html.php 30 DIRTY_ATTR $item_class +modules/search/views/search.html.php 31 DIRTY_JS $item->url() +modules/search/views/search.html.php 32 DIRTY $item->thumb_img() +modules/search/views/search.html.php 43 DIRTY $theme->paginator() diff --git a/modules/server_add/tests/xss_data.txt b/modules/server_add/tests/xss_data.txt new file mode 100644 index 00000000..0e52c313 --- /dev/null +++ b/modules/server_add/tests/xss_data.txt @@ -0,0 +1,7 @@ +modules/server_add/views/admin_server_add.html.php 5 DIRTY $form +modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id +modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" +modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file" +modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__") +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf") +modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree diff --git a/modules/tag/tests/xss_data.txt b/modules/tag/tests/xss_data.txt new file mode 100644 index 00000000..7306a10c --- /dev/null +++ b/modules/tag/tests/xss_data.txt @@ -0,0 +1,7 @@ +modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id +modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count +modules/tag/views/tag_block.html.php 27 DIRTY $cloud +modules/tag/views/tag_block.html.php 29 DIRTY $form +modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) +modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count +modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() diff --git a/modules/user/tests/xss_data.txt b/modules/user/tests/xss_data.txt new file mode 100644 index 00000000..38e52c0d --- /dev/null +++ b/modules/user/tests/xss_data.txt @@ -0,0 +1,15 @@ +modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") +modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") +modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") +modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id +modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":"" +modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id +modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) +modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) +modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id +modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"") +modules/user/views/admin_users.html.php 125 DIRTY $v +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id +modules/user/views/user_form.html.php 7 DIRTY $form diff --git a/modules/watermark/tests/xss_data.txt b/modules/watermark/tests/xss_data.txt new file mode 100644 index 00000000..b131ea1a --- /dev/null +++ b/modules/watermark/tests/xss_data.txt @@ -0,0 +1,3 @@ +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url diff --git a/themes/admin_wind/tests/xss_data.txt b/themes/admin_wind/tests/xss_data.txt new file mode 100644 index 00000000..cf60bd12 --- /dev/null +++ b/themes/admin_wind/tests/xss_data.txt @@ -0,0 +1,22 @@ +themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 73 DIRTY $content +themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor +themes/admin_wind/views/block.html.php 5 DIRTY $id +themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id +themes/admin_wind/views/block.html.php 13 DIRTY $title +themes/admin_wind/views/block.html.php 16 DIRTY $content +themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) +themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) +themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg +themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url) +themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url) diff --git a/themes/wind/tests/xss_data.txt b/themes/wind/tests/xss_data.txt new file mode 100644 index 00000000..a57df6e8 --- /dev/null +++ b/themes/wind/tests/xss_data.txt @@ -0,0 +1,41 @@ +themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id +themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 18 DIRTY_JS $child->url() +themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) +themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 24 DIRTY_JS $child->url() +themes/wind/views/album.html.php 42 DIRTY $theme->paginator() +themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor +themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id +themes/wind/views/block.html.php 6 DIRTY $title +themes/wind/views/block.html.php 8 DIRTY $content +themes/wind/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"g-album":"" +themes/wind/views/dynamic.html.php 13 DIRTY_JS $child->url() +themes/wind/views/dynamic.html.php 14 DIRTY_ATTR $child->id +themes/wind/views/dynamic.html.php 15 DIRTY_ATTR $child->thumb_url() +themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $child->thumb_width +themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height +themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() +themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() +themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) +themes/wind/views/page.html.php 9 DIRTY $page_title +themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 42 DIRTY $new_width +themes/wind/views/page.html.php 43 DIRTY $new_height +themes/wind/views/page.html.php 44 DIRTY $thumb_proportion +themes/wind/views/page.html.php 81 DIRTY $header_text +themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 104 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 120 DIRTY $content +themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 133 DIRTY $footer_text +themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url +themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url +themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url +themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url +themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width +themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height +themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() +themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() +themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) -- cgit v1.2.3 From fc41d091349d80100e436f5df673a2e803fa7f40 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 18 Nov 2009 10:54:01 -0800 Subject: Revert "Simplify the maintenance of the xss golden file by having each module contibute its own golden file to a consolidated one. This will make it easier for -contrib modules or themes to be included in the xss security test w/o having to keep modifying a central golden file." This reverts commit 4fe5801c885088e5e6c11b8a20a561415941b864. --- modules/akismet/tests/xss_data.txt | 3 - modules/comment/tests/xss_data.txt | 33 ----- modules/digibug/tests/xss_data.txt | 3 - modules/exif/tests/xss_data.txt | 2 - modules/g2_import/tests/xss_data.txt | 1 - modules/gallery/tests/Xss_Security_Test.php | 14 +- modules/gallery/tests/xss_data.txt | 210 ++++++++++++++++++++++++++++ modules/image_block/tests/xss_data.txt | 2 - modules/info/tests/xss_data.txt | 2 - modules/notification/tests/xss_data.txt | 8 -- modules/organize/tests/xss_data.txt | 22 --- modules/recaptcha/tests/xss_data.txt | 3 - modules/rss/tests/xss_data.txt | 32 ----- modules/search/tests/xss_data.txt | 4 - modules/server_add/tests/xss_data.txt | 7 - modules/tag/tests/xss_data.txt | 7 - modules/user/tests/xss_data.txt | 15 -- modules/watermark/tests/xss_data.txt | 3 - themes/admin_wind/tests/xss_data.txt | 22 --- themes/wind/tests/xss_data.txt | 41 ------ 20 files changed, 211 insertions(+), 223 deletions(-) delete mode 100644 modules/akismet/tests/xss_data.txt delete mode 100644 modules/comment/tests/xss_data.txt delete mode 100644 modules/digibug/tests/xss_data.txt delete mode 100644 modules/exif/tests/xss_data.txt delete mode 100644 modules/g2_import/tests/xss_data.txt delete mode 100644 modules/image_block/tests/xss_data.txt delete mode 100644 modules/info/tests/xss_data.txt delete mode 100644 modules/notification/tests/xss_data.txt delete mode 100644 modules/organize/tests/xss_data.txt delete mode 100644 modules/recaptcha/tests/xss_data.txt delete mode 100644 modules/rss/tests/xss_data.txt delete mode 100644 modules/search/tests/xss_data.txt delete mode 100644 modules/server_add/tests/xss_data.txt delete mode 100644 modules/tag/tests/xss_data.txt delete mode 100644 modules/user/tests/xss_data.txt delete mode 100644 modules/watermark/tests/xss_data.txt delete mode 100644 themes/admin_wind/tests/xss_data.txt delete mode 100644 themes/wind/tests/xss_data.txt (limited to 'modules') diff --git a/modules/akismet/tests/xss_data.txt b/modules/akismet/tests/xss_data.txt deleted file mode 100644 index 97f239a2..00000000 --- a/modules/akismet/tests/xss_data.txt +++ /dev/null @@ -1,3 +0,0 @@ -modules/akismet/views/admin_akismet.html.php 16 DIRTY $form -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR $api_key -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urlencode($blog_url) diff --git a/modules/comment/tests/xss_data.txt b/modules/comment/tests/xss_data.txt deleted file mode 100644 index 0a7fb818..00000000 --- a/modules/comment/tests/xss_data.txt +++ /dev/null @@ -1,33 +0,0 @@ -modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") -modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) -modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) -modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() -modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() -modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) -modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) -modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 197 DIRTY $pager -modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; -modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri -modules/comment/views/comment.mrss.php 13 DIRTY_JS $feed->uri -modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed->previous_page_uri -modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri -modules/comment/views/comment.mrss.php 21 DIRTY $pub_date -modules/comment/views/comment.mrss.php 22 DIRTY $pub_date -modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri -modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date -modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) diff --git a/modules/digibug/tests/xss_data.txt b/modules/digibug/tests/xss_data.txt deleted file mode 100644 index c65afb66..00000000 --- a/modules/digibug/tests/xss_data.txt +++ /dev/null @@ -1,3 +0,0 @@ -modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") -modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms) -modules/digibug/views/digibug_form.html.php 6 DIRTY form::close() diff --git a/modules/exif/tests/xss_data.txt b/modules/exif/tests/xss_data.txt deleted file mode 100644 index 7ed830ad..00000000 --- a/modules/exif/tests/xss_data.txt +++ /dev/null @@ -1,2 +0,0 @@ -modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] -modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] diff --git a/modules/g2_import/tests/xss_data.txt b/modules/g2_import/tests/xss_data.txt deleted file mode 100644 index e3914a0d..00000000 --- a/modules/g2_import/tests/xss_data.txt +++ /dev/null @@ -1 +0,0 @@ -modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $form diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 801db8dd..b296d97c 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -302,20 +302,8 @@ class Xss_Security_Test extends Unit_Test_Case { */ $new = TMPPATH . "xss_data.txt"; $fd = fopen($new, "wb"); - $canonical = TMPPATH . "xss_data_golden.txt"; - $fd_canonical = fopen($canonical, "wb"); - $current_type = $current_plugin = ""; ksort($found); foreach ($found as $view => $frames) { - list ($type, $plugin) = explode("/", $view); - if ($type != $current_type || $plugin != $current_plugin) { - $golden_file = ($type == "modules" ? MODPATH : THEMEPATH) . "{$plugin}/tests/xss_data.txt"; - if (file_exists($golden_file)) { - fwrite($fd_canonical, file_get_contents($golden_file)); - } - $current_type = $type; - $current_plugin = $plugin; - } foreach ($frames as $frame) { $state = "DIRTY"; if ($frame->in_script_block() && $frame->in_href_attribute()) { @@ -356,9 +344,9 @@ class Xss_Security_Test extends Unit_Test_Case { } } fclose($fd); - fclose($fd_canonical); // Compare with the expected report from our golden file. + $canonical = MODPATH . "gallery/tests/xss_data.txt"; exec("diff $canonical $new", $output, $return_value); $this->assert_false( $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 8814284b..3eaa6561 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -1,3 +1,45 @@ +modules/akismet/views/admin_akismet.html.php 16 DIRTY $form +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR $api_key +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urlencode($blog_url) +modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") +modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) +modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) +modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() +modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id +modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() +modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() +modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) +modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) +modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 197 DIRTY $pager +modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; +modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri +modules/comment/views/comment.mrss.php 13 DIRTY_JS $feed->uri +modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed->previous_page_uri +modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri +modules/comment/views/comment.mrss.php 21 DIRTY $pub_date +modules/comment/views/comment.mrss.php 22 DIRTY $pub_date +modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri +modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date +modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width +modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") +modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms) +modules/digibug/views/digibug_form.html.php 6 DIRTY form::close() +modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] +modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] +modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $form modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) @@ -174,3 +216,171 @@ modules/gallery/views/upgrader.html.php 77 DIRTY $modul modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) +modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() +modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) +modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) +modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url +modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() +modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() +modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() +modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url() +modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url() +modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() +modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") +modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree +modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid +modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) +modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) +modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id +modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id +modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" +modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) +modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" +modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) +modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" +modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id +modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" +modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $album->id +modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); +modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" +modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id +modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id +modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form +modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key +modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key +modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri +modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri +modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri +modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri +modules/rss/views/feed.mrss.php 21 DIRTY $pub_date +modules/rss/views/feed.mrss.php 22 DIRTY $pub_date +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); +modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width +modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width +modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) +modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width +modules/rss/views/feed.mrss.php 54 DIRTY_ATTR $child->resize_url(true) +modules/rss/views/feed.mrss.php 55 DIRTY_ATTR @filesize($child->resize_path()) +modules/rss/views/feed.mrss.php 56 DIRTY_ATTR $child->mime_type +modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_height +modules/rss/views/feed.mrss.php 58 DIRTY_ATTR $child->resize_width +modules/rss/views/feed.mrss.php 62 DIRTY_ATTR $child->file_url(true) +modules/rss/views/feed.mrss.php 63 DIRTY_ATTR @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 64 DIRTY_ATTR $child->mime_type +modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->height +modules/rss/views/feed.mrss.php 66 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 70 DIRTY_ATTR $child->file_url(true) +modules/rss/views/feed.mrss.php 71 DIRTY_ATTR @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 72 DIRTY_ATTR $child->height +modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type +modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) +modules/search/views/search.html.php 30 DIRTY_ATTR $item_class +modules/search/views/search.html.php 31 DIRTY_JS $item->url() +modules/search/views/search.html.php 32 DIRTY $item->thumb_img() +modules/search/views/search.html.php 43 DIRTY $theme->paginator() +modules/server_add/views/admin_server_add.html.php 5 DIRTY $form +modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id +modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" +modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file" +modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__") +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf") +modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree +modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id +modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count +modules/tag/views/tag_block.html.php 27 DIRTY $cloud +modules/tag/views/tag_block.html.php 29 DIRTY $form +modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) +modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count +modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() +modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") +modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") +modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") +modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id +modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":"" +modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id +modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) +modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) +modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id +modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"") +modules/user/views/admin_users.html.php 125 DIRTY $v +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id +modules/user/views/user_form.html.php 7 DIRTY $form +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height +modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url +themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 73 DIRTY $content +themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor +themes/admin_wind/views/block.html.php 5 DIRTY $id +themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id +themes/admin_wind/views/block.html.php 13 DIRTY $title +themes/admin_wind/views/block.html.php 16 DIRTY $content +themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) +themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) +themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg +themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url) +themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url) +themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id +themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 18 DIRTY_JS $child->url() +themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) +themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 24 DIRTY_JS $child->url() +themes/wind/views/album.html.php 42 DIRTY $theme->paginator() +themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor +themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id +themes/wind/views/block.html.php 6 DIRTY $title +themes/wind/views/block.html.php 8 DIRTY $content +themes/wind/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"g-album":"" +themes/wind/views/dynamic.html.php 13 DIRTY_JS $child->url() +themes/wind/views/dynamic.html.php 14 DIRTY_ATTR $child->id +themes/wind/views/dynamic.html.php 15 DIRTY_ATTR $child->thumb_url() +themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $child->thumb_width +themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height +themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() +themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() +themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) +themes/wind/views/page.html.php 9 DIRTY $page_title +themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 42 DIRTY $new_width +themes/wind/views/page.html.php 43 DIRTY $new_height +themes/wind/views/page.html.php 44 DIRTY $thumb_proportion +themes/wind/views/page.html.php 81 DIRTY $header_text +themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 104 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 120 DIRTY $content +themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 133 DIRTY $footer_text +themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url +themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url +themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url +themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url +themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width +themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height +themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() +themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() +themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) diff --git a/modules/image_block/tests/xss_data.txt b/modules/image_block/tests/xss_data.txt deleted file mode 100644 index 1e7ce6ce..00000000 --- a/modules/image_block/tests/xss_data.txt +++ /dev/null @@ -1,2 +0,0 @@ -modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() -modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) diff --git a/modules/info/tests/xss_data.txt b/modules/info/tests/xss_data.txt deleted file mode 100644 index c4dd00cc..00000000 --- a/modules/info/tests/xss_data.txt +++ /dev/null @@ -1,2 +0,0 @@ -modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) -modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url diff --git a/modules/notification/tests/xss_data.txt b/modules/notification/tests/xss_data.txt deleted file mode 100644 index 1a80a6e8..00000000 --- a/modules/notification/tests/xss_data.txt +++ /dev/null @@ -1,8 +0,0 @@ -modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() -modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() -modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() -modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url() -modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url() -modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url() -modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url() -modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() diff --git a/modules/organize/tests/xss_data.txt b/modules/organize/tests/xss_data.txt deleted file mode 100644 index ced5602b..00000000 --- a/modules/organize/tests/xss_data.txt +++ /dev/null @@ -1,22 +0,0 @@ -modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") -modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") -modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree -modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid -modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) -modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) -modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id -modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id -modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" -modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) -modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" -modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) -modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" -modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id -modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" -modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $album->id -modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); -modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" -modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id -modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id diff --git a/modules/recaptcha/tests/xss_data.txt b/modules/recaptcha/tests/xss_data.txt deleted file mode 100644 index 2729d196..00000000 --- a/modules/recaptcha/tests/xss_data.txt +++ /dev/null @@ -1,3 +0,0 @@ -modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form -modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key diff --git a/modules/rss/tests/xss_data.txt b/modules/rss/tests/xss_data.txt deleted file mode 100644 index 468e403b..00000000 --- a/modules/rss/tests/xss_data.txt +++ /dev/null @@ -1,32 +0,0 @@ -modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri -modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri -modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri -modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri -modules/rss/views/feed.mrss.php 21 DIRTY $pub_date -modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); -modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 54 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 55 DIRTY_ATTR @filesize($child->resize_path()) -modules/rss/views/feed.mrss.php 56 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 58 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 62 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 63 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 64 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 66 DIRTY_ATTR $child->width -modules/rss/views/feed.mrss.php 70 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 71 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 72 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $child->width -modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type -modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) diff --git a/modules/search/tests/xss_data.txt b/modules/search/tests/xss_data.txt deleted file mode 100644 index f0665988..00000000 --- a/modules/search/tests/xss_data.txt +++ /dev/null @@ -1,4 +0,0 @@ -modules/search/views/search.html.php 30 DIRTY_ATTR $item_class -modules/search/views/search.html.php 31 DIRTY_JS $item->url() -modules/search/views/search.html.php 32 DIRTY $item->thumb_img() -modules/search/views/search.html.php 43 DIRTY $theme->paginator() diff --git a/modules/server_add/tests/xss_data.txt b/modules/server_add/tests/xss_data.txt deleted file mode 100644 index 0e52c313..00000000 --- a/modules/server_add/tests/xss_data.txt +++ /dev/null @@ -1,7 +0,0 @@ -modules/server_add/views/admin_server_add.html.php 5 DIRTY $form -modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id -modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" -modules/server_add/views/server_add_tree.html.php 21 DIRTY_ATTR is_dir($file)?"g-directory":"g-file" -modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__") -modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf") -modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree diff --git a/modules/tag/tests/xss_data.txt b/modules/tag/tests/xss_data.txt deleted file mode 100644 index 7306a10c..00000000 --- a/modules/tag/tests/xss_data.txt +++ /dev/null @@ -1,7 +0,0 @@ -modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id -modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count -modules/tag/views/tag_block.html.php 27 DIRTY $cloud -modules/tag/views/tag_block.html.php 29 DIRTY $form -modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) -modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count -modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url() diff --git a/modules/user/tests/xss_data.txt b/modules/user/tests/xss_data.txt deleted file mode 100644 index 38e52c0d..00000000 --- a/modules/user/tests/xss_data.txt +++ /dev/null @@ -1,15 +0,0 @@ -modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") -modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") -modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 71 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/user/views/admin_users.html.php 71 DIRTY_ATTR $user->admin?"g-admin":"" -modules/user/views/admin_users.html.php 72 DIRTY_ATTR $user->id -modules/user/views/admin_users.html.php 73 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true)) -modules/user/views/admin_users.html.php 87 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) -modules/user/views/admin_users.html.php 123 DIRTY_ATTR $group->id -modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($group->special?"g-default-group":"") -modules/user/views/admin_users.html.php 125 DIRTY $v -modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id -modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id -modules/user/views/user_form.html.php 7 DIRTY $form diff --git a/modules/watermark/tests/xss_data.txt b/modules/watermark/tests/xss_data.txt deleted file mode 100644 index b131ea1a..00000000 --- a/modules/watermark/tests/xss_data.txt +++ /dev/null @@ -1,3 +0,0 @@ -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height -modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url diff --git a/themes/admin_wind/tests/xss_data.txt b/themes/admin_wind/tests/xss_data.txt deleted file mode 100644 index cf60bd12..00000000 --- a/themes/admin_wind/tests/xss_data.txt +++ /dev/null @@ -1,22 +0,0 @@ -themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 73 DIRTY $content -themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom() -themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor -themes/admin_wind/views/block.html.php 5 DIRTY $id -themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id -themes/admin_wind/views/block.html.php 13 DIRTY $title -themes/admin_wind/views/block.html.php 16 DIRTY $content -themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) -themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) -themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg -themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url) -themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url) diff --git a/themes/wind/tests/xss_data.txt b/themes/wind/tests/xss_data.txt deleted file mode 100644 index a57df6e8..00000000 --- a/themes/wind/tests/xss_data.txt +++ /dev/null @@ -1,41 +0,0 @@ -themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id -themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 18 DIRTY_JS $child->url() -themes/wind/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) -themes/wind/views/album.html.php 23 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 24 DIRTY_JS $child->url() -themes/wind/views/album.html.php 42 DIRTY $theme->paginator() -themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor -themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id -themes/wind/views/block.html.php 6 DIRTY $title -themes/wind/views/block.html.php 8 DIRTY $content -themes/wind/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"g-album":"" -themes/wind/views/dynamic.html.php 13 DIRTY_JS $child->url() -themes/wind/views/dynamic.html.php 14 DIRTY_ATTR $child->id -themes/wind/views/dynamic.html.php 15 DIRTY_ATTR $child->thumb_url() -themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $child->thumb_width -themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height -themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) -themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 42 DIRTY $new_width -themes/wind/views/page.html.php 43 DIRTY $new_height -themes/wind/views/page.html.php 44 DIRTY $thumb_proportion -themes/wind/views/page.html.php 81 DIRTY $header_text -themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 104 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 120 DIRTY $content -themes/wind/views/page.html.php 126 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 133 DIRTY $footer_text -themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url -themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url -themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -themes/wind/views/paginator.html.php 79 DIRTY_JS $last_page_url -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->width -themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height -themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() -themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() -themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) -- cgit v1.2.3 From 5b579ffdcb05322d42c9e402d9b841ace249a025 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 18 Nov 2009 11:14:50 -0800 Subject: Remove the image_block_installer class as it does nothing, except erroneous set the version number to 2. --- .../image_block/helpers/image_block_installer.php | 30 ---------------------- 1 file changed, 30 deletions(-) delete mode 100644 modules/image_block/helpers/image_block_installer.php (limited to 'modules') diff --git a/modules/image_block/helpers/image_block_installer.php b/modules/image_block/helpers/image_block_installer.php deleted file mode 100644 index 04a15619..00000000 --- a/modules/image_block/helpers/image_block_installer.php +++ /dev/null @@ -1,30 +0,0 @@ -