From fd437aec2bbd3e65b330b0790af970ca7e078636 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 4 Jun 2010 13:58:49 -0700 Subject: Correct XSS Security Test golden file for recent changes. Update the controller_auth data file for the rename of admin_comments to admin_manage_comments. --- modules/gallery/tests/controller_auth_data.txt | 2 +- modules/gallery/tests/xss_data.txt | 37 +++++++++++++------------- 2 files changed, 19 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 0aa26057..94e7a07f 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,4 +1,4 @@ -modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF modules/comment/helpers/comment_rss.php feed DIRTY_AUTH modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/digibug/controllers/digibug.php close_window DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index afad9e13..0a75d6f7 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -4,21 +4,21 @@ modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urle modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) -modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() -modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() -modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) -modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) -modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 197 DIRTY $pager +modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render() +modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id +modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/comment/views/admin_manage_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/admin_manage_comments.html.php 123 DIRTY_JS $item->url() +modules/comment/views/admin_manage_comments.html.php 125 DIRTY_ATTR $item->thumb_url() +modules/comment/views/admin_manage_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) +modules/comment/views/admin_manage_comments.html.php 135 DIRTY gallery::date($comment->created) +modules/comment/views/admin_manage_comments.html.php 142 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 151 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 160 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 169 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 176 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 184 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 197 DIRTY $pager modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri @@ -175,7 +175,7 @@ modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") -modules/gallery/views/movieplayer.html.php 13 DIRTY_JS url::abs_file("lib/flowplayer.h264streaming.swf") +modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__") modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id @@ -320,7 +320,6 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 9 DIRTY $page_title themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url() themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head() themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top() @@ -363,7 +362,7 @@ themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) +themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) themes/wind/views/page.html.php 9 DIRTY $page_title themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() themes/wind/views/page.html.php 42 DIRTY $new_width @@ -384,4 +383,4 @@ themes/wind/views/photo.html.php 8 DIRTY_JS $theme themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() -themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) +themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-item-id-{$item->id}","class"=>"g-resize")) -- cgit v1.2.3