Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2016-03-07 | Fix #4475 | Andrey Andreev | 1 | -2/+4 | |
2016-02-11 | Skip CI_Log tests on PHP 5.2 | Andrey Andreev | 1 | -1/+10 | |
We still run those (with failures enabled) and that test breaks them | |||||
2016-02-09 | [ci skip] Whitespace | Andrey Andreev | 1 | -1/+1 | |
2016-02-09 | Add CI_Log test cases | Andrey Andreev | 1 | -0/+64 | |
2015-11-09 | Merge pull request #4225 from zhanghongyi/loader-test | Andrey Andreev | 1 | -4/+25 | |
Improve Loader test cases for libraries | |||||
2015-10-31 | Prevent Host header injections | Andrey Andreev | 1 | -30/+17 | |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 1 | -15/+20 | |
2015-10-30 | Fix #3201 | Andrey Andreev | 1 | -0/+5 | |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 1 | -2/+7 | |
2015-10-02 | More XSS stuff | Andrey Andreev | 1 | -1/+6 | |
2015-09-28 | Merge pull request #4125 from jim-parry/fix/lang_test | Andrey Andreev | 1 | -5/+17 | |
Improve CI_Lang tests | |||||
2015-09-21 | More XSS stuff | Andrey Andreev | 1 | -0/+16 | |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 1 | -0/+1 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 1 | -23/+34 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 1 | -0/+5 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -0/+14 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -2/+7 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -0/+5 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -1/+6 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -0/+5 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -4/+4 | |
2015-09-10 | Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -0/+8 | |
2015-08-03 | [ci skip] Normalize tabs/spaces | Andrey Andreev | 1 | -1/+1 | |
Partial changes from PR #4016 | |||||
2015-07-22 | Fix testcases broken by b63dc1904e4f34cb48d7dce80155172c6e94d777 | Andrey Andreev | 1 | -2/+2 | |
2015-03-30 | [ci skip] Whitespace cleanup following PRs #3713 #3714 | Andrey Andreev | 2 | -16/+15 | |
2015-03-30 | Merge pull request #3713 from ahnh/UnitTest_Lang_test | Andrey Andreev | 1 | -0/+26 | |
CI_Lang unit tests | |||||
2015-03-30 | changed to lowercase array. | Heesung Ahn | 1 | -1/+1 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-30 | changed to lowercase array and space. | Heesung Ahn | 1 | -3/+3 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-30 | updated array style and removed assert true | Heesung Ahn | 1 | -2/+5 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-30 | added spaces | Heesung Ahn | 1 | -1/+1 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-29 | Improved unit test code coverage. | Heesung Ahn | 1 | -0/+46 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-29 | removed space | Heesung Ahn | 1 | -1/+1 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-29 | Increased code coverage | Heesung Ahn | 1 | -1/+24 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-26 | Remove an unnecessary check | Andrey Andreev | 1 | -2/+1 | |
#3700 #3706 | |||||
2015-03-26 | Add FSCommand and seekSegmentTime to evil HTML attributes list | Andrey Andreev | 1 | -0/+2 | |
2015-03-21 | [ci skip] Whitespace cleanup following PR #3682 | Andrey Andreev | 1 | -20/+20 | |
2015-03-20 | updated based on comment | Heesung Ahn | 1 | -2/+2 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-19 | updated based on comment | Heesung Ahn | 1 | -2/+1 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-19 | minor update | Heesung Ahn | 1 | -2/+3 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-18 | Updated CI_Input unit test and fixed error "undefined offset" caused by ↵ | Heesung Ahn | 1 | -5/+56 | |
using the same variable name, $i, twice for for loop inside for loop. Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-18 | Polish some recent changes in test cases | Andrey Andreev | 2 | -16/+14 | |
2015-03-17 | Updated fetch_from_array unit test | Heesung Ahn | 1 | -0/+9 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-10 | Fixed indentation | Heesung Ahn | 1 | -66/+65 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-10 | Update Security Unit test | Heesung Ahn | 1 | -18/+18 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-10 | Update Security Unit test | Heesung Ahn | 1 | -3/+91 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-05 | adding more img tags | Heesung Ahn | 1 | -2/+14 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-02 | test_strip_omage_tags | Heesung Ahn | 1 | -0/+19 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-02-17 | Fix #3572: CI_Security::_remove_evil_attributes() | Andrey Andreev | 1 | -0/+12 | |
2015-02-15 | [ci skip] Fix a PHP7 BC break in a test that wouldn't even run | Andrey Andreev | 1 | -1/+1 | |