summaryrefslogtreecommitdiffstats
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2015-10-31Prevent Host header injectionsAndrey Andreev1-30/+17
2015-10-31Harden xss_clean()Andrey Andreev1-15/+20
2015-10-30Fix #3201Andrey Andreev1-0/+5
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-2/+7
2015-10-02More XSS stuffAndrey Andreev1-1/+6
2015-09-28Merge pull request #4125 from jim-parry/fix/lang_testAndrey Andreev1-5/+17
Improve CI_Lang tests
2015-09-21More XSS stuffAndrey Andreev1-0/+16
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-0/+1
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-23/+34
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-0/+5
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-0/+14
2015-09-11Harden xss_clean() moreAndrey Andreev1-2/+7
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev1-0/+5
2015-09-11Replace the latest XSS patchesAndrey Andreev1-1/+6
This one fixes yet another issue, is cleaner and faster.
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev1-0/+5
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-4/+4
2015-09-10Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-1/+1
2015-09-10Fix #4106Andrey Andreev1-0/+8
2015-09-01Fix #4093Andrey Andreev1-0/+8
2015-08-03[ci skip] Normalize tabs/spacesAndrey Andreev3-7/+8
Partial changes from PR #4016
2015-07-22Fix testcases broken by b63dc1904e4f34cb48d7dce80155172c6e94d777Andrey Andreev1-2/+2
2015-07-20Fixed typoCalvin Tam1-1/+1
2015-04-14Add test for email address with subdomainBrett Santore1-0/+1
2015-04-01[ci skip] Whitespace cleanup following PR #3716Andrey Andreev1-29/+29
2015-04-01Merge pull request #3716 from djwoods/form_validation_testsAndrey Andreev1-1/+249
More CI_Form_validation unit tests
2015-04-01Style changes and variable name changesDavid Woods1-22/+21
2015-03-30Fix for parsing error in PHP 5.2 and 5.3David Woods1-1/+2
2015-03-30Corrected unit tests for set_select, set_radio, and set_checkboxDavid Woods1-32/+27
Coverage now at ~75%
2015-03-30[ci skip] Whitespace cleanup following PRs #3713 #3714Andrey Andreev2-16/+15
2015-03-30Merge pull request #3713 from ahnh/UnitTest_Lang_testAndrey Andreev1-0/+26
CI_Lang unit tests
2015-03-30changed to lowercase array.Heesung Ahn1-1/+1
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-30changed to lowercase array and space.Heesung Ahn1-3/+3
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-30updated array style and removed assert trueHeesung Ahn1-2/+5
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-30added spacesHeesung Ahn1-1/+1
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-30Added more unit tests to CI_Form_validationDavid Woods1-0/+147
Unit tests for set_select, set_checkbox, and set_radio currently all fail for the same reason. Signed-off-by: David Woods <d.woods92@gmail.com>
2015-03-29Improved unit test code coverage.Heesung Ahn1-0/+46
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-29removed spaceHeesung Ahn1-1/+1
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-29Increased code coverageHeesung Ahn1-1/+24
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-28Added more units tests for Form_validationDavid Woods1-2/+108
Up to 65% coverage Signed-off-by: David Woods <d.woods92@gmail.com>
2015-03-26Remove an unnecessary checkAndrey Andreev1-2/+1
#3700 #3706
2015-03-26Add FSCommand and seekSegmentTime to evil HTML attributes listAndrey Andreev1-0/+2
2015-03-26Polish changes from PR #3678Andrey Andreev1-91/+63
... and make it run on 5.2.
2015-03-26Merge pull request #3678 from djwoods/unit-test/form-validationAndrey Andreev1-0/+373
Added CI_Form_validation unit tests
2015-03-22Corrected invalid matches, differs, and set_data test casesDavid Woods1-34/+61
Signed-off-by: David Woods <d.woods92@gmail.com>
2015-03-21[ci skip] Whitespace cleanup following PR #3682Andrey Andreev1-20/+20
2015-03-21Changed scenario based tests to unit testsDavid Woods1-148/+175
Added tests for set_data() & set_message() Signed-off-by: David Woods <d.woods92@gmail.com>
2015-03-20updated based on commentHeesung Ahn1-2/+2
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-19updated based on commentHeesung Ahn1-2/+1
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-19minor updateHeesung Ahn1-2/+3
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-18Updated CI_Input unit test and fixed error "undefined offset" caused by ↵Heesung Ahn1-5/+56
using the same variable name, $i, twice for for loop inside for loop. Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>