summaryrefslogtreecommitdiffstats
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2017-01-19Fix byte-safety issues & actually test for themAndrey Andreev2-8/+18
2017-01-17[ci skip] Merge pull request #4986 from ka7/feature/spellingAndrey Andreev1-1/+1
Spelling fixes in comment blocks and docs
2017-01-10Add a testcase and changelog entry for #4975Andrey Andreev1-2/+4
2017-01-04Fix an XSS vulnerabilityAndrey Andreev1-0/+5
2016-12-08Merge pull request #4932 from rhynodesigns/patch-1Andrey Andreev1-2/+2
[ci skip] Fix a comment typo in unit tests
2016-11-23Fix #4917Andrey Andreev1-0/+8
2016-09-27Fix entity_decode() issueAndrey Andreev1-0/+6
2016-08-22Skip mcrypt-related testcases on PHP 7.1Andrey Andreev2-2/+14
ext/mcrypt is deprecated and the test cases in question trigger E_DEPRECATED messages as a result.
2016-08-10Add changelog entry and a test case for #4758Andrey Andreev1-0/+3
2016-08-10Use getMockBuilder() in PHPUnit instead of the deprecated getMock()Andrey Andreev8-17/+17
2016-07-28Remove dead code written for PHP 5.2Andrey Andreev5-231/+4
2016-07-25Merge pull request #4725 from tianhe1986/develop_url_encode_case_insensitiveAndrey Andreev1-0/+12
Fix remove_invisible_characters() for URL-encoded characters in upper case
2016-07-19Fix #4679Andrey Andreev1-0/+6
2016-05-25Fix #4639Andrey Andreev1-2/+13
Really fix #4633
2016-05-20Merge pull request #4638 from kasimtan/phpdoc_fixesAndrey Andreev5-5/+0
[ci skip] Fixed PHPDoc parameter name and type discrepancies
2016-05-17Fix #4633Andrey Andreev1-1/+1
2016-04-28Fix #4605Andrey Andreev1-0/+2
2016-03-12Fix #4516Andrey Andreev1-0/+10
2016-03-07Fix #4475Andrey Andreev1-2/+4
2016-02-11Skip CI_Log tests on PHP 5.2Andrey Andreev1-1/+10
We still run those (with failures enabled) and that test breaks them
2016-02-11Fix #4449Andrey Andreev1-2/+25
2016-02-09[ci skip] WhitespaceAndrey Andreev1-1/+1
2016-02-09Add CI_Log test casesAndrey Andreev1-0/+64
2016-02-05Fix another regression caused by 805eddaefd9503b5dbbd924bd6da66e29c4768f3Andrey Andreev1-0/+20
Also added a unit test for #4431
2016-01-30Fix #4415 and add unit tests for https://bugs.php.net/bug.php?id=51192Andrey Andreev1-0/+7
2016-01-11Alter a valid URL testAndrey Andreev1-1/+1
2015-11-09Merge pull request #4225 from zhanghongyi/loader-testAndrey Andreev1-4/+25
Improve Loader test cases for libraries
2015-10-31Prevent Host header injectionsAndrey Andreev1-30/+17
2015-10-31Harden xss_clean()Andrey Andreev1-15/+20
2015-10-30Fix #3201Andrey Andreev1-0/+5
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-2/+7
2015-10-02More XSS stuffAndrey Andreev1-1/+6
2015-09-28Merge pull request #4125 from jim-parry/fix/lang_testAndrey Andreev1-5/+17
Improve CI_Lang tests
2015-09-21More XSS stuffAndrey Andreev1-0/+16
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-0/+1
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-23/+34
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-0/+5
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-0/+14
2015-09-11Harden xss_clean() moreAndrey Andreev1-2/+7
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev1-0/+5
2015-09-11Replace the latest XSS patchesAndrey Andreev1-1/+6
This one fixes yet another issue, is cleaner and faster.
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev1-0/+5
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-4/+4
2015-09-10Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-1/+1
2015-09-10Fix #4106Andrey Andreev1-0/+8
2015-09-01Fix #4093Andrey Andreev1-0/+8
2015-08-03[ci skip] Normalize tabs/spacesAndrey Andreev3-7/+8
Partial changes from PR #4016
2015-07-22Fix testcases broken by b63dc1904e4f34cb48d7dce80155172c6e94d777Andrey Andreev1-2/+2
2015-07-20Fixed typoCalvin Tam1-1/+1
2015-04-14Add test for email address with subdomainBrett Santore1-0/+1