Permalink
Browse files

Golden file updates for xss and controller authentication.

  • Loading branch information...
1 parent 8583c1d commit 44da46abd4aa2e210300d1d54c1d6896988fd71b @bharat bharat committed Jan 15, 2011
Showing with 62 additions and 49 deletions.
  1. +3 −2 modules/gallery/tests/controller_auth_data.txt
  2. +59 −47 modules/gallery/tests/xss_data.txt
View
5 modules/gallery/tests/controller_auth_data.txt
@@ -22,8 +22,8 @@ modules/gallery/controllers/user_profile.php show
modules/gallery/controllers/user_profile.php contact DIRTY_AUTH
modules/gallery/controllers/user_profile.php send DIRTY_AUTH
modules/gallery/controllers/welcome_message.php index DIRTY_AUTH
-modules/organize/controllers/organize.php dialog DIRTY_CSRF
-modules/organize/controllers/organize.php add_album_fields DIRTY_AUTH
+modules/organize/controllers/organize.php tree DIRTY_CSRF
+modules/organize/controllers/organize.php delete DIRTY_AUTH
modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH
modules/rest/controllers/rest.php reset_api_key_confirm DIRTY_AUTH
modules/rest/controllers/rest.php reset_api_key DIRTY_AUTH
@@ -35,5 +35,6 @@ modules/server_add/controllers/server_add.php children
modules/tag/controllers/admin_tags.php index DIRTY_CSRF
modules/tag/controllers/tag.php __call DIRTY_CSRF|DIRTY_AUTH
modules/tag/controllers/tags.php autocomplete DIRTY_CSRF|DIRTY_AUTH
+modules/user/controllers/admin_users.php index DIRTY_CSRF
modules/user/controllers/password.php reset DIRTY_AUTH
modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH
View
106 modules/gallery/tests/xss_data.txt
@@ -213,7 +213,7 @@ modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu-
modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs)
modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"]
modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf")
-modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf")
+modules/gallery/views/movieplayer.html.php 17 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf")
modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__")
modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf")
modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id
@@ -262,8 +262,8 @@ modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $use
modules/gallery/views/user_profile.html.php 43 DIRTY $info->view
modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url()
modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
-modules/info/views/info_block.html.php 22 DIRTY gallery::date_time($item->captured)
-modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url
+modules/info/views/info_block.html.php 5 DIRTY $info["label"]
+modules/info/views/info_block.html.php 5 DIRTY $info["value"]
modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url()
modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url()
modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url()
@@ -274,22 +274,29 @@ modules/notification/views/item_updated.html.php 20 DIRTY_JS $item-
modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url()
modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id
modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url
-modules/organize/views/organize_dialog.html.php 94 DIRTY_JS $domain
-modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $access_key
-modules/organize/views/organize_dialog.html.php 96 DIRTY_JS request::protocol()
-modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $file_filter
-modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $sort_order
-modules/organize/views/organize_dialog.html.php 99 DIRTY_JS $sort_fields
-modules/organize/views/organize_dialog.html.php 100 DIRTY_JS $album->id
-modules/organize/views/organize_dialog.html.php 101 DIRTY_JS $selected_id
-modules/organize/views/organize_dialog.html.php 102 DIRTY_JS $rest_uri
-modules/organize/views/organize_dialog.html.php 103 DIRTY_JS $controller_uri
-modules/organize/views/organize_dialog.html.php 109 DIRTY_JS $flash_minimum_version="10.0.0"
-modules/organize/views/organize_dialog.html.php 127 DIRTY_JS $swf_uri
-modules/organize/views/organize_dialog.html.php 140 DIRTY_ATTR request::protocol()
+modules/organize/views/organize_dialog.html.php 8 DIRTY_JS url::site("items/__ID__")
+modules/organize/views/organize_dialog.html.php 14 DIRTY_JS $album->title
+modules/organize/views/organize_frame.html.php 12 DIRTY_JS url::file("modules/organize/vendor/ext/images/default/s.gif")
+modules/organize/views/organize_frame.html.php 56 DIRTY_JS url::site("organize/album_info/__ID__")
+modules/organize/views/organize_frame.html.php 94 DIRTY_JS access::csrf_token()
+modules/organize/views/organize_frame.html.php 96 DIRTY_JS url::site("organize/set_sort/__ID__")
+modules/organize/views/organize_frame.html.php 116 DIRTY_JS url::site("organize/delete")
+modules/organize/views/organize_frame.html.php 125 DIRTY_JS access::csrf_token()
+modules/organize/views/organize_frame.html.php 226 DIRTY_JS url::site("organize/rearrange")
+modules/organize/views/organize_frame.html.php 237 DIRTY_JS access::csrf_token()
+modules/organize/views/organize_frame.html.php 275 DIRTY_JS $key
+modules/organize/views/organize_frame.html.php 398 DIRTY_JS url::site("organize/tree/{$album->id}")
+modules/organize/views/organize_frame.html.php 456 DIRTY_JS url::site("organize/reparent")
+modules/organize/views/organize_frame.html.php 479 DIRTY_JS access::csrf_token()
+modules/organize/views/organize_frame.html.php 495 DIRTY_JS access::can("edit",item::root())
+modules/organize/views/organize_frame.html.php 497 DIRTY_JS item::root()->title
+modules/organize/views/organize_frame.html.php 499 DIRTY_JS item::root()->id
+modules/organize/views/organize_frame.html.php 507 DIRTY_JS $album->id
+modules/organize/views/organize_frame.html.php 508 DIRTY_JS $album->id
modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form
modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key
-modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key
+modules/recaptcha/views/form_recaptcha.html.php 3 DIRTY_ATTR request::protocol()
+modules/recaptcha/views/form_recaptcha.html.php 8 DIRTY_JS $public_key
modules/rest/views/reset_api_key_confirm.html.php 6 DIRTY $form
modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri
modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri
@@ -346,28 +353,31 @@ modules/user/views/admin_users.html.php 73 DIRTY_ATTR $use
modules/user/views/admin_users.html.php 74 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true))
modules/user/views/admin_users.html.php 88 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login)
modules/user/views/admin_users.html.php 91 DIRTY db::build()->from("items")->where("owner_id","=",$user->id)->count_records()
-modules/user/views/admin_users.html.php 127 DIRTY_ATTR $group->id
-modules/user/views/admin_users.html.php 127 DIRTY_ATTR ($group->special?"g-default-group":"")
-modules/user/views/admin_users.html.php 129 DIRTY $v
+modules/user/views/admin_users.html.php 113 DIRTY $pager
+modules/user/views/admin_users.html.php 132 DIRTY_ATTR $group->id
+modules/user/views/admin_users.html.php 132 DIRTY_ATTR ($group->special?"g-default-group":"")
+modules/user/views/admin_users.html.php 134 DIRTY $v
modules/user/views/admin_users_delete_user.html.php 6 DIRTY $form
modules/user/views/admin_users_group.html.php 24 DIRTY_JS $user->id
modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group->id
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
-themes/admin_wind/views/admin.html.php 21 DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php 38 DIRTY $theme->admin_head()
-themes/admin_wind/views/admin.html.php 42 DIRTY $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php 50 DIRTY $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php 51 DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php 54 DIRTY $theme->user_menu()
-themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu()
-themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php 67 DIRTY $content
-themes/admin_wind/views/admin.html.php 73 DIRTY $sidebar
-themes/admin_wind/views/admin.html.php 78 DIRTY $theme->admin_footer()
-themes/admin_wind/views/admin.html.php 81 DIRTY $theme->admin_credits()
-themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_page_bottom()
+themes/admin_wind/views/admin.html.php 31 DIRTY $theme->admin_head()
+themes/admin_wind/views/admin.html.php 40 DIRTY_JS $theme->url()
+themes/admin_wind/views/admin.html.php 45 DIRTY $theme->get_combined("script")
+themes/admin_wind/views/admin.html.php 48 DIRTY $theme->get_combined("css")
+themes/admin_wind/views/admin.html.php 52 DIRTY $theme->admin_page_top()
+themes/admin_wind/views/admin.html.php 60 DIRTY $theme->admin_header_top()
+themes/admin_wind/views/admin.html.php 61 DIRTY_JS item::root()->url()
+themes/admin_wind/views/admin.html.php 64 DIRTY $theme->user_menu()
+themes/admin_wind/views/admin.html.php 67 DIRTY $theme->admin_menu()
+themes/admin_wind/views/admin.html.php 70 DIRTY $theme->admin_header_bottom()
+themes/admin_wind/views/admin.html.php 77 DIRTY $content
+themes/admin_wind/views/admin.html.php 83 DIRTY $sidebar
+themes/admin_wind/views/admin.html.php 88 DIRTY $theme->admin_footer()
+themes/admin_wind/views/admin.html.php 91 DIRTY $theme->admin_credits()
+themes/admin_wind/views/admin.html.php 96 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
themes/admin_wind/views/block.html.php 5 DIRTY $id
themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id
@@ -398,20 +408,22 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi
themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator()
themes/wind/views/movie.html.php 5 DIRTY $theme->paginator()
themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}"))
-themes/wind/views/page.html.php 9 DIRTY $page_title
-themes/wind/views/page.html.php 12 DIRTY $theme->item()->title
-themes/wind/views/page.html.php 16 DIRTY item::root()->title
-themes/wind/views/page.html.php 26 DIRTY_JS $theme->url()
-themes/wind/views/page.html.php 35 DIRTY $new_width
-themes/wind/views/page.html.php 36 DIRTY $new_height
-themes/wind/views/page.html.php 37 DIRTY $thumb_proportion
-themes/wind/views/page.html.php 74 DIRTY $header_text
-themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url()
-themes/wind/views/page.html.php 80 DIRTY $theme->user_menu()
-themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null)
-themes/wind/views/page.html.php 122 DIRTY $content
-themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html")
-themes/wind/views/page.html.php 135 DIRTY $footer_text
+themes/wind/views/page.html.php 10 DIRTY $page_title
+themes/wind/views/page.html.php 13 DIRTY $theme->item()->title
+themes/wind/views/page.html.php 17 DIRTY item::root()->title
+themes/wind/views/page.html.php 31 DIRTY $new_width
+themes/wind/views/page.html.php 32 DIRTY $new_height
+themes/wind/views/page.html.php 33 DIRTY $thumb_proportion
+themes/wind/views/page.html.php 70 DIRTY_JS $theme->url()
+themes/wind/views/page.html.php 75 DIRTY $theme->get_combined("script")
+themes/wind/views/page.html.php 78 DIRTY $theme->get_combined("css")
+themes/wind/views/page.html.php 88 DIRTY $header_text
+themes/wind/views/page.html.php 90 DIRTY_JS item::root()->url()
+themes/wind/views/page.html.php 94 DIRTY $theme->user_menu()
+themes/wind/views/page.html.php 115 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null)
+themes/wind/views/page.html.php 136 DIRTY $content
+themes/wind/views/page.html.php 142 DIRTY newView("sidebar.html")
+themes/wind/views/page.html.php 149 DIRTY $footer_text
themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url
themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url
themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url

0 comments on commit 44da46a

Please sign in to comment.