tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
silverstripe-framework/tests/php/Forms
History
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
..
CheckboxFieldtest
FIX: CheckboxSetField can now save into DBMultiEnum
2018-11-05 17:40:28 +13:00
CheckboxSetFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
DatetimeFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
EmailFieldTest
API Refactor bootstrap, request handling
2017-06-22 22:50:45 +12:00
FormFactoryTest
BUG Fix behaviour towards versioned but unstagable records
2018-02-20 12:20:18 +13:00
FormFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
FormRequestHandlerTest
Process actions on Form subclasses
2017-05-18 22:47:39 +12:00
FormScaffolderTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
FormSchemaTest
Fix tests
2017-12-08 09:58:52 +13:00
FormTest
FIX Don't reload form session data using FormField::setSubmittedValue… (#8184)
2018-06-19 11:27:09 +12:00
GridField
FIX Replace usage of Convert JSON methods with json_encode
2018-10-28 21:15:29 +00:00
HTMLEditor
Merge branch '4.3' into 4
2018-11-06 11:05:22 +01:00
ListboxFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
MoneyFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
NumericFieldTest
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
ValidatorTest
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
2017-05-16 12:58:00 +01:00
CheckboxFieldReadonlyTest.php
Rename CheckboxFieldReadonlyTest for future PSR-2 compatibility
2018-11-10 10:04:17 +02:00
CheckboxFieldTest.php
Fix linting issues
2017-05-23 09:13:50 +12:00
CheckboxSetFieldMultiEnumTest.php
FIX: CheckboxSetField can now save into DBMultiEnum
2018-11-05 17:40:28 +13:00
CheckboxSetFieldTest.php
API Refactor bootstrap, request handling
2017-06-22 22:50:45 +12:00
CheckboxSetFieldTest.yml
API Namespace framework tests
2016-11-23 19:25:12 +13:00
CompositeFieldTest.php
Add more tests for CheckboxField_Readonly and CompositeField, improve PHPDocs
2018-10-20 15:44:23 +02:00
ConfirmedPasswordFieldTest.php
Merge branch '4.3' into 4
2019-01-08 12:27:48 +01:00
CurrencyFieldDisabledTest.php
Remove underscores from variable test class names
2018-11-10 14:55:11 +02:00
CurrencyFieldReadonlyTest.php
Remove underscores from variable test class names
2018-11-10 14:55:11 +02:00
CurrencyFieldTest.php
Add tests for edge cases in CurrencyField
2018-10-20 17:33:59 +02:00
DatalessFieldTest.php
Add tests for DatalessField
2018-10-20 17:59:55 +02:00
DateFieldDisabledTest.php
Remove underscores from variable test class names
2018-11-10 14:55:11 +02:00
DateFieldTest.php
Add edge case unit tests for DateField
2018-10-20 18:15:42 +02:00
DatetimeFieldTest.php
Add more edge case tests for disabled DateFields and DatetimeField
2018-10-20 18:29:07 +02:00
DefaultFormFactoryTest.php
Add tests for DefaultFormFactory
2018-10-20 19:47:11 +02:00
DisabledTransformationTest.php
Add tests for DisabledTransformation, PrintableTransformation and PrintableTransformation_TabSet
2018-10-20 20:06:02 +02:00
DropdownFieldTest.php
FIX: Don’t break validation on selects without a source.
2018-10-06 11:53:17 +13:00
EmailFieldTest.php
FIX Minor updates to unit tests to pass with HTML5 parser and various themes
2018-06-01 17:47:03 +12:00
EnumFieldTest.php
New namespaced i18n keys
2017-04-28 14:59:42 +12:00
FieldGroupTest.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
FieldListTest.php
NEW Scaffolded field labels now only have an uppercased first word
2019-01-07 17:52:28 +01:00
FileFieldTest.php
NEW: Implement accept attribute in FileField (closes #7279)
2017-10-03 16:48:49 +01:00
FormActionTest.php
BUG FormAction title property cannot be set if useButtonTag is false
2019-10-29 17:21:45 +13:00
FormFactoryTest.php
API Refactor bootstrap, request handling
2017-06-22 22:50:45 +12:00
FormFactoryTest.yml
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
FormFieldTest.php
[CVE-2019-19325] XSS through non-scalar FormField attributes
2020-02-17 09:58:29 +13:00
FormRequestHandlerTest.php
[ss-2018-013] Remove password text from session data on failed submission
2018-05-14 17:14:38 +12:00
FormScaffolderTest.php
Remove TestListener and rely on PHPUnits APIs
2017-03-30 11:46:58 +13:00
FormScaffolderTest.yml
API Namespace framework tests
2016-11-23 19:25:12 +13:00
FormSchemaTest.php
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
FormTest.php
[CVE-2019-19325] XSS through non-scalar FormField attributes
2020-02-17 09:58:29 +13:00
FormTest.yml
API Namespace framework tests
2016-11-23 19:25:12 +13:00
GroupedDropdownFieldTest.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
ListboxFieldTest.php
Linting cleanup
2017-12-14 14:18:41 +13:00
ListboxFieldTest.yml
API Namespace framework tests
2016-11-23 19:25:12 +13:00
LookupFieldTest.php
FIX Minor updates to unit tests to pass with HTML5 parser and various themes
2018-06-01 17:47:03 +12:00
LookupFieldTest.yml
Move files to psr-2 standard locations
2016-11-23 19:25:12 +13:00
MoneyFieldTest.php
Remove TestListener and rely on PHPUnits APIs
2017-03-30 11:46:58 +13:00
NullableFieldTests.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
NumericFieldTest.php
Merge pull request #7103 from dnadesign/fix-numericfield-null
2017-07-05 11:45:45 +01:00
OptionsetFieldTest.php
Fix linting issues
2017-05-23 09:13:50 +12:00
PasswordFieldTest.php
[ss-2018-013] Remove password text from session data on failed submission
2018-05-14 17:14:38 +12:00
PopoverFieldTest.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
PrintableTransformationTabSetTest.php
Remove underscores from variable test class names
2018-11-10 14:55:11 +02:00
PrintableTransformationTest.php
Add tests for DisabledTransformation, PrintableTransformation and PrintableTransformation_TabSet
2018-10-20 20:06:02 +02:00
RequiredFieldsTest.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
SelectionGroupTest.php
FIX Minor updates to unit tests to pass with HTML5 parser and various themes
2018-06-01 17:47:03 +12:00
SingleLookupFieldTest.php
LookupField value handling corrected (atomic values are no longer thrown away).
2018-04-23 15:15:40 +12:00
TextareaFieldTest.php
Merge branch '3'
2016-12-28 14:30:54 +00:00
TextFieldTest.php
Apply PSR2 / Namespace to remaining admin / tests
2016-12-19 16:08:19 +13:00
TimeFieldTest.php
MERGE
2017-04-03 12:11:21 +12:00
TreeDropdownFieldTest.php
FIX Explicity mark nodes when searching nodes in TreeDropdownField #8621
2018-11-21 11:43:21 +13:00
TreeDropdownFieldTest.yml
FIX Explicity mark nodes when searching nodes in TreeDropdownField #8621
2018-11-21 11:43:21 +13:00
TreeMultiselectFieldTest.php
Resolve incorrect empty string assertion in tests
2019-04-17 13:29:54 +12:00
ValidatorTest.php
API Refactor bootstrap, request handling
2017-06-22 22:50:45 +12:00