silverstripe-framework/tests
Ingo Schommer 0bae1826bb FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 09:08:55 +12:00
..
api Excluded or removed tests relying on actual webserver routing 2012-11-28 15:35:09 +01:00
control Retain 5.2 compatibility in DirectorTest 2013-09-12 15:59:18 +02:00
dev ENHANCEMENT Allowing filtered arguments on specific functions like mysql_connect() in SS_Backtrace 2011-05-30 18:06:41 +12:00
fieldtypes Fixed DateTest timezone settings 2012-12-04 12:36:43 +01:00
filesystem MINOR #6083 FileTest doesn't remove test folders and files created during test 2011-02-02 14:19:57 +13:00
forms FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
i18n MINOR Fixed broken i18nTest on Windows because of newline character differences 2011-02-25 15:15:27 +13:00
integration BUGFIX Ensure that \r carriage return characters get stripped out before setting content in HTMLValue::setContent(). DOMDocument will transform these into &#13 entities, which is apparently XML spec, but not necessary for us as we're using HTML 2011-02-02 14:19:57 +13:00
javascript MINOR Moved js unit tests from sapphire/javascript/tests to sapphire/tests/javascript to have a consistent location for all tests on server- and clientside 2008-11-01 11:05:38 +00:00
model API CHANGE Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales) (from r114470) 2011-02-02 14:20:03 +13:00
salad/step_definitions MINOR: Clear out the test database in between each salad scenario. 2011-02-02 14:19:45 +13:00
search ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine(). 2011-09-15 16:13:02 +02:00
security FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 09:08:55 +12:00
tasks MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) 2011-02-02 14:18:25 +13:00
templates MINOR: Added missing file for r101867 2011-02-02 14:19:09 +13:00
testing API CHANGE: Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects. 2011-02-02 14:18:04 +13:00
widgets MINOR: Added explicit listing of testonly dataobjects for widget tests. 2011-02-02 14:18:08 +13:00
ArrayDataTest.php ENHANCEMENT: added getter to get array back out of an ArrayData instance. MINOR: updated docblocks in ArrayData 2011-02-02 14:19:39 +13:00
ArrayLibTest.php ENHANCEMENT Use array_combine() instead of custom logic for ArrayLib::valuekey() (thanks paradigmincarnate!) 2011-02-02 14:19:35 +13:00
Bare.yml MINOR: Added small fixture YML that just lets you log in, for bootstrapping browser automation tests. 2011-02-02 14:17:57 +13:00
bootstrap.php Copying request params before Core.php exec in PHPUnit bootstrap 2013-01-06 22:34:29 +01:00
CacheTest.php MINOR: Speed up cache test (1s is as good a test expiry as 8s) 2011-02-02 14:18:28 +13:00
ClassInfoTest.php BUGFIX: Fixed issues with broekn link tracking 2011-02-02 14:19:02 +13:00
ControllerTest.php BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension 2013-02-17 23:16:22 +01:00
ControllerTest.yml MINOR Added ControllerTest for $allowed_actions with permission codes, switched this class to extend FunctionalTest and use get() instead of Director:;test() for this purpose (better login/session mocking capabilities) 2009-09-10 06:34:40 +00:00
ConvertTest.php ENHANCEMENT: html2raw now properly replace strong tag with asterix #5494 2011-02-02 14:19:37 +13:00
CoreTest.php MINOR #6397 CoreTest should use test specific paths, otherwise conflicts can occur in certain environments 2011-02-02 14:20:07 +13:00
DataObjectDecoratorTest.php BUGFIX #5337: Allow decoration of DataObject 2011-02-02 14:19:11 +13:00
DataObjectDecoratorTest.yml BUGFIX #3919: Fix DataObject::dbObject() for decorated fields 2009-04-27 00:44:10 +00:00
DataObjectSetTest.php API CHANGE #5873 DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use DataObjectSet::unshift($item) if unshifting was intended! 2011-02-02 14:19:46 +13:00
DataObjectTest.php MINOR Partially reverted r114744 2011-02-02 14:20:05 +13:00
DataObjectTest.yml BUGFIX: TeamComment table added to dataobjects list 2011-02-02 14:19:04 +13:00
ErrorPageTest.php API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog. 2009-10-26 03:06:31 +00:00
ErrorPageTest.yml BUGFIX Fixed empty ErrorPage types in output by setting status code in init() instead of index() and checking for "index" action - introduced in r75096 (see #3960) 2009-05-04 02:20:57 +00:00
FileLinkTrackingTest.php API CHANGE Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693) 2011-02-02 14:19:34 +13:00
FileLinkTrackingTest.yml BUGFIX: Fixed image link rewriting and added a test. (from r89011) 2009-10-15 22:40:06 +00:00
FullTestSuite.php ENHANCEMENT Added "module=" argument to FullTestSuite (to support comma-separated module lists) 2011-02-02 14:19:53 +13:00
HtmlEditorConfigTest.php ENHANCEMENT Added support for loading external plugins (with relative paths) in HtmlEditorConfig. This means relative paths can be separate from the plugin name, and fixes a bug where paths containing dashes were ignored by TinyMCE.init(). 2011-02-02 14:17:55 +13:00
HTTPRequestTest.php API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog. 2009-10-26 03:06:31 +00:00
HTTPTest.php BUGFIX: preserve the port value if given in HTTP::setGetVar (#5280). BUGFIX: allow username only input rather than user:pass combo. 2011-02-02 14:19:08 +13:00
ManifestBuilderTest.fixture.inc BUGFIX: Fixed manifest builder tests to not have fake data, and to test that classes can be in files with different names 2009-08-08 03:39:12 +00:00
ManifestBuilderTest.php BUGFIX: Fixed issues with broekn link tracking 2011-02-02 14:19:02 +13:00
MemoryLimitTest.php MINOR: Better checking of safe_mode in MemoryLimitTest 2011-02-02 14:19:31 +13:00
ModelAsControllerTest.yml BUGFIX: When finding an old page in the 404 handler, favour existing subpages over historical ones. 2011-02-02 14:19:21 +13:00
ObjectStaticTest.php BUGFIX #4929: Fixed Object::add_static_vars() for uninherited static.s 2011-02-02 14:18:14 +13:00
ObjectTest.php BUGFIX: Update Object::parse_class_spec() to handle arrays. 2011-02-02 14:19:01 +13:00
PhpSyntaxTest.php MINOR PHPUnit annotations for PhpSyntaxTest 2011-02-02 14:19:52 +13:00
RedirectorPageTest.php BUGFIX #5259 RedirectorPage and HtmlEditorField TinyMCE integration now prefixes http:// if no prefix is found 2011-02-02 14:19:06 +13:00
RedirectorPageTest.yml BUGFIX #5259 RedirectorPage and HtmlEditorField TinyMCE integration now prefixes http:// if no prefix is found 2011-02-02 14:19:06 +13:00
RequestHandlingTest.php BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension 2013-02-17 23:16:22 +01:00
SearchContextTest.php API CHANGE: Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects. 2011-02-02 14:18:04 +13:00
SearchContextTest.yml BUGFIX Fixed SQL syntax error in MATCH AGAINST clause in FulltextFilter 2009-05-24 21:27:48 +00:00
SessionTest.php MINOR Remove all session data in TestSession that might've been set by the test harness (necessary for test runs through the phpunit binary) 2011-02-02 14:19:51 +13:00
ShortcodeParserTest.php FEATURE: Added the Shortcode API (ShortcodeParser) to allow you to replace simple BBCode-like tags in a string with the results of a callback. 2009-10-11 00:06:57 +00:00
SiteTreeActionsTest.php BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer 2011-02-02 14:20:06 +13:00
SiteTreeActionsTest.yml BUGFIX Respecting SiteTree->canDelete() in SiteTree->getCMSActions() 2009-10-17 05:11:23 +00:00
SiteTreeBacklinksTest.php API CHANGE: Added SiteTree::VirtualPages() and SiteTree::DependentPages() accessors. 2011-02-02 14:19:02 +13:00
SiteTreeBacklinksTest.yml API CHANGE: Added SiteTree::VirtualPages() and SiteTree::DependentPages() accessors. 2011-02-02 14:19:02 +13:00
SiteTreeBrokenLinksTest.php BUGFIX: Fixed issues with broekn link tracking 2011-02-02 14:19:02 +13:00
SiteTreeBrokenLinksTest.yml ENHANCMENT improved reporting around broken links/files (from r88993) 2009-10-15 22:39:26 +00:00
SiteTreePermissionsTest.php BUGFIX: ensure that pages can only be requested from staging and live 2011-02-02 14:19:49 +13:00
SiteTreePermissionsTest.yml BUGFIX: ensure that pages can only be requested from staging and live 2011-02-02 14:19:49 +13:00
SiteTreeTest.php BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer 2011-02-02 14:20:06 +13:00
SiteTreeTest.yml ENHANCEMENT: Updated the SiteTree URLSegment conflict resolver to work with nested URLs. 2009-10-11 00:07:21 +00:00
SoapModelAccessTest.php API CHANGE: Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects. 2011-02-02 14:18:04 +13:00
SoapModelAccessTest.yml (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 2008-08-11 03:03:52 +00:00
SQLFormatterTest.php BUGFIX Fixed newlines working properly across different platforms - Windows, for example, won't work properly with just \n so use PHP_EOL for a cross-platform solution 2011-02-02 14:17:38 +13:00
SQLQueryTest.php ENHANCEMENT Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg) 2011-02-02 14:19:41 +13:00
SSViewerCacheBlockTest.php MINOR Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings 2012-05-14 17:25:10 +02:00
SSViewerTest.php MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' 2011-10-18 10:54:30 +02:00
TokenisedRegularExpressionTest.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
TransactionTest.php Reverted to revision 101592 2011-02-02 14:20:07 +13:00
ViewableDataTest.php BUGFIX ViewableData->castingClass() cuts off last character of a casting definition if it has bracketed arguments (fixes #5536, thanks ajshort) 2011-02-02 14:19:19 +13:00
WebserverRoutingTest.php Excluded or removed tests relying on actual webserver routing 2012-11-28 15:35:09 +01:00