Ralf Becker
|
1222ef1813
|
also log if _check_script_tag was able to disarm XSS automatic
|
2017-11-07 12:24:15 +01:00 |
|
Ralf Becker
|
12dbfca137
|
check cookies for XSS attempts
|
2017-10-27 16:52:34 +02:00 |
|
nathangray
|
b8f8a014fa
|
Move all tests under api/src into api/tests
|
2017-10-23 10:14:14 +02:00 |
|
nathangray
|
24de1dff3b
|
Move PHPUnit tests from test to tests subdirectory
|
2017-10-23 09:51:28 +02:00 |
|
nathangray
|
cd49f6568d
|
Replace the lost boolean cast
|
2017-10-17 16:48:35 +02:00 |
|
nathangray
|
6fad74c710
|
Fix test had no assertions
|
2017-10-17 13:29:17 +02:00 |
|
Ralf Becker
|
191d6aec45
|
support PHPunit 6.0+ and older 5.7 for PHP 5.6
|
2017-08-18 11:45:10 +02:00 |
|
Ralf Becker
|
bb5a845600
|
our error_handler did not allow to supporess just warnings
eg. by using: error_reporting(error_reporting()&~E_WARNING);
|
2017-03-13 16:41:12 +01:00 |
|
Hadi Nategh
|
3209484d31
|
Cover more events on XSS regexp and avoid confusion between legitimate words with beginning of "on" and on[Events]
|
2017-03-06 19:12:56 +01:00 |
|
nathangray
|
bbdd1e77c9
|
Skip failing false positive for PHP < 7
|
2017-02-08 12:32:07 -07:00 |
|
nathangray
|
342230ef08
|
Fix typo in function name
|
2017-02-08 12:32:07 -07:00 |
|
nathangray
|
d83a929254
|
Get tests to not fail if DB is missing - we skip the ones that need a DB
|
2017-02-07 16:02:06 -07:00 |
|
nathangray
|
eeecc2eecd
|
Add PHPUnit tests for security, based on Ralf's previous command line tests
|
2017-02-07 12:28:35 -07:00 |
|
Ralf Becker
|
7ce511cfc1
|
fix json_php_unserialize to return false for not serialized content, as unserialize does and in contray to json_decode which returns null in that case
--> fixes SiteMgr no longer shows html blocks containing unserialized content
|
2017-01-31 11:16:51 +01:00 |
|
Ralf Becker
|
16689ebc27
|
fix use of old egw class in favor of new Api\Egw
|
2016-11-02 09:38:37 +01:00 |
|
Ralf Becker
|
1088278b37
|
no need to call accounts class, if we have no id
|
2016-08-24 19:43:37 +02:00 |
|
Ralf Becker
|
7455cae476
|
* API/ProjectManager: fixed some errors caused by no longer sharing instanciated objects not designed to be shared
|
2016-07-12 11:37:05 +02:00 |
|
Ralf Becker
|
eed6b18e3d
|
* Mail/Api: replace decrecated Mcrypt PHP extension with OpenSSL, use AES128 with pbkdf2 streching of passwords
only new passwords get currently stored via AES, old onces are not yet automatic converted
|
2016-06-19 14:49:50 +02:00 |
|
Ralf Becker
|
bca20a9534
|
silence "Declaration of $class::$method should be compatible with $parent::$method" warning
|
2016-06-09 09:24:33 +02:00 |
|
Ralf Becker
|
834cc466f5
|
to allow installing api or EGroupware without phpgwapi, old exceptions which we have to extend in order allow old apps to catch exceptions thrown from new api, have to reside in api/inc and get autoloaded
|
2016-05-02 16:57:50 +00:00 |
|
Ralf Becker
|
cea5c69b7f
|
move CreateObject and ExecMethod into new api
|
2016-05-02 14:41:48 +00:00 |
|
Ralf Becker
|
8315cbfee0
|
move egw and applications class to api including (common_)functions.inc.php
|
2016-04-26 14:38:08 +00:00 |
|