Commit Graph

22 Commits

Author SHA1 Message Date
Ralf Becker
719b2ff834 also log if _check_script_tag was able to disarm XSS automatic 2017-11-07 12:23:11 +01:00
Ralf Becker
12dbfca137 check cookies for XSS attempts 2017-10-27 16:52:34 +02:00
nathangray
b8f8a014fa Move all tests under api/src into api/tests 2017-10-23 10:14:14 +02:00
nathangray
24de1dff3b Move PHPUnit tests from test to tests subdirectory 2017-10-23 09:51:28 +02:00
nathangray
cd49f6568d Replace the lost boolean cast 2017-10-17 16:48:35 +02:00
nathangray
6fad74c710 Fix test had no assertions 2017-10-17 13:29:17 +02:00
Ralf Becker
191d6aec45 support PHPunit 6.0+ and older 5.7 for PHP 5.6 2017-08-18 11:45:10 +02:00
Ralf Becker
bb5a845600 our error_handler did not allow to supporess just warnings
eg. by using: error_reporting(error_reporting()&~E_WARNING);
2017-03-13 16:41:12 +01:00
Hadi Nategh
3209484d31 Cover more events on XSS regexp and avoid confusion between legitimate words with beginning of "on" and on[Events] 2017-03-06 19:12:56 +01:00
nathangray
bbdd1e77c9 Skip failing false positive for PHP < 7 2017-02-08 12:32:07 -07:00
nathangray
342230ef08 Fix typo in function name 2017-02-08 12:32:07 -07:00
nathangray
d83a929254 Get tests to not fail if DB is missing - we skip the ones that need a DB 2017-02-07 16:02:06 -07:00
nathangray
eeecc2eecd Add PHPUnit tests for security, based on Ralf's previous command line tests 2017-02-07 12:28:35 -07:00
Ralf Becker
7ce511cfc1 fix json_php_unserialize to return false for not serialized content, as unserialize does and in contray to json_decode which returns null in that case
--> fixes SiteMgr no longer shows html blocks containing unserialized content
2017-01-31 11:16:51 +01:00
Ralf Becker
16689ebc27 fix use of old egw class in favor of new Api\Egw 2016-11-02 09:38:37 +01:00
Ralf Becker
1088278b37 no need to call accounts class, if we have no id 2016-08-24 19:43:37 +02:00
Ralf Becker
7455cae476 * API/ProjectManager: fixed some errors caused by no longer sharing instanciated objects not designed to be shared 2016-07-12 11:37:05 +02:00
Ralf Becker
eed6b18e3d * Mail/Api: replace decrecated Mcrypt PHP extension with OpenSSL, use AES128 with pbkdf2 streching of passwords
only new passwords get currently stored via AES, old onces are not yet automatic converted
2016-06-19 14:49:50 +02:00
Ralf Becker
bca20a9534 silence "Declaration of $class::$method should be compatible with $parent::$method" warning 2016-06-09 09:24:33 +02:00
Ralf Becker
834cc466f5 to allow installing api or EGroupware without phpgwapi, old exceptions which we have to extend in order allow old apps to catch exceptions thrown from new api, have to reside in api/inc and get autoloaded 2016-05-02 16:57:50 +00:00
Ralf Becker
cea5c69b7f move CreateObject and ExecMethod into new api 2016-05-02 14:41:48 +00:00
Ralf Becker
8315cbfee0 move egw and applications class to api including (common_)functions.inc.php 2016-04-26 14:38:08 +00:00