[Fedora-directory-commits] dsgw/tests/doauth testpost.4,1.1,1.2

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Wed Feb 27 03:36:53 UTC 2008


Author: rmeggins

Update of /cvs/dirsec/dsgw/tests/doauth
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests/doauth

Modified Files:
	testpost.4 
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter.  These have been replaced with resource strings.  In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters.  Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)



Index: testpost.4
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/doauth/testpost.4,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- testpost.4	7 Feb 2008 22:46:57 -0000	1.1
+++ testpost.4	27 Feb 2008 03:36:51 -0000	1.2
@@ -1 +1 @@
-authdesturl=_authdesturl_param_
\ No newline at end of file
+authdesturl=http://badhost
\ No newline at end of file




More information about the Fedora-directory-commits mailing list