? 201490_0.patch
? 219584_0.patch
? 225562.patch
? 27234_help_text_picture_size.patch
? 30520-empty-upload-error-D7.patch
? 344088-cache-inc-dbtng.patch
? 355496_singular_databases.patch
? book_clear_cache.patch
? cache_node_load.patch
? cache_node_load_10.patch
? cache_node_load_11.patch
? cache_node_load_12.patch
? cache_node_load_13.patch
? cache_node_load_9.patch
? cache_redirect.patch
? cache_redirect_0.patch
? cache_redirect_1.patch
? cache_redirect_2.patch
? cache_redirect_2.patch.1
? check_url.patch
? check_url_1.patch
? check_url_2.patch
? check_url_2.patch.1
? check_url_3.patch
? comment_forbidden_html.patch
? comment_rss_test_1.patch
? cufa-2.patch
? cufa.patch
? disabled_languages.patch
? drupal-menu-title_callback.patch
? drupal_http_request_2.patch
? drupal_render_32.patch
? duplicate_translations.patch
? filter_url_0.patch
? form.inc_labels4_0.patch
? form_alter_16.patch
? help.test_2.patch
? language_244162.patch
? menu_default_access_callback_5.patch
? multiple_load_conversion.patch
? multiple_load_conversion_0.patch
? multiple_load_conversion_0_0.patch
? node_type.patch
? node_type_page.patch.txt
? pager.test.patch
? preprocess.patch
? rendered.patch
? simpletest_help_2.patch
? strict-4.patch
? strstr_to_strpos_2.patch
? system-enable_3.patch
? taxonomy_delete.patch
? taxonomy_get_parents_all_0_0.patch
? taxonomy_permissions.patch
? taxonomy_permissions_7.patch
? taxonomy_term_count_nodes.patch
? taxonomy_term_count_nodes_5.patch
? taxonomy_term_count_nodes_5_0.patch
? taxonomy_term_count_nodes_6.patch
? taxonomy_term_delete_2.patch
? taxonomy_uninstall.patch
? tracker.patch
? tracker_9.patch
? translation-change.diff
? translation-change.patch
? translation-change.patch.1
? translation-prevent-duplicate.patch
? translation_change.patch
? translation_prevent_duplicate.patch
? union.patch
? user.css_.fix__0.patch
? user_357403_10.patch
? user_357403_5.patch
? user_load_multiple.patch
? user_load_multiple_6.patch
? user_load_multiple_8.patch
? user_load_multiple_9.patch
? user_validate_1_0.patch
? vocabulary_load_multiple.patch
? xmlrpcrmcheckjv.patch
? modules/simpletest/.drupal_web_test_case.php.swp
? modules/simpletest/tests/help_test.info
? modules/simpletest/tests/help_test.module
? modules/simpletest/tests/pager.test
? modules/translation/.translation.module.swp
? modules/user/.user.install.swp
? sites/all/modules
? sites/default/files
? sites/default/settings.php
? sites/default/settings.pphp
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.847
diff -u -p -r1.847 common.inc
--- includes/common.inc	14 Jan 2009 12:18:37 -0000	1.847
+++ includes/common.inc	21 Jan 2009 18:18:41 -0000
@@ -1830,7 +1830,7 @@ function l($text, $path, array $options 
     $options['attributes']['title'] = strip_tags($options['attributes']['title']);
   }
 
-  return '<a href="' . check_url(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
+  return '<a href="' . url($path, $options) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
 }
 
 /**
Index: modules/simpletest/tests/common.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/common.test,v
retrieving revision 1.21
diff -u -p -r1.21 common.test
--- modules/simpletest/tests/common.test	11 Jan 2009 08:39:08 -0000	1.21
+++ modules/simpletest/tests/common.test	21 Jan 2009 18:18:42 -0000
@@ -1,6 +1,31 @@
 <?php
 // $Id: common.test,v 1.21 2009/01/11 08:39:08 dries Exp $
 
+/**
+ * Tests for the l() function.
+ */
+class CommonLUnitTest extends CommonXSSTestCase {
+
+  function getInfo() {
+    return array(
+      'name' => t('Tests for the l() function'),
+      'description' => t('Confirm that url() works correctly with various input.'),
+      'group' => t('System'),
+    );
+  }
+
+  /**
+   * Pass in some XSS attack vectors as $path and confirm they are escaped.
+   */
+  function testLXSS() {
+    $text = $this->randomName();
+    foreach ($this->xss as $key => $path) {
+      $link = l($text, $path);
+      $this->assertTrue(strpos($link, $path) === FALSE, t('XSS attack @path was filtered', array('@path' => $path)));
+    }
+  }
+}
+
 class CommonSizeTestCase extends DrupalWebTestCase {
   protected $exact_test_cases;
   protected $rounded_test_cases;
@@ -700,4 +725,212 @@ class DrupalErrorCollectionUnitTest exte
       $this->assertEqual($error['message'], $message, t("Message was %message", array('%message' => $message)));
     }
   }
-}
\ No newline at end of file
+}
+
+/**
+ * An XSS test case that provides some tools for testing XSS.
+ *
+ * Examples taken from http://ha.ckers.org/xssAttacks.xml.
+ */
+class CommonXSSTestCase Extends DrupalWebTestCase {
+  function setUp() {
+    parent::setUp();
+    $this->xss = array(
+      '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}',
+      '\'\';!--\"<XSS>=&{()}',
+      '<SCRIPT>alert(\'XSS\')</SCRIPT>',
+      '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>',
+      '<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>',
+      '<BASE HREF=\"javascript:alert(\'XSS\');//\">',
+      '<BGSOUND SRC=\"javascript:alert(\'XSS\');\">',
+      '<BODY BACKGROUND=\"javascript:alert(\'XSS\');\">',
+      '<BODY ONLOAD=alert(\'XSS\')>',
+      '<DIV STYLE=\"background-image: url(javascript:alert(\'XSS\'))\">',
+      '<DIV STYLE=\"background-image: url(&#1;javascript:alert(\'XSS\'))\">',
+      '<DIV STYLE=\"width: expression(alert(\'XSS\'));\">',
+      '<FRAMESET><FRAME SRC=\"javascript:alert(\'XSS\');\"></FRAMESET>',
+      '<IFRAME SRC=\"javascript:alert(\'XSS\');\"></IFRAME>',
+      '<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"javascript:alert(\'XSS\');\">',
+      '<IMG SRC=javascript:alert(\'XSS\')>',
+      '<IMG DYNSRC=\"javascript:alert(\'XSS\');\">',
+      '<IMG LOWSRC=\"javascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">',
+      'Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser',
+      'exp/*<XSS STYLE=\'no\\xss:noxss(\"*//*\");
+xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))\'>',
+      '<STYLE>li {list-style-image: url(\"javascript:alert(\'XSS\')\");}</STYLE><UL><LI>XSS',
+      '<IMG SRC=\'vbscript:msgbox(\"XSS\")\'>',
+      '<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>',
+      '<IMG SRC=\"livescript:[code]\">',
+      '%BCscript%BEalert(%A2XSS%A2)%BC/script%BE',
+      '<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(\'XSS\');\">',
+      '<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">',
+      '<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"mocha:[code]\">',
+      '<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>',
+      '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>',
+      '<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>',
+      'a=\"get\";&#10;b=\"URL(\"\";&#10;c=\"javascript:\";&#10;d=\"alert(\'XSS\');\")\";
+eval(a+b+c+d);',
+      '<STYLE TYPE=\"text/javascript\">alert(\'XSS\');</STYLE>',
+      '<IMG STYLE=\"xss:expr/*XSS*/ession(alert(\'XSS\'))\">',
+      '<XSS STYLE=\"xss:expression(alert(\'XSS\'))\">',
+      '<STYLE>.XSS{background-image:url(\"javascript:alert(\'XSS\')\");}</STYLE><A CLASS=XSS></A>',
+      '<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(\'XSS\')\")}</STYLE>',
+      '<LINK REL=\"stylesheet\" HREF=\"javascript:alert(\'XSS\');\">',
+      '<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">',
+      '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>',
+      '<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">',
+      '<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>',
+      '<TABLE BACKGROUND=\"javascript:alert(\'XSS\')\"></TABLE>',
+      '<TABLE><TD BACKGROUND=\"javascript:alert(\'XSS\')\"></TD></TABLE>',
+      '<HTML xmlns:xss>
+<?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\">
+<xss:xss>XSS</xss:xss>
+</HTML>',
+      '<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert(\'XSS\');\">]]>
+</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>',
+      '<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert(\'XSS\')\"></B></I></XML>
+<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>',
+      '<XML SRC=\"http://ha.ckers.org/xsstest.xml\" ID=I></XML>
+<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>',
+      '<HTML><BODY>
+<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
+<?import namespace=\"t\" implementation=\"#default#time2\">
+<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert(\'XSS\')</SCRIPT>\"> </BODY></HTML>',
+      '<!--[if gte IE 4]>
+<SCRIPT>alert(\'XSS\');</SCRIPT>
+<![endif]-->',
+      '<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert(\'XSS\')</SCRIPT>\">',
+      '<XSS STYLE=\"behavior: url(http://ha.ckers.org/xss.htc);\">',
+      '<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>',
+      '<!--#exec cmd=\"/bin/echo \'<SCRIPT SRC\'\"--><!--#exec cmd=\"/bin/echo \'=http://ha.ckers.org/xss.js></SCRIPT>\'\"-->',
+      '<? echo(\'<SCR)\';
+echo(\'IPT>alert(\"XSS\")</SCRIPT>\'); ?>',
+      '<BR SIZE=\"&{alert(\'XSS\')}\">',
+      '<
+%3C
+&lt
+&lt;
+&LT
+&LT;
+&#60
+&#060
+&#0060
+&#00060
+&#000060
+&#0000060
+&#60;
+&#060;
+&#0060;
+&#00060;
+&#000060;
+&#0000060;
+&#x3c
+&#x03c
+&#x003c
+&#x0003c
+&#x00003c
+&#x000003c
+&#x3c;
+&#x03c;
+&#x003c;
+&#x0003c;
+&#x00003c;
+&#x000003c;
+&#X3c
+&#X03c
+&#X003c
+&#X0003c
+&#X00003c
+&#X000003c
+&#X3c;
+&#X03c;
+&#X003c;
+&#X0003c;
+&#X00003c;
+&#X000003c;
+&#x3C
+&#x03C
+&#x003C
+&#x0003C
+&#x00003C
+&#x000003C
+&#x3C;
+&#x03C;
+&#x003C;
+&#x0003C;
+&#x00003C;
+&#x000003C;
+&#X3C
+&#X03C
+&#X003C
+&#X0003C
+&#X00003C
+&#X000003C
+&#X3C;
+&#X03C;
+&#X003C;
+&#X0003C;
+&#X00003C;
+&#X000003C;
+\\x3c
+\\x3C
+\\u003c
+\\u003C',
+      '<IMG SRC=JaVaScRiPt:alert(\'XSS\')>',
+      '<IMG SRC=javascript:alert(&quot;XSS&quot;)>',
+      '<IMG SRC=`javascript:alert(\"RSnake says, \'XSS\'\")`>',
+      '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>',
+      '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>',
+      '<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>',
+      '<DIV STYLE=\"background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029\">',
+      '<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>',
+      '<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-',
+      '\\\";alert(\'XSS\');//',
+      '</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>',
+      '<STYLE>@im\\port\'\\ja\\vasc\\ript:alert(\"XSS\")\';</STYLE>',
+      '<IMG SRC=\"jav ascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"jav&#x09;ascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"jav&#x0A;ascript:alert(\'XSS\');\">',
+      '<IMG SRC=\"jav&#x0D;ascript:alert(\'XSS\');\">',
+      'perl -e \'print \"<IMG SRC=java\\0script:alert(\"XSS\")>\";\'> out',
+      'perl -e \'print \"&<SCR\\0IPT>alert(\"XSS\")</SCR\\0IPT>\";\' > out',
+      '<IMG SRC=\" &#14;  javascript:alert(\'XSS\');\">',
+      '<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>',
+      '<SCRIPT SRC=http://ha.ckers.org/xss.js',
+      '<SCRIPT SRC=//ha.ckers.org/.j>',
+      '<IMG SRC=\"javascript:alert(\'XSS\')\"',
+      '<IFRAME SRC=http://ha.ckers.org/scriptlet.html <',
+      '<<SCRIPT>alert(\"XSS\");//<</SCRIPT>',
+      '<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">',
+      '<SCRIPT>a=/XSS/
+alert(a.source)</SCRIPT>',
+      '<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT =\"blah\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT a=\"blah\" \'\' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT \"a=\'>\'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<SCRIPT a=\">\'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>',
+      '<A HREF=\"http://66.102.7.147/\">XSS</A>',
+      '<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>',
+      '<A HREF=\"http://1113982867/\">XSS</A>',
+      '<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>',
+      '<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>',
+      '<A HREF=\"h
+tt  p://6&#09;6.000146.0x7.147/\">XSS</A>',
+      '<A HREF=\"//www.google.com/\">XSS</A>',
+      '<A HREF=\"//google\">XSS</A>',
+      '<A HREF=\"http://ha.ckers.org@google\">XSS</A>',
+      '<A HREF=\"http://google:ha.ckers.org\">XSS</A>',
+      '<A HREF=\"http://google.com/\">XSS</A>',
+      '<A HREF=\"http://www.google.com./\">XSS</A>',
+      '<A HREF=\"javascript:document.location=\'http://www.google.com/\'\">XSS</A>',
+      '<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>',
+    );
+  }
+}
+