aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/test
AgeCommit message (Collapse)Author
2011-11-09More merge cleanup.Micael Karlberg
2011-11-09[httpd] GET request with malformed header date causedMicael Karlberg
server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674 Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/r14/OTP-9674' into bmk/inets/inets572_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src
2011-11-09Initial merge from r13 topic branch. With minimal cleanup.Micael Karlberg
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/r13/OTP-9674' into bmk/inets/httpd/xss_with_bad_header_date/r14/OTP-9674 Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_server/mod_responsecontrol.erl lib/inets/src/inets_app/inets.appup.src lib/inets/test/httpd_1_1.erl lib/inets/test/httpd_SUITE.erl lib/inets/test/httpd_mod.erl lib/inets/test/httpd_test_lib.erl lib/inets/vsn.mk
2011-11-09Initial merge from r13 topic branch. With minimal cleanup.Micael Karlberg
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655 Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_uri.erl lib/inets/src/http_lib/http_util.erl lib/inets/src/http_server/httpd_file.erl lib/inets/src/http_server/httpd_request.erl lib/inets/src/http_server/httpd_request_handler.erl lib/inets/src/http_server/httpd_util.erl lib/inets/src/inets_app/inets.appup.src lib/inets/test/httpc_SUITE.erl lib/inets/test/httpd_SUITE.erl lib/inets/test/httpd_basic_SUITE.erl lib/inets/test/httpd_test_lib.erl lib/inets/vsn.mk
2011-11-01[httpd] GET request with malformed header date causedMicael Karlberg
server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674
2011-10-26Uncommented ipv6 test cases.Micael Karlberg
OTP-9655
2011-10-26Fixed hex-decoding.Micael Karlberg
OTP-9655
2011-10-25Problems with proxy test cases.Micael Karlberg
OTP-9655
2011-10-25The XSS prevention methods used was confused if theMicael Karlberg
URL was encoded (hex-encoded). OTP-9655
2011-09-29Update copyright yearsBjörn-Egil Dahlberg
2011-09-19Use (error_logger) info_msg/2 instead of info_report/2,Micael Karlberg
as suggested in branch at/error_logger_calls.
2011-09-15Updated http-server to make sure URLs in error-messagesMicael Karlberg
are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application. OTP-8940 [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. Michael Santos OTP-9124
2011-09-08[httpc] Rewrote cookie parsing. Among other things solvingMicael Karlberg
cookie processing from www.expedia.com. OTP-9434
2011-09-06[httpc] Parsing of a cookie expire date should be more forgiving.Micael Karlberg
That is, if the parsing fails, the date should be ignored. Also added support for (yet another) date format: "Tue Jan 01 08:00:01 2036 GMT" OTP-9433
2011-06-22Fixed non-related ftp test case.Micael Karlberg
[ftp] FTP client doesn't work with IPv6 host. Attila Rajmund Nohl OTP-9342 Merge branch 'bmk/inets/ftp/does_not_handle_ipv6/OTP-9342' into bmk/inets/inets57_integration2
2011-06-22Fixed non-related test case (ticket_6035).Micael Karlberg
2011-06-17Fixed ipv6 support detection.Micael Karlberg
2011-06-17(httpc) test case cleanups.Micael Karlberg
2011-06-15[httpc|httpd] Added support for IPv6 with ssl.Micael Karlberg
OTP-5566 Merge branch 'bmk/inets/handle_ipv6_with_ssl2/OTP-5566' into bmk/inets/inets57_integration2 Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src lib/inets/test/inets_test_lib.erl
2011-06-15Fixed IPv6 test case selection. That is if a IPv6 test case shouldMicael Karlberg
be run or not.
2011-06-15Stopping httpc client...Micael Karlberg
2011-06-15Added test cases for httpd.Micael Karlberg
2011-06-15Clients started stand-alone not properly handled.Micael Karlberg
OTP-9365
2011-06-15SSL with IPv6 now works "in principle".Micael Karlberg
2011-05-27OTP-9342: FTP client doesn't work with IPv6Micael Karlberg
OTP-9342: IpFamily config option was not handled OTP-9342: Release notes remain... OTP-9342: <credit>attila rajmund nohl</credit>
2011-05-20Update copyright yearsBjörn-Egil Dahlberg
2011-05-13Fixit init per tescase for testcase for initial_server_connect.Micael Karlberg
For this case to work, we need crypto!
2011-05-11Fixed httpc manager crashIngela Anderton Andin
httpc manager crashes.When a request results in a retry, the request id will be "reused" in the previous implementation a race condition could occur causing the manager to crash. This is now avoided by using proc_lib:init_ack and gen_server:enter_loop to allow more advanced initialization of httpc_handlers without blocking the httpc_manger and eliminating extra processes that can cause race conditions.
2011-04-06Merge branch 'dev' into bmk/inets/inet56_integrationMicael Karlberg
2011-04-01Added crypto-start-check to undef_funcs test case.Micael Karlberg
2011-03-31Improved (httpc proxy) "test case skipping".Micael Karlberg
2011-03-30Merge branch 'hw/call-chmod-without-f' into devHenrik Nord
* hw/call-chmod-without-f: Call chmod without the "-f" flag Conflicts: erts/emulator/test/Makefile lib/asn1/test/Makefile lib/crypto/test/Makefile lib/debugger/test/Makefile lib/docbuilder/test/Makefile lib/edoc/test/Makefile lib/erl_interface/test/Makefile lib/inviso/test/Makefile lib/parsetools/test/Makefile lib/percept/test/Makefile lib/ssl/test/Makefile lib/syntax_tools/test/Makefile lib/test_server/test/Makefile lib/tools/test/Makefile OTP-9170
2011-03-28A (hopefully) temporary skip of some of the httpc proxyMicael Karlberg
test cases.
2011-03-18Merge branch 'bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124' into ↵Micael Karlberg
bmk/inets/inet56_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src
2011-03-18Merge branch ↵Micael Karlberg
'bmk/inets/httpd/make_mod_esi_deliver_accept_binary_data/OTP-9123' into bmk/inets/inet56_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src
2011-03-18Merge branch 'bmk/inets/ftp/missing_spec_causes_dialyxer_problems/OTP-9114' ↵Micael Karlberg
into bmk/inets/inet56_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src
2011-03-17Merge branch 'dev' into bmk/inets/httpc/support_upload_body_streaming/OTP-9094Micael Karlberg
Conflicts: lib/inets/doc/src/notes.xml Fixed release notes after merge.
2011-03-17Merge branch 'dev' into ↵Micael Karlberg
bmk/inets/httpd/make_mod_esi_deliver_accept_binary_data/OTP-9123
2011-03-17Merge branch 'dev' into bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124Micael Karlberg
2011-03-17Merge branch 'dev' into ↵Micael Karlberg
bmk/inets/ftp/missing_spec_causes_dialyxer_problems/OTP-9114 Also fixed a bunch of "end-years" (was 2010 but should have been 2011, which the commit hook not happy with).
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-11[httpd] Prevent XSS in error pages.Micael Karlberg
Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters.
2011-03-10Removed email address.Micael Karlberg
2011-03-09Added (type) specs for all "public" functions in the ftp module.Micael Karlberg
2011-03-07Adding missing "send loop" for raw sending.Micael Karlberg
Also fixed some of the documentation (types).
2011-03-04Merge branch 'fm/httpc-upload-body-streaming' into ↵Micael Karlberg
bmk/inets/httpc/support_upload_body_streaming/OTP-OTP-9094 Conflicts: lib/inets/src/http_client/httpc.erl lib/inets/test/httpc_SUITE.erl
2011-02-22inets: prevent XSS in error pagesMichael Santos
Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. The reserved character set should be safe for displaying data within the body of HTML pages as outlined here: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet Previously, weird URLs were URI encoded in the error page. This worked quite well but the URL would be displayed in the HTML in percent encoded format. There was also a check for URIs that were already escaped (by the browser) that would fail if the browser sent an URI containing a "%", e.g.: w3m "http://localhost:8080/<b>foo</b>?%" Also encode the HTTP method and version, since it's possible they may be manipulated: <b>FOO</b> /index.html HTTP/1.0 GET /index.html <b>foo</b>/1.0 Encode the static messages to prevent characters from being interpreted as HTML such as "heavy load (>~w processes)".
2011-02-17Update ipv6 testcase to be skipped if no ipv6 hosts are definedLukas Larsson
2011-02-17Update ftp suite to take config from ct:get_configLukas Larsson
2011-02-17Rename Suite Callback to Common Test HookLukas Larsson