Commit graph

7 commits

Author SHA1 Message Date
paladox df8ad1c799 Add php code sniffer to composer
Add support for php code sniffer

Change-Id: I7dcdd88be4f1f8219f71ab770979284761e09bae
2015-09-23 10:46:14 +01:00
physikerwelt 21c89c22b1 tests: Add missing parent::tearDown() call
Follows-up 6a0af8f3b4.

Change-Id: I9418205479053c4129b6a9b888e38150799edcc5
2014-09-16 00:50:30 +00:00
Max Semenik 130c3f44f1 @group Math where it's missing
Change-Id: If8ec86c4b70d7d78d30cab6f9529af1cd0c2ea52
2014-07-25 15:09:30 -07:00
addshore 80bf30ca45 Split up some long lines in tests
Change-Id: I45be8ea1b9a9a974614354c0199e3107a5cdc23e
2014-03-11 23:32:33 +00:00
physikerwelt 94b035b26a Coverage tests for the Math extension
* Include generated tests for a better test coverage
of the Math extension.
* Compiles texvc in testsuite (if required)
* Test generator now included
* Replaces the old parser tests
* Fixes whitspace issues

Bug: 61090
Change-Id: Iff7eeb5ee72137492c3f6659e4d4d106e5715586
2014-03-11 15:35:07 +00:00
Antoine Musso 28e6a1a751 Compile texvccheck in testsuite
The MathInputCheckTexvcTest class expects texvccheck to be available
via $wgMathTexvcCheckExecutable.  It is not always set or the executable
might not have been compiled (for example on Wikimedia CI Jenkins).

This patch still attempt to use $wgMathTexvcCheckExecutable, if it is
not found it will attempt to compile it using the Makefile in the
texvccheck subfolder of the repository.  That should work whenever
someone has ocaml installed, the resulting binary is used to set
$wgMathTexvcCheckExecutable.

Bug: 61090
Change-Id: I9ea4b87de6e2827aad83961712f66ecbef2639de
2014-02-20 08:00:16 +00:00
physikerwelt 6a0af8f3b4 Validate TeX input for all renderers, not just texvc
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.

Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.

Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).

This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.

Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
2014-01-22 10:07:27 +00:00