From fe3512cb5f5d01fa590447c2f6fa15416802b748 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 11 Oct 2021 17:05:30 +0200 Subject: [PATCH 1/8] =?UTF-8?q?N=C2=B04335=20Fix=20export=20with=20PHP=20 Date: Tue, 12 Oct 2021 11:11:11 +0200 Subject: [PATCH 2/8] =?UTF-8?q?N=C2=B04231=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 2 +- composer.lock | 14 +- lib/composer/ClassLoader.php | 117 ++- lib/composer/InstalledVersions.php | 1006 ++++++++------------------ lib/composer/autoload_classmap.php | 1 + lib/composer/autoload_static.php | 1 + lib/composer/installed.json | 12 +- lib/composer/installed.php | 875 +++++++++++----------- lib/pear/archive_tar/Archive/Tar.php | 60 +- lib/pear/archive_tar/package.xml | 23 +- 10 files changed, 927 insertions(+), 1184 deletions(-) diff --git a/composer.json b/composer.json index bf99956d3..f6ebce68d 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,7 @@ "ext-soap": "*", "combodo/tcpdf": "6.3.5", "nikic/php-parser": "^3.1", - "pear/archive_tar": "1.4.13", + "pear/archive_tar": "1.4.14", "pelago/emogrifier": "2.1.0", "scssphp/scssphp": "1.0.6", "swiftmailer/swiftmailer": "5.4.12", diff --git a/composer.lock b/composer.lock index 8fa3540a7..0a54b3c29 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "8c7f3127435b1afb67965369c50d0898", + "content-hash": "9993a936d8716519fc42cc50600cd84f", "packages": [ { "name": "combodo/tcpdf", @@ -168,16 +168,16 @@ }, { "name": "pear/archive_tar", - "version": "1.4.13", + "version": "1.4.14", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011" + "reference": "4d761c5334c790e45ef3245f0864b8955c562caa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/2b87b41178cc6d4ad3cba678a46a1cae49786011", - "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa", + "reference": "4d761c5334c790e45ef3245f0864b8955c562caa", "shasum": "" }, "require": { @@ -244,7 +244,7 @@ "type": "patreon" } ], - "time": "2021-02-16T10:50:50+00:00" + "time": "2021-07-20T13:53:39+00:00" }, { "name": "pear/console_getopt", @@ -2605,5 +2605,5 @@ "platform-overrides": { "php": "5.6.0" }, - "plugin-api-version": "2.0.0" + "plugin-api-version": "2.1.0" } diff --git a/lib/composer/ClassLoader.php b/lib/composer/ClassLoader.php index 247294d66..0cd6055d1 100644 --- a/lib/composer/ClassLoader.php +++ b/lib/composer/ClassLoader.php @@ -42,30 +42,75 @@ namespace Composer\Autoload; */ class ClassLoader { + /** @var ?string */ private $vendorDir; // PSR-4 + /** + * @var array[] + * @psalm-var array> + */ private $prefixLengthsPsr4 = array(); + /** + * @var array[] + * @psalm-var array> + */ private $prefixDirsPsr4 = array(); + /** + * @var array[] + * @psalm-var array + */ private $fallbackDirsPsr4 = array(); // PSR-0 + /** + * @var array[] + * @psalm-var array> + */ private $prefixesPsr0 = array(); + /** + * @var array[] + * @psalm-var array + */ private $fallbackDirsPsr0 = array(); + /** @var bool */ private $useIncludePath = false; + + /** + * @var string[] + * @psalm-var array + */ private $classMap = array(); + + /** @var bool */ private $classMapAuthoritative = false; + + /** + * @var bool[] + * @psalm-var array + */ private $missingClasses = array(); + + /** @var ?string */ private $apcuPrefix; + /** + * @var self[] + */ private static $registeredLoaders = array(); + /** + * @param ?string $vendorDir + */ public function __construct($vendorDir = null) { $this->vendorDir = $vendorDir; } + /** + * @return string[] + */ public function getPrefixes() { if (!empty($this->prefixesPsr0)) { @@ -75,28 +120,47 @@ class ClassLoader return array(); } + /** + * @return array[] + * @psalm-return array> + */ public function getPrefixesPsr4() { return $this->prefixDirsPsr4; } + /** + * @return array[] + * @psalm-return array + */ public function getFallbackDirs() { return $this->fallbackDirsPsr0; } + /** + * @return array[] + * @psalm-return array + */ public function getFallbackDirsPsr4() { return $this->fallbackDirsPsr4; } + /** + * @return string[] Array of classname => path + * @psalm-var array + */ public function getClassMap() { return $this->classMap; } /** - * @param array $classMap Class to filename map + * @param string[] $classMap Class to filename map + * @psalm-param array $classMap + * + * @return void */ public function addClassMap(array $classMap) { @@ -111,9 +175,11 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, either * appending or prepending to the ones previously set for this prefix. * - * @param string $prefix The prefix - * @param array|string $paths The PSR-0 root directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix + * @param string[]|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + * + * @return void */ public function add($prefix, $paths, $prepend = false) { @@ -156,11 +222,13 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, either * appending or prepending to the ones previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param array|string $paths The PSR-4 base directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param string[]|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories * * @throws \InvalidArgumentException + * + * @return void */ public function addPsr4($prefix, $paths, $prepend = false) { @@ -204,8 +272,10 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, * replacing any others previously set for this prefix. * - * @param string $prefix The prefix - * @param array|string $paths The PSR-0 base directories + * @param string $prefix The prefix + * @param string[]|string $paths The PSR-0 base directories + * + * @return void */ public function set($prefix, $paths) { @@ -220,10 +290,12 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, * replacing any others previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param array|string $paths The PSR-4 base directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param string[]|string $paths The PSR-4 base directories * * @throws \InvalidArgumentException + * + * @return void */ public function setPsr4($prefix, $paths) { @@ -243,6 +315,8 @@ class ClassLoader * Turns on searching the include path for class files. * * @param bool $useIncludePath + * + * @return void */ public function setUseIncludePath($useIncludePath) { @@ -265,6 +339,8 @@ class ClassLoader * that have not been registered with the class map. * * @param bool $classMapAuthoritative + * + * @return void */ public function setClassMapAuthoritative($classMapAuthoritative) { @@ -285,6 +361,8 @@ class ClassLoader * APCu prefix to use to cache found/not-found classes, if the extension is enabled. * * @param string|null $apcuPrefix + * + * @return void */ public function setApcuPrefix($apcuPrefix) { @@ -305,6 +383,8 @@ class ClassLoader * Registers this instance as an autoloader. * * @param bool $prepend Whether to prepend the autoloader or not + * + * @return void */ public function register($prepend = false) { @@ -324,6 +404,8 @@ class ClassLoader /** * Unregisters this instance as an autoloader. + * + * @return void */ public function unregister() { @@ -338,7 +420,7 @@ class ClassLoader * Loads the given class or interface. * * @param string $class The name of the class - * @return bool|null True if loaded, null otherwise + * @return true|null True if loaded, null otherwise */ public function loadClass($class) { @@ -347,6 +429,8 @@ class ClassLoader return true; } + + return null; } /** @@ -401,6 +485,11 @@ class ClassLoader return self::$registeredLoaders; } + /** + * @param string $class + * @param string $ext + * @return string|false + */ private function findFileWithExtension($class, $ext) { // PSR-4 lookup @@ -472,6 +561,10 @@ class ClassLoader * Scope isolated include. * * Prevents access to $this/self from included files. + * + * @param string $file + * @return void + * @private */ function includeFile($file) { diff --git a/lib/composer/InstalledVersions.php b/lib/composer/InstalledVersions.php index f97ade932..7c5502ca4 100644 --- a/lib/composer/InstalledVersions.php +++ b/lib/composer/InstalledVersions.php @@ -1,705 +1,337 @@ + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ namespace Composer; use Composer\Autoload\ClassLoader; use Composer\Semver\VersionParser; - - - - - - - +/** + * This class is copied in every Composer installed project and available to all + * + * See also https://getcomposer.org/doc/07-runtime.md#installed-versions + * + * To require its presence, you can require `composer-runtime-api ^2.0` + */ class InstalledVersions { -private static $installed = array ( - 'root' => - array ( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'aliases' => - array ( - ), - 'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8', - 'name' => '__root__', - ), - 'versions' => - array ( - '__root__' => - array ( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'aliases' => - array ( - ), - 'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8', - ), - 'combodo/tcpdf' => - array ( - 'pretty_version' => '6.3.5', - 'version' => '6.3.5.0', - 'aliases' => - array ( - ), - 'reference' => 'aedd4b7b8cf7fcc24e617c405c9d3304150f4b94', - ), - 'nikic/php-parser' => - array ( - 'pretty_version' => 'v3.1.5', - 'version' => '3.1.5.0', - 'aliases' => - array ( - ), - 'reference' => 'bb87e28e7d7b8d9a7fda231d37457c9210faf6ce', - ), - 'paragonie/random_compat' => - array ( - 'pretty_version' => 'v2.0.18', - 'version' => '2.0.18.0', - 'aliases' => - array ( - ), - 'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db', - ), - 'pear/archive_tar' => - array ( - 'pretty_version' => '1.4.13', - 'version' => '1.4.13.0', - 'aliases' => - array ( - ), - 'reference' => '2b87b41178cc6d4ad3cba678a46a1cae49786011', - ), - 'pear/console_getopt' => - array ( - 'pretty_version' => 'v1.4.3', - 'version' => '1.4.3.0', - 'aliases' => - array ( - ), - 'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0', - ), - 'pear/pear-core-minimal' => - array ( - 'pretty_version' => 'v1.10.10', - 'version' => '1.10.10.0', - 'aliases' => - array ( - ), - 'reference' => '625a3c429d9b2c1546438679074cac1b089116a7', - ), - 'pear/pear_exception' => - array ( - 'pretty_version' => 'v1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7', - ), - 'pelago/emogrifier' => - array ( - 'pretty_version' => 'v2.1.0', - 'version' => '2.1.0.0', - 'aliases' => - array ( - ), - 'reference' => '40c3d4f475d44ffc7265a760d1dd0e81f579f96f', - ), - 'psr/cache' => - array ( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8', - ), - 'psr/cache-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/container' => - array ( - 'pretty_version' => '1.0.0', - 'version' => '1.0.0.0', - 'aliases' => - array ( - ), - 'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f', - ), - 'psr/container-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/log' => - array ( - 'pretty_version' => '1.1.2', - 'version' => '1.1.2.0', - 'aliases' => - array ( - ), - 'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801', - ), - 'psr/log-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/simple-cache' => - array ( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b', - ), - 'psr/simple-cache-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'rsky/pear-core-min' => - array ( - 'replaced' => - array ( - 0 => 'v1.10.10', - ), - ), - 'scssphp/scssphp' => - array ( - 'pretty_version' => '1.0.6', - 'version' => '1.0.6.0', - 'aliases' => - array ( - ), - 'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c', - ), - 'swiftmailer/swiftmailer' => - array ( - 'pretty_version' => 'v5.4.12', - 'version' => '5.4.12.0', - 'aliases' => - array ( - ), - 'reference' => '181b89f18a90f8925ef805f950d47a7190e9b950', - ), - 'symfony/cache' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '3d9f46a6960fd5cd7f030f86adc5b4b63bcfa4e3', - ), - 'symfony/class-loader' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'e212b06996819a2bce026a63da03b7182d05a690', - ), - 'symfony/config' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'a599a867d0e4a07c342b5f1e656b3915a540ddbe', - ), - 'symfony/console' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '1ee23b3b659b06c622f2bd2492a229e416eb4586', - ), - 'symfony/css-selector' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f819f71ae3ba6f396b4c015bd5895de7d2f1f85f', - ), - 'symfony/debug' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f72e33fdb1170b326e72c3157f0cd456351dd086', - ), - 'symfony/dependency-injection' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '0d201916bfb3af939fec3c0c8815ea16c60ac1a2', - ), - 'symfony/dotenv' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'c7e8e471fea74e868ae797970b383dea89ae548a', - ), - 'symfony/event-dispatcher' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f9031c22ec127d4a2450760f81a8677fe8a10177', - ), - 'symfony/filesystem' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '00cdad0936d06fab136944bc2342b762b1c3a4a2', - ), - 'symfony/finder' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '290ae21279b37bfd287cdcce640d51204e84afdf', - ), - 'symfony/framework-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '0d61117c7a770da0bd8bbe7ccfa34d8063f272ea', - ), - 'symfony/http-foundation' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'd2d0cfe8e319d9df44c4cca570710fcf221d4593', - ), - 'symfony/http-kernel' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'c42c8339acb28cfff0fb1786948db4d23d609ff7', - ), - 'symfony/polyfill-apcu' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'a8e961c841b9ec52927a87914f8820a1ad8f8116', - ), - 'symfony/polyfill-ctype' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'f8f0b461be3385e56d6de3dbb5a0df24c0c275e3', - ), - 'symfony/polyfill-mbstring' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '7b4aab9743c30be783b73de055d24a39cf4b954f', - ), - 'symfony/polyfill-php56' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '53dd1cdf3cb986893ccf2b96665b25b3abb384f4', - ), - 'symfony/polyfill-php70' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'af23c7bb26a73b850840823662dda371484926c4', - ), - 'symfony/polyfill-util' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '964a67f293b66b95883a5ed918a65354fcd2258f', - ), - 'symfony/routing' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'b689ccd48e234ea404806d94b07eeb45f9f6f06a', - ), - 'symfony/stopwatch' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'efe0af281ad336bc3b10375c88b117499f1d8494', - ), - 'symfony/twig-bridge' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '49b824ddc7f2d250a1f172349cd9a111d63287c0', - ), - 'symfony/twig-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'd39ed8f5df62aeeeb27a6f3bf7f58a6c02a58ea9', - ), - 'symfony/var-dumper' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '569e261461600810845a8305ca3f64abd3e712c0', - ), - 'symfony/web-profiler-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '3ae27cf1b2776cd68aa15fdb57089970f78bcf11', - ), - 'symfony/yaml' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'dab657db15207879217fc81df4f875947bf68804', - ), - 'tecnickcom/tcpdf' => - array ( - 'replaced' => - array ( - 0 => '6.3.5', - ), - ), - 'twig/twig' => - array ( - 'pretty_version' => 'v1.42.4', - 'version' => '1.42.4.0', - 'aliases' => - array ( - ), - 'reference' => 'e587180584c3d2d6cb864a0454e777bb6dcb6152', - ), - ), -); -private static $canGetVendors; -private static $installedByVendor = array(); + private static $installed; + private static $canGetVendors; + private static $installedByVendor = array(); + /** + * Returns a list of all package names which are present, either by being installed, replaced or provided + * + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackages() + { + $packages = array(); + foreach (self::getInstalled() as $installed) { + $packages[] = array_keys($installed['versions']); + } + if (1 === \count($packages)) { + return $packages[0]; + } + return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); + } + /** + * Returns a list of all package names with a specific type e.g. 'library' + * + * @param string $type + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackagesByType($type) + { + $packagesByType = array(); + foreach (self::getInstalled() as $installed) { + foreach ($installed['versions'] as $name => $package) { + if (isset($package['type']) && $package['type'] === $type) { + $packagesByType[] = $name; + } + } + } + return $packagesByType; + } -public static function getInstalledPackages() -{ -$packages = array(); -foreach (self::getInstalled() as $installed) { -$packages[] = array_keys($installed['versions']); -} - -if (1 === \count($packages)) { -return $packages[0]; -} - -return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); -} - - - - - - - - - -public static function isInstalled($packageName) -{ -foreach (self::getInstalled() as $installed) { -if (isset($installed['versions'][$packageName])) { -return true; -} -} - -return false; -} - - - - - - - - - - - - - - -public static function satisfies(VersionParser $parser, $packageName, $constraint) -{ -$constraint = $parser->parseConstraints($constraint); -$provided = $parser->parseConstraints(self::getVersionRanges($packageName)); - -return $provided->matches($constraint); -} - - - - - - - - - - -public static function getVersionRanges($packageName) -{ -foreach (self::getInstalled() as $installed) { -if (!isset($installed['versions'][$packageName])) { -continue; -} - -$ranges = array(); -if (isset($installed['versions'][$packageName]['pretty_version'])) { -$ranges[] = $installed['versions'][$packageName]['pretty_version']; -} -if (array_key_exists('aliases', $installed['versions'][$packageName])) { -$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); -} -if (array_key_exists('replaced', $installed['versions'][$packageName])) { -$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); -} -if (array_key_exists('provided', $installed['versions'][$packageName])) { -$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); -} - -return implode(' || ', $ranges); -} - -throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); -} - - - - - -public static function getVersion($packageName) -{ -foreach (self::getInstalled() as $installed) { -if (!isset($installed['versions'][$packageName])) { -continue; -} - -if (!isset($installed['versions'][$packageName]['version'])) { -return null; -} - -return $installed['versions'][$packageName]['version']; -} - -throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); -} - - - - - -public static function getPrettyVersion($packageName) -{ -foreach (self::getInstalled() as $installed) { -if (!isset($installed['versions'][$packageName])) { -continue; -} - -if (!isset($installed['versions'][$packageName]['pretty_version'])) { -return null; -} - -return $installed['versions'][$packageName]['pretty_version']; -} - -throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); -} - - - - - -public static function getReference($packageName) -{ -foreach (self::getInstalled() as $installed) { -if (!isset($installed['versions'][$packageName])) { -continue; -} - -if (!isset($installed['versions'][$packageName]['reference'])) { -return null; -} - -return $installed['versions'][$packageName]['reference']; -} - -throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); -} - - - - - -public static function getRootPackage() -{ -$installed = self::getInstalled(); - -return $installed[0]['root']; -} - - - - - - - -public static function getRawData() -{ -return self::$installed; -} - - - - - - - - - - - - - - - - - - - -public static function reload($data) -{ -self::$installed = $data; -self::$installedByVendor = array(); -} - - - - - -private static function getInstalled() -{ -if (null === self::$canGetVendors) { -self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); -} - -$installed = array(); - -if (self::$canGetVendors) { -foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { -if (isset(self::$installedByVendor[$vendorDir])) { -$installed[] = self::$installedByVendor[$vendorDir]; -} elseif (is_file($vendorDir.'/composer/installed.php')) { -$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; -} -} -} - -$installed[] = self::$installed; - -return $installed; -} + /** + * Checks whether the given package is installed + * + * This also returns true if the package name is provided or replaced by another package + * + * @param string $packageName + * @param bool $includeDevRequirements + * @return bool + */ + public static function isInstalled($packageName, $includeDevRequirements = true) + { + foreach (self::getInstalled() as $installed) { + if (isset($installed['versions'][$packageName])) { + return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']); + } + } + + return false; + } + + /** + * Checks whether the given package satisfies a version constraint + * + * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: + * + * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') + * + * @param VersionParser $parser Install composer/semver to have access to this class and functionality + * @param string $packageName + * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package + * @return bool + */ + public static function satisfies(VersionParser $parser, $packageName, $constraint) + { + $constraint = $parser->parseConstraints($constraint); + $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + + return $provided->matches($constraint); + } + + /** + * Returns a version constraint representing all the range(s) which are installed for a given package + * + * It is easier to use this via isInstalled() with the $constraint argument if you need to check + * whether a given version of a package is installed, and not just whether it exists + * + * @param string $packageName + * @return string Version constraint usable with composer/semver + */ + public static function getVersionRanges($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + $ranges = array(); + if (isset($installed['versions'][$packageName]['pretty_version'])) { + $ranges[] = $installed['versions'][$packageName]['pretty_version']; + } + if (array_key_exists('aliases', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); + } + if (array_key_exists('replaced', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); + } + if (array_key_exists('provided', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); + } + + return implode(' || ', $ranges); + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['version'])) { + return null; + } + + return $installed['versions'][$packageName]['version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getPrettyVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['pretty_version'])) { + return null; + } + + return $installed['versions'][$packageName]['pretty_version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference + */ + public static function getReference($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['reference'])) { + return null; + } + + return $installed['versions'][$packageName]['reference']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. + */ + public static function getInstallPath($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @return array + * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string} + */ + public static function getRootPackage() + { + $installed = self::getInstalled(); + + return $installed[0]['root']; + } + + /** + * Returns the raw installed.php data for custom implementations + * + * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. + * @return array[] + * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array} + */ + public static function getRawData() + { + @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + self::$installed = include __DIR__ . '/installed.php'; + } else { + self::$installed = array(); + } + } + + return self::$installed; + } + + /** + * Returns the raw data of all installed.php which are currently loaded for custom implementations + * + * @return array[] + * @psalm-return list}> + */ + public static function getAllRawData() + { + return self::getInstalled(); + } + + /** + * Lets you reload the static array from another file + * + * This is only useful for complex integrations in which a project needs to use + * this class but then also needs to execute another project's autoloader in process, + * and wants to ensure both projects have access to their version of installed.php. + * + * A typical case would be PHPUnit, where it would need to make sure it reads all + * the data it needs from this class, then call reload() with + * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure + * the project in which it runs can then also use this class safely, without + * interference between PHPUnit's dependencies and the project's dependencies. + * + * @param array[] $data A vendor/composer/installed.php data set + * @return void + * + * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array} $data + */ + public static function reload($data) + { + self::$installed = $data; + self::$installedByVendor = array(); + } + + /** + * @return array[] + * @psalm-return list}> + */ + private static function getInstalled() + { + if (null === self::$canGetVendors) { + self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); + } + + $installed = array(); + + if (self::$canGetVendors) { + foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { + if (isset(self::$installedByVendor[$vendorDir])) { + $installed[] = self::$installedByVendor[$vendorDir]; + } elseif (is_file($vendorDir.'/composer/installed.php')) { + $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; + if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { + self::$installed = $installed[count($installed) - 1]; + } + } + } + } + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + self::$installed = require __DIR__ . '/installed.php'; + } else { + self::$installed = array(); + } + } + $installed[] = self::$installed; + + return $installed; + } } diff --git a/lib/composer/autoload_classmap.php b/lib/composer/autoload_classmap.php index d3c442c0d..d0b7f9d7b 100644 --- a/lib/composer/autoload_classmap.php +++ b/lib/composer/autoload_classmap.php @@ -288,6 +288,7 @@ return array( 'ListExpression' => $baseDir . '/core/oql/expression.class.inc.php', 'ListOqlExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php', 'LogAPI' => $baseDir . '/core/log.class.inc.php', + 'LogChannels' => $baseDir . '/core/log.class.inc.php', 'LogFileNameBuilderFactory' => $baseDir . '/core/log.class.inc.php', 'LogFileRotationProcess' => $baseDir . '/core/log.class.inc.php', 'LoginBlockExtension' => $baseDir . '/application/logintwig.class.inc.php', diff --git a/lib/composer/autoload_static.php b/lib/composer/autoload_static.php index 502ed9369..5e1472ce4 100644 --- a/lib/composer/autoload_static.php +++ b/lib/composer/autoload_static.php @@ -518,6 +518,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b 'ListExpression' => __DIR__ . '/../..' . '/core/oql/expression.class.inc.php', 'ListOqlExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php', 'LogAPI' => __DIR__ . '/../..' . '/core/log.class.inc.php', + 'LogChannels' => __DIR__ . '/../..' . '/core/log.class.inc.php', 'LogFileNameBuilderFactory' => __DIR__ . '/../..' . '/core/log.class.inc.php', 'LogFileRotationProcess' => __DIR__ . '/../..' . '/core/log.class.inc.php', 'LoginBlockExtension' => __DIR__ . '/../..' . '/application/logintwig.class.inc.php', diff --git a/lib/composer/installed.json b/lib/composer/installed.json index ab7210483..4676c9db6 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -171,17 +171,17 @@ }, { "name": "pear/archive_tar", - "version": "1.4.13", - "version_normalized": "1.4.13.0", + "version": "1.4.14", + "version_normalized": "1.4.14.0", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011" + "reference": "4d761c5334c790e45ef3245f0864b8955c562caa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/2b87b41178cc6d4ad3cba678a46a1cae49786011", - "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa", + "reference": "4d761c5334c790e45ef3245f0864b8955c562caa", "shasum": "" }, "require": { @@ -196,7 +196,7 @@ "ext-xz": "Lzma2 compression support.", "ext-zlib": "Gzip compression support." }, - "time": "2021-02-16T10:50:50+00:00", + "time": "2021-07-20T13:53:39+00:00", "type": "library", "extra": { "branch-alias": { diff --git a/lib/composer/installed.php b/lib/composer/installed.php index 2a3443304..ac9065b0a 100644 --- a/lib/composer/installed.php +++ b/lib/composer/installed.php @@ -1,444 +1,437 @@ - - array ( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'aliases' => - array ( + array( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'type' => 'project', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'reference' => 'fe3512cb5f5d01fa590447c2f6fa15416802b748', + 'name' => '__root__', + 'dev' => true, ), - 'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8', - 'name' => '__root__', - ), - 'versions' => - array ( - '__root__' => - array ( - 'pretty_version' => 'dev-develop', - 'version' => 'dev-develop', - 'aliases' => - array ( - ), - 'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8', + 'versions' => array( + '__root__' => array( + 'pretty_version' => 'dev-develop', + 'version' => 'dev-develop', + 'type' => 'project', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'reference' => 'fe3512cb5f5d01fa590447c2f6fa15416802b748', + 'dev_requirement' => false, + ), + 'combodo/tcpdf' => array( + 'pretty_version' => '6.3.5', + 'version' => '6.3.5.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../combodo/tcpdf', + 'aliases' => array(), + 'reference' => 'aedd4b7b8cf7fcc24e617c405c9d3304150f4b94', + 'dev_requirement' => false, + ), + 'nikic/php-parser' => array( + 'pretty_version' => 'v3.1.5', + 'version' => '3.1.5.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../nikic/php-parser', + 'aliases' => array(), + 'reference' => 'bb87e28e7d7b8d9a7fda231d37457c9210faf6ce', + 'dev_requirement' => false, + ), + 'paragonie/random_compat' => array( + 'pretty_version' => 'v2.0.18', + 'version' => '2.0.18.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../paragonie/random_compat', + 'aliases' => array(), + 'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db', + 'dev_requirement' => false, + ), + 'pear/archive_tar' => array( + 'pretty_version' => '1.4.14', + 'version' => '1.4.14.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../pear/archive_tar', + 'aliases' => array(), + 'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa', + 'dev_requirement' => false, + ), + 'pear/console_getopt' => array( + 'pretty_version' => 'v1.4.3', + 'version' => '1.4.3.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../pear/console_getopt', + 'aliases' => array(), + 'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0', + 'dev_requirement' => false, + ), + 'pear/pear-core-minimal' => array( + 'pretty_version' => 'v1.10.10', + 'version' => '1.10.10.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../pear/pear-core-minimal', + 'aliases' => array(), + 'reference' => '625a3c429d9b2c1546438679074cac1b089116a7', + 'dev_requirement' => false, + ), + 'pear/pear_exception' => array( + 'pretty_version' => 'v1.0.1', + 'version' => '1.0.1.0', + 'type' => 'class', + 'install_path' => __DIR__ . '/../pear/pear_exception', + 'aliases' => array(), + 'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7', + 'dev_requirement' => false, + ), + 'pelago/emogrifier' => array( + 'pretty_version' => 'v2.1.0', + 'version' => '2.1.0.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../pelago/emogrifier', + 'aliases' => array(), + 'reference' => '40c3d4f475d44ffc7265a760d1dd0e81f579f96f', + 'dev_requirement' => false, + ), + 'psr/cache' => array( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../psr/cache', + 'aliases' => array(), + 'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8', + 'dev_requirement' => false, + ), + 'psr/cache-implementation' => array( + 'dev_requirement' => false, + 'provided' => array( + 0 => '1.0', + ), + ), + 'psr/container' => array( + 'pretty_version' => '1.0.0', + 'version' => '1.0.0.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../psr/container', + 'aliases' => array(), + 'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f', + 'dev_requirement' => false, + ), + 'psr/container-implementation' => array( + 'dev_requirement' => false, + 'provided' => array( + 0 => '1.0', + ), + ), + 'psr/log' => array( + 'pretty_version' => '1.1.2', + 'version' => '1.1.2.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../psr/log', + 'aliases' => array(), + 'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801', + 'dev_requirement' => false, + ), + 'psr/log-implementation' => array( + 'dev_requirement' => false, + 'provided' => array( + 0 => '1.0', + ), + ), + 'psr/simple-cache' => array( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../psr/simple-cache', + 'aliases' => array(), + 'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b', + 'dev_requirement' => false, + ), + 'psr/simple-cache-implementation' => array( + 'dev_requirement' => false, + 'provided' => array( + 0 => '1.0', + ), + ), + 'rsky/pear-core-min' => array( + 'dev_requirement' => false, + 'replaced' => array( + 0 => 'v1.10.10', + ), + ), + 'scssphp/scssphp' => array( + 'pretty_version' => '1.0.6', + 'version' => '1.0.6.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../scssphp/scssphp', + 'aliases' => array(), + 'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c', + 'dev_requirement' => false, + ), + 'swiftmailer/swiftmailer' => array( + 'pretty_version' => 'v5.4.12', + 'version' => '5.4.12.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../swiftmailer/swiftmailer', + 'aliases' => array(), + 'reference' => '181b89f18a90f8925ef805f950d47a7190e9b950', + 'dev_requirement' => false, + ), + 'symfony/cache' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/cache', + 'aliases' => array(), + 'reference' => '3d9f46a6960fd5cd7f030f86adc5b4b63bcfa4e3', + 'dev_requirement' => false, + ), + 'symfony/class-loader' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/class-loader', + 'aliases' => array(), + 'reference' => 'e212b06996819a2bce026a63da03b7182d05a690', + 'dev_requirement' => false, + ), + 'symfony/config' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/config', + 'aliases' => array(), + 'reference' => 'a599a867d0e4a07c342b5f1e656b3915a540ddbe', + 'dev_requirement' => false, + ), + 'symfony/console' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/console', + 'aliases' => array(), + 'reference' => '1ee23b3b659b06c622f2bd2492a229e416eb4586', + 'dev_requirement' => false, + ), + 'symfony/css-selector' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/css-selector', + 'aliases' => array(), + 'reference' => 'f819f71ae3ba6f396b4c015bd5895de7d2f1f85f', + 'dev_requirement' => false, + ), + 'symfony/debug' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/debug', + 'aliases' => array(), + 'reference' => 'f72e33fdb1170b326e72c3157f0cd456351dd086', + 'dev_requirement' => false, + ), + 'symfony/dependency-injection' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/dependency-injection', + 'aliases' => array(), + 'reference' => '0d201916bfb3af939fec3c0c8815ea16c60ac1a2', + 'dev_requirement' => false, + ), + 'symfony/dotenv' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/dotenv', + 'aliases' => array(), + 'reference' => 'c7e8e471fea74e868ae797970b383dea89ae548a', + 'dev_requirement' => false, + ), + 'symfony/event-dispatcher' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/event-dispatcher', + 'aliases' => array(), + 'reference' => 'f9031c22ec127d4a2450760f81a8677fe8a10177', + 'dev_requirement' => false, + ), + 'symfony/filesystem' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/filesystem', + 'aliases' => array(), + 'reference' => '00cdad0936d06fab136944bc2342b762b1c3a4a2', + 'dev_requirement' => false, + ), + 'symfony/finder' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/finder', + 'aliases' => array(), + 'reference' => '290ae21279b37bfd287cdcce640d51204e84afdf', + 'dev_requirement' => false, + ), + 'symfony/framework-bundle' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'symfony-bundle', + 'install_path' => __DIR__ . '/../symfony/framework-bundle', + 'aliases' => array(), + 'reference' => '0d61117c7a770da0bd8bbe7ccfa34d8063f272ea', + 'dev_requirement' => false, + ), + 'symfony/http-foundation' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/http-foundation', + 'aliases' => array(), + 'reference' => 'd2d0cfe8e319d9df44c4cca570710fcf221d4593', + 'dev_requirement' => false, + ), + 'symfony/http-kernel' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/http-kernel', + 'aliases' => array(), + 'reference' => 'c42c8339acb28cfff0fb1786948db4d23d609ff7', + 'dev_requirement' => false, + ), + 'symfony/polyfill-apcu' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-apcu', + 'aliases' => array(), + 'reference' => 'a8e961c841b9ec52927a87914f8820a1ad8f8116', + 'dev_requirement' => false, + ), + 'symfony/polyfill-ctype' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-ctype', + 'aliases' => array(), + 'reference' => 'f8f0b461be3385e56d6de3dbb5a0df24c0c275e3', + 'dev_requirement' => false, + ), + 'symfony/polyfill-mbstring' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-mbstring', + 'aliases' => array(), + 'reference' => '7b4aab9743c30be783b73de055d24a39cf4b954f', + 'dev_requirement' => false, + ), + 'symfony/polyfill-php56' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-php56', + 'aliases' => array(), + 'reference' => '53dd1cdf3cb986893ccf2b96665b25b3abb384f4', + 'dev_requirement' => false, + ), + 'symfony/polyfill-php70' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-php70', + 'aliases' => array(), + 'reference' => 'af23c7bb26a73b850840823662dda371484926c4', + 'dev_requirement' => false, + ), + 'symfony/polyfill-util' => array( + 'pretty_version' => 'v1.13.1', + 'version' => '1.13.1.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/polyfill-util', + 'aliases' => array(), + 'reference' => '964a67f293b66b95883a5ed918a65354fcd2258f', + 'dev_requirement' => false, + ), + 'symfony/routing' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/routing', + 'aliases' => array(), + 'reference' => 'b689ccd48e234ea404806d94b07eeb45f9f6f06a', + 'dev_requirement' => false, + ), + 'symfony/stopwatch' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/stopwatch', + 'aliases' => array(), + 'reference' => 'efe0af281ad336bc3b10375c88b117499f1d8494', + 'dev_requirement' => true, + ), + 'symfony/twig-bridge' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'symfony-bridge', + 'install_path' => __DIR__ . '/../symfony/twig-bridge', + 'aliases' => array(), + 'reference' => '49b824ddc7f2d250a1f172349cd9a111d63287c0', + 'dev_requirement' => false, + ), + 'symfony/twig-bundle' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'symfony-bundle', + 'install_path' => __DIR__ . '/../symfony/twig-bundle', + 'aliases' => array(), + 'reference' => 'd39ed8f5df62aeeeb27a6f3bf7f58a6c02a58ea9', + 'dev_requirement' => false, + ), + 'symfony/var-dumper' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/var-dumper', + 'aliases' => array(), + 'reference' => '569e261461600810845a8305ca3f64abd3e712c0', + 'dev_requirement' => true, + ), + 'symfony/web-profiler-bundle' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'symfony-bundle', + 'install_path' => __DIR__ . '/../symfony/web-profiler-bundle', + 'aliases' => array(), + 'reference' => '3ae27cf1b2776cd68aa15fdb57089970f78bcf11', + 'dev_requirement' => true, + ), + 'symfony/yaml' => array( + 'pretty_version' => 'v3.4.36', + 'version' => '3.4.36.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../symfony/yaml', + 'aliases' => array(), + 'reference' => 'dab657db15207879217fc81df4f875947bf68804', + 'dev_requirement' => false, + ), + 'tecnickcom/tcpdf' => array( + 'dev_requirement' => false, + 'replaced' => array( + 0 => '6.3.5', + ), + ), + 'twig/twig' => array( + 'pretty_version' => 'v1.42.4', + 'version' => '1.42.4.0', + 'type' => 'library', + 'install_path' => __DIR__ . '/../twig/twig', + 'aliases' => array(), + 'reference' => 'e587180584c3d2d6cb864a0454e777bb6dcb6152', + 'dev_requirement' => false, + ), ), - 'combodo/tcpdf' => - array ( - 'pretty_version' => '6.3.5', - 'version' => '6.3.5.0', - 'aliases' => - array ( - ), - 'reference' => 'aedd4b7b8cf7fcc24e617c405c9d3304150f4b94', - ), - 'nikic/php-parser' => - array ( - 'pretty_version' => 'v3.1.5', - 'version' => '3.1.5.0', - 'aliases' => - array ( - ), - 'reference' => 'bb87e28e7d7b8d9a7fda231d37457c9210faf6ce', - ), - 'paragonie/random_compat' => - array ( - 'pretty_version' => 'v2.0.18', - 'version' => '2.0.18.0', - 'aliases' => - array ( - ), - 'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db', - ), - 'pear/archive_tar' => - array ( - 'pretty_version' => '1.4.13', - 'version' => '1.4.13.0', - 'aliases' => - array ( - ), - 'reference' => '2b87b41178cc6d4ad3cba678a46a1cae49786011', - ), - 'pear/console_getopt' => - array ( - 'pretty_version' => 'v1.4.3', - 'version' => '1.4.3.0', - 'aliases' => - array ( - ), - 'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0', - ), - 'pear/pear-core-minimal' => - array ( - 'pretty_version' => 'v1.10.10', - 'version' => '1.10.10.0', - 'aliases' => - array ( - ), - 'reference' => '625a3c429d9b2c1546438679074cac1b089116a7', - ), - 'pear/pear_exception' => - array ( - 'pretty_version' => 'v1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7', - ), - 'pelago/emogrifier' => - array ( - 'pretty_version' => 'v2.1.0', - 'version' => '2.1.0.0', - 'aliases' => - array ( - ), - 'reference' => '40c3d4f475d44ffc7265a760d1dd0e81f579f96f', - ), - 'psr/cache' => - array ( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8', - ), - 'psr/cache-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/container' => - array ( - 'pretty_version' => '1.0.0', - 'version' => '1.0.0.0', - 'aliases' => - array ( - ), - 'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f', - ), - 'psr/container-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/log' => - array ( - 'pretty_version' => '1.1.2', - 'version' => '1.1.2.0', - 'aliases' => - array ( - ), - 'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801', - ), - 'psr/log-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'psr/simple-cache' => - array ( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'aliases' => - array ( - ), - 'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b', - ), - 'psr/simple-cache-implementation' => - array ( - 'provided' => - array ( - 0 => '1.0', - ), - ), - 'rsky/pear-core-min' => - array ( - 'replaced' => - array ( - 0 => 'v1.10.10', - ), - ), - 'scssphp/scssphp' => - array ( - 'pretty_version' => '1.0.6', - 'version' => '1.0.6.0', - 'aliases' => - array ( - ), - 'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c', - ), - 'swiftmailer/swiftmailer' => - array ( - 'pretty_version' => 'v5.4.12', - 'version' => '5.4.12.0', - 'aliases' => - array ( - ), - 'reference' => '181b89f18a90f8925ef805f950d47a7190e9b950', - ), - 'symfony/cache' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '3d9f46a6960fd5cd7f030f86adc5b4b63bcfa4e3', - ), - 'symfony/class-loader' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'e212b06996819a2bce026a63da03b7182d05a690', - ), - 'symfony/config' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'a599a867d0e4a07c342b5f1e656b3915a540ddbe', - ), - 'symfony/console' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '1ee23b3b659b06c622f2bd2492a229e416eb4586', - ), - 'symfony/css-selector' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f819f71ae3ba6f396b4c015bd5895de7d2f1f85f', - ), - 'symfony/debug' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f72e33fdb1170b326e72c3157f0cd456351dd086', - ), - 'symfony/dependency-injection' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '0d201916bfb3af939fec3c0c8815ea16c60ac1a2', - ), - 'symfony/dotenv' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'c7e8e471fea74e868ae797970b383dea89ae548a', - ), - 'symfony/event-dispatcher' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'f9031c22ec127d4a2450760f81a8677fe8a10177', - ), - 'symfony/filesystem' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '00cdad0936d06fab136944bc2342b762b1c3a4a2', - ), - 'symfony/finder' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '290ae21279b37bfd287cdcce640d51204e84afdf', - ), - 'symfony/framework-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '0d61117c7a770da0bd8bbe7ccfa34d8063f272ea', - ), - 'symfony/http-foundation' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'd2d0cfe8e319d9df44c4cca570710fcf221d4593', - ), - 'symfony/http-kernel' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'c42c8339acb28cfff0fb1786948db4d23d609ff7', - ), - 'symfony/polyfill-apcu' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'a8e961c841b9ec52927a87914f8820a1ad8f8116', - ), - 'symfony/polyfill-ctype' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'f8f0b461be3385e56d6de3dbb5a0df24c0c275e3', - ), - 'symfony/polyfill-mbstring' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '7b4aab9743c30be783b73de055d24a39cf4b954f', - ), - 'symfony/polyfill-php56' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '53dd1cdf3cb986893ccf2b96665b25b3abb384f4', - ), - 'symfony/polyfill-php70' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => 'af23c7bb26a73b850840823662dda371484926c4', - ), - 'symfony/polyfill-util' => - array ( - 'pretty_version' => 'v1.13.1', - 'version' => '1.13.1.0', - 'aliases' => - array ( - ), - 'reference' => '964a67f293b66b95883a5ed918a65354fcd2258f', - ), - 'symfony/routing' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'b689ccd48e234ea404806d94b07eeb45f9f6f06a', - ), - 'symfony/stopwatch' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'efe0af281ad336bc3b10375c88b117499f1d8494', - ), - 'symfony/twig-bridge' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '49b824ddc7f2d250a1f172349cd9a111d63287c0', - ), - 'symfony/twig-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'd39ed8f5df62aeeeb27a6f3bf7f58a6c02a58ea9', - ), - 'symfony/var-dumper' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '569e261461600810845a8305ca3f64abd3e712c0', - ), - 'symfony/web-profiler-bundle' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => '3ae27cf1b2776cd68aa15fdb57089970f78bcf11', - ), - 'symfony/yaml' => - array ( - 'pretty_version' => 'v3.4.36', - 'version' => '3.4.36.0', - 'aliases' => - array ( - ), - 'reference' => 'dab657db15207879217fc81df4f875947bf68804', - ), - 'tecnickcom/tcpdf' => - array ( - 'replaced' => - array ( - 0 => '6.3.5', - ), - ), - 'twig/twig' => - array ( - 'pretty_version' => 'v1.42.4', - 'version' => '1.42.4.0', - 'aliases' => - array ( - ), - 'reference' => 'e587180584c3d2d6cb864a0454e777bb6dcb6152', - ), - ), ); diff --git a/lib/pear/archive_tar/Archive/Tar.php b/lib/pear/archive_tar/Archive/Tar.php index a8c9501cc..3356ad6ac 100644 --- a/lib/pear/archive_tar/Archive/Tar.php +++ b/lib/pear/archive_tar/Archive/Tar.php @@ -2124,32 +2124,6 @@ class Archive_Tar extends PEAR } } } elseif ($v_header['typeflag'] == "2") { - $link_depth = 0; - foreach (explode("/", $v_header['filename']) as $dir) { - if ($dir === "..") { - $link_depth--; - } elseif ($dir !== "" && $dir !== "." ) { - $link_depth++; - } - } - foreach (explode("/", $v_header['link']) as $dir){ - if ($link_depth <= 0) { - break; - } - if ($dir === "..") { - $link_depth--; - } elseif ($dir !== "" && $dir !== ".") { - $link_depth++; - } - } - if (strpos($v_header['link'], "/") === 0 or $link_depth <= 0) { - $this->_error( - 'Out-of-path file extraction {' - . $v_header['filename'] . ' --> ' . - $v_header['link'] . '}' - ); - return false; - } if (!$p_symlinks) { $this->_warning('Symbolic links are not allowed. ' . 'Unable to extract {' @@ -2157,6 +2131,40 @@ class Archive_Tar extends PEAR ); return false; } + $absolute_link = FALSE; + $link_depth = 0; + if (strpos($v_header['link'], "/") === 0 || strpos($v_header['link'], ':') !== FALSE) { + $absolute_link = TRUE; + } + else { + $s_filename = preg_replace('@^' . preg_quote($p_path) . '@', "", $v_header['filename']); + $s_linkname = str_replace('\\', '/', $v_header['link']); + foreach (explode("/", $s_filename) as $dir) { + if ($dir === "..") { + $link_depth--; + } elseif ($dir !== "" && $dir !== "." ) { + $link_depth++; + } + } + foreach (explode("/", $s_linkname) as $dir){ + if ($link_depth <= 0) { + break; + } + if ($dir === "..") { + $link_depth--; + } elseif ($dir !== "" && $dir !== ".") { + $link_depth++; + } + } + } + if ($absolute_link || $link_depth <= 0) { + $this->_error( + 'Out-of-path file extraction {' + . $v_header['filename'] . ' --> ' . + $v_header['link'] . '}' + ); + return false; + } if (@file_exists($v_header['filename'])) { @unlink($v_header['filename']); } diff --git a/lib/pear/archive_tar/package.xml b/lib/pear/archive_tar/package.xml index 8da0d40c9..d4f20bd4b 100644 --- a/lib/pear/archive_tar/package.xml +++ b/lib/pear/archive_tar/package.xml @@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension. stig@php.net no - 2021-02-16 - + 2021-07-20 + - 1.4.13 + 1.4.14 1.4.0 @@ -44,7 +44,7 @@ Also Lzma2 compressed archives are supported with xz extension. New BSD License -* Fix Bug #27010: Relative symlinks failing (out-of path file extraction) [mrook] +* Properly fix symbolic link path traversal (CVE-2021-32610) @@ -74,6 +74,21 @@ Also Lzma2 compressed archives are supported with xz extension. + + + 1.4.13 + 1.4.0 + + + stable + stable + + 2021-02-16 + New BSD License + + * Fix Bug #27010: Relative symlinks failing (out-of path file extraction) [mrook] + + 1.4.12 From 2bc61caab1fcc7b69de46452bfd78e8db31ba6aa Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 19 Aug 2021 12:14:14 +0200 Subject: [PATCH 3/8] =?UTF-8?q?N=C2=B04207=20N=C2=B04298=20Fix=20data/.mai?= =?UTF-8?q?ntenance=20flag=20not=20removed=20by=20setup=20anymore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Was already fixed in the develop branch (cherry picked from commit d0986c048a8db6d160a550e3ae577e2cabe0a6e1) (cherry picked from commit 9126635cf25e0e6d3eff3a8859533d49f83b50bc) --- setup/ajax.dataloader.php | 3 ++- setup/wizardsteps.class.inc.php | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php index 1cb5a51e1..3e296cb18 100644 --- a/setup/ajax.dataloader.php +++ b/setup/ajax.dataloader.php @@ -32,7 +32,8 @@ * 'file': string Name of the file to load * 'session_status': string 'start', 'continue' or 'end' * 'percent': integer 0..100 the percentage of completion once the file has been loaded - */ + */ +$bBypassMaintenance = true; // Reset maintenance mode in case of problem define('SAFE_MINIMUM_MEMORY', 64*1024*1024); require_once('../approot.inc.php'); require_once(APPROOT.'/application/utils.inc.php'); diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php index e9b40cbef..aa399b19a 100644 --- a/setup/wizardsteps.class.inc.php +++ b/setup/wizardsteps.class.inc.php @@ -2665,6 +2665,9 @@ class WizStepDone extends WizardStep $oPage->add(''); $sForm = addslashes($sForm); $oPage->add_ready_script("$('#wiz_form').after('$sForm');"); + // avoid leaving in a dirty state + SetupUtils::ExitMaintenanceMode(false); + SetupUtils::ExitReadOnlyMode(false); SetupUtils::EraseSetupToken(); } From b5369a0c03fa544cbf2d078bc59c7df1a98de620 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Wed, 13 Oct 2021 11:49:22 +0200 Subject: [PATCH 4/8] =?UTF-8?q?N=C2=B04356=20Fix=20portal=20attachment=20d?= =?UTF-8?q?ownload=20Was=20opening=20the=20attachment=20directly=20in=20th?= =?UTF-8?q?e=20browser=20(HTTP=20header=20Content-Disposition=20set=20to?= =?UTF-8?q?=20'inline'=20instead=20of=20'download')?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/Controller/AbstractController.php | 27 +++++++++++++++++++ .../src/Controller/CreateBrickController.php | 2 +- .../src/Controller/ObjectController.php | 4 +-- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php index 70e3c424c..b01d6e12c 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php @@ -32,12 +32,37 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller; abstract class AbstractController extends Controller { /** + * Unlike {@see Controller::redirectToRoute()}, this method directly calls the route controller without creating a redirection client side + * + * Default route params will be preserved (see N°4356) + * * @param string $sRouteName * @param array $aRouteParams * @param array $aQueryParameters * * @return \Symfony\Component\HttpFoundation\Response */ + protected function ForwardToRoute($sRouteName, $aRouteParams, $aQueryParameters, $bPreserveDefaultRouteParams = true) + { + $oRouteCollection = $this->get('router')->getRouteCollection(); + $aRouteDefaults = $oRouteCollection->get($sRouteName)->getDefaults(); + + if ($bPreserveDefaultRouteParams) { + $aRouteParams = array_merge($aRouteDefaults, $aRouteParams); + } + + return $this->forward($aRouteDefaults['_controller'], $aRouteParams, $aQueryParameters); + } + + /** + * @param string $sRouteName + * @param array $aRouteParams + * @param array $aQueryParameters + * + * @return \Symfony\Component\HttpFoundation\Response + * + * @deprecated 2.7.6 N°4356 use {@link ForwardToRoute} instead ! + */ protected function ForwardFromRoute($sRouteName, $aRouteParams, $aQueryParameters) { return $this->forward($this->GetControllerNameFromRoute($sRouteName), $aRouteParams, $aQueryParameters); @@ -51,6 +76,8 @@ abstract class AbstractController extends Controller * @param string $sRouteName * * @return string + * + * @deprecated 2.7.6 N°4356 use {@link ForwardToRoute} instead ! */ protected function GetControllerNameFromRoute($sRouteName) { diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/CreateBrickController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/CreateBrickController.php index 02e11224d..fba31919d 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/CreateBrickController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/CreateBrickController.php @@ -68,7 +68,7 @@ class CreateBrickController extends BrickController $aRouteParams['ar_token'] = ContextManipulatorHelper::PrepareAndEncodeRulesToken($aRules); } - return $this->ForwardFromRoute('p_object_create', $aRouteParams, $oRequest->query->all()); + return $this->ForwardToRoute('p_object_create', $aRouteParams, $oRequest->query->all()); } } diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php index 22790b4e9..4de21fbc4 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php @@ -344,7 +344,7 @@ class ObjectController extends BrickController 'sObjectClass' => get_class($oTargetObject), ); - return $this->ForwardFromRoute('p_object_create', $aRouteParams, $oRequest->query->all()); + return $this->ForwardToRoute('p_object_create', $aRouteParams, $oRequest->query->all()); } /** @@ -1182,7 +1182,7 @@ class ObjectController extends BrickController 'sObjectField' => 'contents', ); - $oResponse = $this->forward($this->GetControllerNameFromRoute('p_object_document_download'), $aRouteParams, $oRequest->query->all()); + $oResponse = $this->ForwardToRoute('p_object_document_download', $aRouteParams, $oRequest->query->all()); break; From 8154e718a1ada541d55d622a6f6b8250c3fec009 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Wed, 13 Oct 2021 17:23:29 +0200 Subject: [PATCH 5/8] =?UTF-8?q?N=C2=B04356=20modifications=20after=20code?= =?UTF-8?q?=20review=20Thanks=20@Molkobain=20!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../portal/src/Controller/AbstractController.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php index b01d6e12c..20b6e8260 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/AbstractController.php @@ -32,15 +32,18 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller; abstract class AbstractController extends Controller { /** - * Unlike {@see Controller::redirectToRoute()}, this method directly calls the route controller without creating a redirection client side + * Unlike {@see \Symfony\Bundle\FrameworkBundle\Controller\ControllerTrait::redirectToRoute()}, this method directly calls the route controller without creating a redirection client side * * Default route params will be preserved (see N°4356) * * @param string $sRouteName - * @param array $aRouteParams - * @param array $aQueryParameters + * @param array $aRouteParams + * @param array $aQueryParameters + * @param bool $bPreserveDefaultRouteParams if true will merge in aRouteParams the default parameters defined for the specified route * * @return \Symfony\Component\HttpFoundation\Response + * + * @since 2.7.6 3.0.0 N°4356 method creation */ protected function ForwardToRoute($sRouteName, $aRouteParams, $aQueryParameters, $bPreserveDefaultRouteParams = true) { @@ -61,7 +64,7 @@ abstract class AbstractController extends Controller * * @return \Symfony\Component\HttpFoundation\Response * - * @deprecated 2.7.6 N°4356 use {@link ForwardToRoute} instead ! + * @deprecated 2.7.6 N°4356 use {@see ForwardToRoute} instead ! */ protected function ForwardFromRoute($sRouteName, $aRouteParams, $aQueryParameters) { @@ -77,7 +80,7 @@ abstract class AbstractController extends Controller * * @return string * - * @deprecated 2.7.6 N°4356 use {@link ForwardToRoute} instead ! + * @deprecated 2.7.6 N°4356 use {@see ForwardToRoute} instead ! */ protected function GetControllerNameFromRoute($sRouteName) { From 34f64c61f6a989608b461b12c3bec7d663d6a8f7 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Tue, 12 Oct 2021 16:56:15 +0200 Subject: [PATCH 6/8] privUITransaction fix inspections errors + formatting --- application/transaction.class.inc.php | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/application/transaction.class.inc.php b/application/transaction.class.inc.php index 0e4ca4be1..f818eba67 100644 --- a/application/transaction.class.inc.php +++ b/application/transaction.class.inc.php @@ -26,8 +26,6 @@ * @copyright Copyright (C) 2010-2012 Combodo SARL * @license http://opensource.org/licenses/AGPL-3.0 */ - - class privUITransaction { /** @@ -101,7 +99,6 @@ class privUITransaction /** * The original (and by default) mechanism for storing transaction information * as an array in the $_SESSION variable - * */ class privUITransactionSession { @@ -207,6 +204,7 @@ class privUITransactionFile { throw new Exception('The directory "'.APPROOT.'data" must be writable to the application.'); } + /** @noinspection MkdirRaceConditionInspection */ if (!@mkdir(APPROOT.'data/transactions')) { throw new Exception('Failed to create the directory "'.APPROOT.'data/transactions". Ajust the rights on the parent directory or let an administrator create the transactions directory and give the web sever enough rights to write into it.'); @@ -268,27 +266,26 @@ class privUITransactionFile /** * Removes the transaction specified by its id * @param int $id The Identifier (as returned by GetNewTransactionId) of the transaction to be removed. - * @return void + * @return bool true if the token can be removed */ public static function RemoveTransaction($id) { - $bSuccess = true; $sFilepath = APPROOT.'data/transactions/'.$id; clearstatcache(true, $sFilepath); - if(!file_exists($sFilepath)) - { + if (!file_exists($sFilepath)) { $bSuccess = false; - self::Error("RemoveTransaction: Transaction '$id' not found. Pending transactions for this user:\n".implode("\n", self::GetPendingTransactions())); + self::Error("RemoveTransaction: Transaction '$id' not found. Pending transactions for this user:\n" + .implode("\n", self::GetPendingTransactions())); + } else { + $bSuccess = @unlink($sFilepath); } - $bSuccess = @unlink($sFilepath); - if (!$bSuccess) - { + + if (!$bSuccess) { self::Error('RemoveTransaction: FAILED to remove transaction '.$id); - } - else - { + } else { self::Info('RemoveTransaction: OK '.$id); } + return $bSuccess; } From eaf8a187aa8482ff794c7799633d776d35f6ca47 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 18 Oct 2021 11:36:17 +0200 Subject: [PATCH 7/8] =?UTF-8?q?N=C2=B03332=20report=20function=20rename=20?= =?UTF-8?q?The=20method=20was=20renamed=20in=2018d52319=20but=20only=20on?= =?UTF-8?q?=20support/2.7=20and=20above?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/breadcrumb.js | 4 ++-- js/utils.js | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/js/breadcrumb.js b/js/breadcrumb.js index 09b0a6d81..de0afba07 100644 --- a/js/breadcrumb.js +++ b/js/breadcrumb.js @@ -69,8 +69,8 @@ $(function() if (sTitle.length == 0) { sTitle = oEntry['label']; } - sTitle = SanitizeHtml(sTitle, false); - sLabel = SanitizeHtml(sLabel, false); + sTitle = EncodeHtml(sTitle, false); + sLabel = EncodeHtml(sLabel, false); if ((this.options.new_entry !== null) && (iEntry == aBreadCrumb.length-1)) { // Last entry is the current page diff --git a/js/utils.js b/js/utils.js index 72f3adb13..59af2b480 100644 --- a/js/utils.js +++ b/js/utils.js @@ -671,16 +671,16 @@ function DisplayHistory(sSelector, sFilter, iCount, iStart) { /** * @param sValue value to escape - * @param bReplaceAmp if false don't replace "&" (can be useful when dealing with html entities) - * @returns {string} sanitized value, ready to insert in the DOM without XSS risk + * @param bReplaceAmp if false don't replace "&" (can be useful when sValue contrains html entities we want to keep) + * @returns {string} escaped value, ready to insert in the DOM without XSS risk * * @since 2.6.5, 2.7.2, 3.0.0 N°3332 * @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-1-html-encode-before-inserting-untrusted-data-into-html-element-content * @see https://stackoverflow.com/questions/295566/sanitize-rewrite-html-on-the-client-side/430240#430240 why inserting in the DOM (for * example the text() JQuery way) isn't safe */ -function SanitizeHtml(sValue, bReplaceAmp) { - var sSanitizedValue = (sValue+'') +function EncodeHtml(sValue, bReplaceAmp) { + var sEncodedValue = (sValue+'') .replace(//g, '>') .replace(/"/g, '"') @@ -688,10 +688,10 @@ function SanitizeHtml(sValue, bReplaceAmp) { .replace(/\//g, '/'); if (bReplaceAmp) { - sSanitizedValue = sSanitizedValue.replace(/&/g, '&'); + sEncodedValue = sEncodedValue.replace(/&/g, '&'); } - return sSanitizedValue; + return sEncodedValue; } // Very simple equivalent to format: placeholders are %1$s %2$d ... From b3f827ed5ee8b5d78998cbc72d9560e227df6848 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Mon, 18 Oct 2021 11:38:00 +0200 Subject: [PATCH 8/8] =?UTF-8?q?N=C2=B04367=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/ui.extkeywidget.class.inc.php | 4 +- js/utils.js | 66 ++++++++++++++ test/VisualTest/sanitize_test.php | 105 ++++++++++++++++++++++ 3 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 test/VisualTest/sanitize_test.php diff --git a/application/ui.extkeywidget.class.inc.php b/application/ui.extkeywidget.class.inc.php index b371d6204..bf918bf72 100644 --- a/application/ui.extkeywidget.class.inc.php +++ b/application/ui.extkeywidget.class.inc.php @@ -373,10 +373,10 @@ EOF $sHTML .= "\n"; $sHTML .= ''; - $sDialogTitle = addslashes($sTitle); + $sDialogTitleSanitized = utils::HtmlToText($sTitle); $oPage->add_ready_script( <<iId}').dialog({ width: $(window).width()*0.8, height: $(window).height()*0.8, autoOpen: false, modal: true, title: '$sDialogTitle', resizeStop: oACWidget_{$this->iId}.UpdateSizes, close: oACWidget_{$this->iId}.OnClose }); + $('#ac_dlg_{$this->iId}').dialog({ width: $(window).width()*0.8, height: $(window).height()*0.8, autoOpen: false, modal: true, title: '$sDialogTitleSanitized', resizeStop: oACWidget_{$this->iId}.UpdateSizes, close: oACWidget_{$this->iId}.OnClose }); $('#fs_{$this->iId}').bind('submit.uiAutocomplete', oACWidget_{$this->iId}.DoSearchObjects); $('#dc_{$this->iId}').resize(oACWidget_{$this->iId}.UpdateSizes); EOF diff --git a/js/utils.js b/js/utils.js index 59af2b480..b1d1f9585 100644 --- a/js/utils.js +++ b/js/utils.js @@ -739,4 +739,70 @@ Dict.Format = function () { var args = Array.from(arguments); args[0] = Dict.S(arguments[0]); return Format(args); +} + + + +/** + * Helper to Sanitize string + * + * Note: Same as in php (see \utils::Sanitize) + * + * @api + * @since 2.6.5 2.7.6 3.0.0 N°4367 + */ +const CombodoSanitizer = { + ENUM_SANITIZATION_FILTER_INTEGER: 'integer', + ENUM_SANITIZATION_FILTER_STRING: 'string', + ENUM_SANITIZATION_FILTER_CONTEXT_PARAM: 'context_param', + ENUM_SANITIZATION_FILTER_PARAMETER: 'parameter', + ENUM_SANITIZATION_FILTER_FIELD_NAME: 'field_name', + ENUM_SANITIZATION_FILTER_TRANSACTION_ID: 'transaction_id', + ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER: 'element_identifier', + ENUM_SANITIZATION_FILTER_VARIABLE_NAME: 'variable_name', + + /** + * @param {String} sValue The string to sanitize + * @param {String} sDefaultValue The string to return if sValue not match (used for some filters) + * @param {String} sSanitizationFilter one of the ENUM_SANITIZATION_FILTERs + */ + Sanitize: function (sValue, sDefaultValue, sSanitizationFilter) { + switch (sSanitizationFilter) { + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_INTEGER: + return this._CleanString(sValue, sDefaultValue, /[^0-9-+]*/g); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_STRING: + return $("
").text(sValue).text(); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_TRANSACTION_ID: + return this._ReplaceString(sValue, sDefaultValue, /^([\. A-Za-z0-9_=-]*)$/g, ''); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_PARAMETER: + return this._ReplaceString(sValue, sDefaultValue, /^([ A-Za-z0-9_=-]*)$/g); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_FIELD_NAME: + return this._ReplaceString(sValue, sDefaultValue, /^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/g); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_CONTEXT_PARAM: + return this._ReplaceString(sValue, sDefaultValue, /^[ A-Za-z0-9_=%:+-]*$/g); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER: + return this._CleanString(sValue, sDefaultValue, /[^a-zA-Z0-9_]/g); + + case CombodoSanitizer.ENUM_SANITIZATION_FILTER_VARIABLE_NAME: + return this._CleanString(sValue, sDefaultValue, /[^a-zA-Z0-9_]/g); + + } + return sDefaultValue; + }, + _CleanString: function (sValue, sDefaultValue, sRegExp) { + return sValue.replace(sRegExp, ''); + }, + _ReplaceString: function (sValue, sDefaultValue, sRegExp) { + if (sRegExp.test(sValue)) { + return sValue; + } else { + return sDefaultValue; + } + } } \ No newline at end of file diff --git a/test/VisualTest/sanitize_test.php b/test/VisualTest/sanitize_test.php new file mode 100644 index 000000000..f1a498392 --- /dev/null +++ b/test/VisualTest/sanitize_test.php @@ -0,0 +1,105 @@ + + {$sType} + {$sValue} + {$sSanitizedValue} + + + + +HTML; + + $index++; +} + +$aValues = array( + "test", + "t;e-s_t$", + "123test", + "\"('èé&=hcb test", + "
Hello!
", + "*-+7464+guigez cfuze", + "", + "()=°²€", + "éèç", +); + +$aTypes = array( + 'context_param', + 'element_identifier', + 'field_name', + 'integer', + 'parameter', + 'string', + 'transaction_id', +// 'variable_name', // introduced in 3.0.0 +); + +?> + + + + + + + + + + + + + + + + + + +
Typechaine initialechaine sanitize by phpchaine sanitize by js status test
+ +