mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-19 07:12:26 +02:00
Update guzzlehttp/guzzle
This commit is contained in:
Pierre Goiffon
@@ -240,6 +240,11 @@ class CookieJar implements CookieJarInterface
|
||||
if (0 !== strpos($sc->getPath(), '/')) {
|
||||
$sc->setPath($this->getCookiePathFromRequest($request));
|
||||
}
|
||||
if (!$sc->matchesDomain($request->getUri()->getHost())) {
|
||||
continue;
|
||||
}
|
||||
// Note: At this point `$sc->getDomain()` being a public suffix should
|
||||
// be rejected, but we don't want to pull in the full PSL dependency.
|
||||
$this->setCookie($sc);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -333,12 +333,19 @@ class SetCookie
|
||||
*/
|
||||
public function matchesDomain($domain)
|
||||
{
|
||||
$cookieDomain = $this->getDomain();
|
||||
if (null === $cookieDomain) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Remove the leading '.' as per spec in RFC 6265.
|
||||
// http://tools.ietf.org/html/rfc6265#section-5.2.3
|
||||
$cookieDomain = ltrim($this->getDomain(), '.');
|
||||
$cookieDomain = ltrim(strtolower($cookieDomain), '.');
|
||||
|
||||
$domain = strtolower($domain);
|
||||
|
||||
// Domain not set or exact match.
|
||||
if (!$cookieDomain || !strcasecmp($domain, $cookieDomain)) {
|
||||
if ('' === $cookieDomain || $domain === $cookieDomain) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -141,7 +141,7 @@ class RedirectMiddleware
|
||||
}
|
||||
|
||||
/**
|
||||
* Check for too many redirects
|
||||
* Check for too many redirects.
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
@@ -190,7 +190,7 @@ class RedirectMiddleware
|
||||
$modify['body'] = '';
|
||||
}
|
||||
|
||||
$uri = $this->redirectUri($request, $response, $protocols);
|
||||
$uri = self::redirectUri($request, $response, $protocols);
|
||||
if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) {
|
||||
$idnOptions = ($options['idn_conversion'] === true) ? IDNA_DEFAULT : $options['idn_conversion'];
|
||||
$uri = Utils::idnUriConvert($uri, $idnOptions);
|
||||
@@ -210,16 +210,42 @@ class RedirectMiddleware
|
||||
$modify['remove_headers'][] = 'Referer';
|
||||
}
|
||||
|
||||
// Remove Authorization header if host is different.
|
||||
if ($request->getUri()->getHost() !== $modify['uri']->getHost()) {
|
||||
// Remove Authorization and Cookie headers if required.
|
||||
if (self::shouldStripSensitiveHeaders($request->getUri(), $modify['uri'])) {
|
||||
$modify['remove_headers'][] = 'Authorization';
|
||||
$modify['remove_headers'][] = 'Cookie';
|
||||
}
|
||||
|
||||
return Psr7\modify_request($request, $modify);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the appropriate URL on the request based on the location header
|
||||
* Determine if we should strip sensitive headers from the request.
|
||||
*
|
||||
* We return true if either of the following conditions are true:
|
||||
*
|
||||
* 1. the host is different;
|
||||
* 2. the scheme has changed, and now is non-https.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
private static function shouldStripSensitiveHeaders(
|
||||
UriInterface $originalUri,
|
||||
UriInterface $modifiedUri
|
||||
) {
|
||||
if (strcasecmp($originalUri->getHost(), $modifiedUri->getHost()) !== 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($originalUri->getScheme() !== $modifiedUri->getScheme() && 'https' !== $modifiedUri->getScheme()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the appropriate URL on the request based on the location header.
|
||||
*
|
||||
* @param RequestInterface $request
|
||||
* @param ResponseInterface $response
|
||||
@@ -227,7 +253,7 @@ class RedirectMiddleware
|
||||
*
|
||||
* @return UriInterface
|
||||
*/
|
||||
private function redirectUri(
|
||||
private static function redirectUri(
|
||||
RequestInterface $request,
|
||||
ResponseInterface $response,
|
||||
array $protocols
|
||||
|
||||
Reference in New Issue
Block a user