N°4231 Security hardening

2026-02-13 07:24:13 +01:00 · 2021-10-12 11:11:11 +02:00
parent fe3512cb5f
commit 8f0a5fcaf9
10 changed files with 927 additions and 1184 deletions
--- a/lib/composer/ClassLoader.php
+++ b/lib/composer/ClassLoader.php
@@ -42,30 +42,75 @@ namespace Composer\Autoload;
 */
 class ClassLoader
 {
+    /** @var ?string */
    private $vendorDir;

    // PSR-4
+    /**
+     * @var array[]
+     * @psalm-var array<string, array<string, int>>
+     */
    private $prefixLengthsPsr4 = array();
+    /**
+     * @var array[]
+     * @psalm-var array<string, array<int, string>>
+     */
    private $prefixDirsPsr4 = array();
+    /**
+     * @var array[]
+     * @psalm-var array<string, string>
+     */
    private $fallbackDirsPsr4 = array();

    // PSR-0
+    /**
+     * @var array[]
+     * @psalm-var array<string, array<string, string[]>>
+     */
    private $prefixesPsr0 = array();
+    /**
+     * @var array[]
+     * @psalm-var array<string, string>
+     */
    private $fallbackDirsPsr0 = array();

+    /** @var bool */
    private $useIncludePath = false;
+
+    /**
+     * @var string[]
+     * @psalm-var array<string, string>
+     */
    private $classMap = array();
+
+    /** @var bool */
    private $classMapAuthoritative = false;
+
+    /**
+     * @var bool[]
+     * @psalm-var array<string, bool>
+     */
    private $missingClasses = array();
+
+    /** @var ?string */
    private $apcuPrefix;

+    /**
+     * @var self[]
+     */
    private static $registeredLoaders = array();

+    /**
+     * @param ?string $vendorDir
+     */
    public function __construct($vendorDir = null)
    {
        $this->vendorDir = $vendorDir;
    }

+    /**
+     * @return string[]
+     */
    public function getPrefixes()
    {
        if (!empty($this->prefixesPsr0)) {
@@ -75,28 +120,47 @@ class ClassLoader
        return array();
    }

+    /**
+     * @return array[]
+     * @psalm-return array<string, array<int, string>>
+     */
    public function getPrefixesPsr4()
    {
        return $this->prefixDirsPsr4;
    }

+    /**
+     * @return array[]
+     * @psalm-return array<string, string>
+     */
    public function getFallbackDirs()
    {
        return $this->fallbackDirsPsr0;
    }

+    /**
+     * @return array[]
+     * @psalm-return array<string, string>
+     */
    public function getFallbackDirsPsr4()
    {
        return $this->fallbackDirsPsr4;
    }

+    /**
+     * @return string[] Array of classname => path
+     * @psalm-var array<string, string>
+     */
    public function getClassMap()
    {
        return $this->classMap;
    }

    /**
-     * @param array $classMap Class to filename map
+     * @param string[] $classMap Class to filename map
+     * @psalm-param array<string, string> $classMap
+     *
+     * @return void
     */
    public function addClassMap(array $classMap)
    {
@@ -111,9 +175,11 @@ class ClassLoader
     * Registers a set of PSR-0 directories for a given prefix, either
     * appending or prepending to the ones previously set for this prefix.
     *
-     * @param string       $prefix  The prefix
-     * @param array|string $paths   The PSR-0 root directories
-     * @param bool         $prepend Whether to prepend the directories
+     * @param string          $prefix  The prefix
+     * @param string[]|string $paths   The PSR-0 root directories
+     * @param bool            $prepend Whether to prepend the directories
+     *
+     * @return void
     */
    public function add($prefix, $paths, $prepend = false)
    {
@@ -156,11 +222,13 @@ class ClassLoader
     * Registers a set of PSR-4 directories for a given namespace, either
     * appending or prepending to the ones previously set for this namespace.
     *
-     * @param string       $prefix  The prefix/namespace, with trailing '\\'
-     * @param array|string $paths   The PSR-4 base directories
-     * @param bool         $prepend Whether to prepend the directories
+     * @param string          $prefix  The prefix/namespace, with trailing '\\'
+     * @param string[]|string $paths   The PSR-4 base directories
+     * @param bool            $prepend Whether to prepend the directories
     *
     * @throws \InvalidArgumentException
+     *
+     * @return void
     */
    public function addPsr4($prefix, $paths, $prepend = false)
    {
@@ -204,8 +272,10 @@ class ClassLoader
     * Registers a set of PSR-0 directories for a given prefix,
     * replacing any others previously set for this prefix.
     *
-     * @param string       $prefix The prefix
-     * @param array|string $paths  The PSR-0 base directories
+     * @param string          $prefix The prefix
+     * @param string[]|string $paths  The PSR-0 base directories
+     *
+     * @return void
     */
    public function set($prefix, $paths)
    {
@@ -220,10 +290,12 @@ class ClassLoader
     * Registers a set of PSR-4 directories for a given namespace,
     * replacing any others previously set for this namespace.
     *
-     * @param string       $prefix The prefix/namespace, with trailing '\\'
-     * @param array|string $paths  The PSR-4 base directories
+     * @param string          $prefix The prefix/namespace, with trailing '\\'
+     * @param string[]|string $paths  The PSR-4 base directories
     *
     * @throws \InvalidArgumentException
+     *
+     * @return void
     */
    public function setPsr4($prefix, $paths)
    {
@@ -243,6 +315,8 @@ class ClassLoader
     * Turns on searching the include path for class files.
     *
     * @param bool $useIncludePath
+     *
+     * @return void
     */
    public function setUseIncludePath($useIncludePath)
    {
@@ -265,6 +339,8 @@ class ClassLoader
     * that have not been registered with the class map.
     *
     * @param bool $classMapAuthoritative
+     *
+     * @return void
     */
    public function setClassMapAuthoritative($classMapAuthoritative)
    {
@@ -285,6 +361,8 @@ class ClassLoader
     * APCu prefix to use to cache found/not-found classes, if the extension is enabled.
     *
     * @param string|null $apcuPrefix
+     *
+     * @return void
     */
    public function setApcuPrefix($apcuPrefix)
    {
@@ -305,6 +383,8 @@ class ClassLoader
     * Registers this instance as an autoloader.
     *
     * @param bool $prepend Whether to prepend the autoloader or not
+     *
+     * @return void
     */
    public function register($prepend = false)
    {
@@ -324,6 +404,8 @@ class ClassLoader

    /**
     * Unregisters this instance as an autoloader.
+     *
+     * @return void
     */
    public function unregister()
    {
@@ -338,7 +420,7 @@ class ClassLoader
     * Loads the given class or interface.
     *
     * @param  string    $class The name of the class
-     * @return bool|null True if loaded, null otherwise
+     * @return true|null True if loaded, null otherwise
     */
    public function loadClass($class)
    {
@@ -347,6 +429,8 @@ class ClassLoader

            return true;
        }
+
+        return null;
    }

    /**
@@ -401,6 +485,11 @@ class ClassLoader
        return self::$registeredLoaders;
    }

+    /**
+     * @param  string       $class
+     * @param  string       $ext
+     * @return string|false
+     */
    private function findFileWithExtension($class, $ext)
    {
        // PSR-4 lookup
@@ -472,6 +561,10 @@ class ClassLoader
 * Scope isolated include.
 *
 * Prevents access to $this/self from included files.
+ *
+ * @param  string $file
+ * @return void
+ * @private
 */
 function includeFile($file)
 {
--- a/lib/composer/InstalledVersions.php
+++ b/lib/composer/InstalledVersions.php
--- a/lib/composer/autoload_classmap.php
+++ b/lib/composer/autoload_classmap.php
@@ -288,6 +288,7 @@ return array(
    'ListExpression' => $baseDir . '/core/oql/expression.class.inc.php',
    'ListOqlExpression' => $baseDir . '/core/oql/oqlquery.class.inc.php',
    'LogAPI' => $baseDir . '/core/log.class.inc.php',
+    'LogChannels' => $baseDir . '/core/log.class.inc.php',
    'LogFileNameBuilderFactory' => $baseDir . '/core/log.class.inc.php',
    'LogFileRotationProcess' => $baseDir . '/core/log.class.inc.php',
    'LoginBlockExtension' => $baseDir . '/application/logintwig.class.inc.php',
--- a/lib/composer/autoload_static.php
+++ b/lib/composer/autoload_static.php
@@ -518,6 +518,7 @@ class ComposerStaticInit0018331147de7601e7552f7da8e3bb8b
        'ListExpression' => __DIR__ . '/../..' . '/core/oql/expression.class.inc.php',
        'ListOqlExpression' => __DIR__ . '/../..' . '/core/oql/oqlquery.class.inc.php',
        'LogAPI' => __DIR__ . '/../..' . '/core/log.class.inc.php',
+        'LogChannels' => __DIR__ . '/../..' . '/core/log.class.inc.php',
        'LogFileNameBuilderFactory' => __DIR__ . '/../..' . '/core/log.class.inc.php',
        'LogFileRotationProcess' => __DIR__ . '/../..' . '/core/log.class.inc.php',
        'LoginBlockExtension' => __DIR__ . '/../..' . '/application/logintwig.class.inc.php',
--- a/lib/composer/installed.json
+++ b/lib/composer/installed.json
@@ -171,17 +171,17 @@
        },
        {
            "name": "pear/archive_tar",
-            "version": "1.4.13",
-            "version_normalized": "1.4.13.0",
+            "version": "1.4.14",
+            "version_normalized": "1.4.14.0",
            "source": {
                "type": "git",
                "url": "https://github.com/pear/Archive_Tar.git",
-                "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011"
+                "reference": "4d761c5334c790e45ef3245f0864b8955c562caa"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/2b87b41178cc6d4ad3cba678a46a1cae49786011",
-                "reference": "2b87b41178cc6d4ad3cba678a46a1cae49786011",
+                "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa",
+                "reference": "4d761c5334c790e45ef3245f0864b8955c562caa",
                "shasum": ""
            },
            "require": {
@@ -196,7 +196,7 @@
                "ext-xz": "Lzma2 compression support.",
                "ext-zlib": "Gzip compression support."
            },
-            "time": "2021-02-16T10:50:50+00:00",
+            "time": "2021-07-20T13:53:39+00:00",
            "type": "library",
            "extra": {
                "branch-alias": {
--- a/lib/composer/installed.php
+++ b/lib/composer/installed.php
@@ -1,444 +1,437 @@
-<?php return array (
-  'root' => 
-  array (
-    'pretty_version' => 'dev-develop',
-    'version' => 'dev-develop',
-    'aliases' => 
-    array (
+<?php return array(
+    'root' => array(
+        'pretty_version' => 'dev-develop',
+        'version' => 'dev-develop',
+        'type' => 'project',
+        'install_path' => __DIR__ . '/../../',
+        'aliases' => array(),
+        'reference' => 'fe3512cb5f5d01fa590447c2f6fa15416802b748',
+        'name' => '__root__',
+        'dev' => true,
    ),
-    'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8',
-    'name' => '__root__',
-  ),
-  'versions' => 
-  array (
-    '__root__' => 
-    array (
-      'pretty_version' => 'dev-develop',
-      'version' => 'dev-develop',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '2d2a6857de55d005dbc4836e558e611ce7f52bb8',
+    'versions' => array(
+        '__root__' => array(
+            'pretty_version' => 'dev-develop',
+            'version' => 'dev-develop',
+            'type' => 'project',
+            'install_path' => __DIR__ . '/../../',
+            'aliases' => array(),
+            'reference' => 'fe3512cb5f5d01fa590447c2f6fa15416802b748',
+            'dev_requirement' => false,
+        ),
+        'combodo/tcpdf' => array(
+            'pretty_version' => '6.3.5',
+            'version' => '6.3.5.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../combodo/tcpdf',
+            'aliases' => array(),
+            'reference' => 'aedd4b7b8cf7fcc24e617c405c9d3304150f4b94',
+            'dev_requirement' => false,
+        ),
+        'nikic/php-parser' => array(
+            'pretty_version' => 'v3.1.5',
+            'version' => '3.1.5.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../nikic/php-parser',
+            'aliases' => array(),
+            'reference' => 'bb87e28e7d7b8d9a7fda231d37457c9210faf6ce',
+            'dev_requirement' => false,
+        ),
+        'paragonie/random_compat' => array(
+            'pretty_version' => 'v2.0.18',
+            'version' => '2.0.18.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../paragonie/random_compat',
+            'aliases' => array(),
+            'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db',
+            'dev_requirement' => false,
+        ),
+        'pear/archive_tar' => array(
+            'pretty_version' => '1.4.14',
+            'version' => '1.4.14.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../pear/archive_tar',
+            'aliases' => array(),
+            'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa',
+            'dev_requirement' => false,
+        ),
+        'pear/console_getopt' => array(
+            'pretty_version' => 'v1.4.3',
+            'version' => '1.4.3.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../pear/console_getopt',
+            'aliases' => array(),
+            'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0',
+            'dev_requirement' => false,
+        ),
+        'pear/pear-core-minimal' => array(
+            'pretty_version' => 'v1.10.10',
+            'version' => '1.10.10.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../pear/pear-core-minimal',
+            'aliases' => array(),
+            'reference' => '625a3c429d9b2c1546438679074cac1b089116a7',
+            'dev_requirement' => false,
+        ),
+        'pear/pear_exception' => array(
+            'pretty_version' => 'v1.0.1',
+            'version' => '1.0.1.0',
+            'type' => 'class',
+            'install_path' => __DIR__ . '/../pear/pear_exception',
+            'aliases' => array(),
+            'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7',
+            'dev_requirement' => false,
+        ),
+        'pelago/emogrifier' => array(
+            'pretty_version' => 'v2.1.0',
+            'version' => '2.1.0.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../pelago/emogrifier',
+            'aliases' => array(),
+            'reference' => '40c3d4f475d44ffc7265a760d1dd0e81f579f96f',
+            'dev_requirement' => false,
+        ),
+        'psr/cache' => array(
+            'pretty_version' => '1.0.1',
+            'version' => '1.0.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/cache',
+            'aliases' => array(),
+            'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8',
+            'dev_requirement' => false,
+        ),
+        'psr/cache-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'psr/container' => array(
+            'pretty_version' => '1.0.0',
+            'version' => '1.0.0.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/container',
+            'aliases' => array(),
+            'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f',
+            'dev_requirement' => false,
+        ),
+        'psr/container-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'psr/log' => array(
+            'pretty_version' => '1.1.2',
+            'version' => '1.1.2.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/log',
+            'aliases' => array(),
+            'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801',
+            'dev_requirement' => false,
+        ),
+        'psr/log-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'psr/simple-cache' => array(
+            'pretty_version' => '1.0.1',
+            'version' => '1.0.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../psr/simple-cache',
+            'aliases' => array(),
+            'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b',
+            'dev_requirement' => false,
+        ),
+        'psr/simple-cache-implementation' => array(
+            'dev_requirement' => false,
+            'provided' => array(
+                0 => '1.0',
+            ),
+        ),
+        'rsky/pear-core-min' => array(
+            'dev_requirement' => false,
+            'replaced' => array(
+                0 => 'v1.10.10',
+            ),
+        ),
+        'scssphp/scssphp' => array(
+            'pretty_version' => '1.0.6',
+            'version' => '1.0.6.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../scssphp/scssphp',
+            'aliases' => array(),
+            'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c',
+            'dev_requirement' => false,
+        ),
+        'swiftmailer/swiftmailer' => array(
+            'pretty_version' => 'v5.4.12',
+            'version' => '5.4.12.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../swiftmailer/swiftmailer',
+            'aliases' => array(),
+            'reference' => '181b89f18a90f8925ef805f950d47a7190e9b950',
+            'dev_requirement' => false,
+        ),
+        'symfony/cache' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/cache',
+            'aliases' => array(),
+            'reference' => '3d9f46a6960fd5cd7f030f86adc5b4b63bcfa4e3',
+            'dev_requirement' => false,
+        ),
+        'symfony/class-loader' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/class-loader',
+            'aliases' => array(),
+            'reference' => 'e212b06996819a2bce026a63da03b7182d05a690',
+            'dev_requirement' => false,
+        ),
+        'symfony/config' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/config',
+            'aliases' => array(),
+            'reference' => 'a599a867d0e4a07c342b5f1e656b3915a540ddbe',
+            'dev_requirement' => false,
+        ),
+        'symfony/console' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/console',
+            'aliases' => array(),
+            'reference' => '1ee23b3b659b06c622f2bd2492a229e416eb4586',
+            'dev_requirement' => false,
+        ),
+        'symfony/css-selector' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/css-selector',
+            'aliases' => array(),
+            'reference' => 'f819f71ae3ba6f396b4c015bd5895de7d2f1f85f',
+            'dev_requirement' => false,
+        ),
+        'symfony/debug' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/debug',
+            'aliases' => array(),
+            'reference' => 'f72e33fdb1170b326e72c3157f0cd456351dd086',
+            'dev_requirement' => false,
+        ),
+        'symfony/dependency-injection' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/dependency-injection',
+            'aliases' => array(),
+            'reference' => '0d201916bfb3af939fec3c0c8815ea16c60ac1a2',
+            'dev_requirement' => false,
+        ),
+        'symfony/dotenv' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/dotenv',
+            'aliases' => array(),
+            'reference' => 'c7e8e471fea74e868ae797970b383dea89ae548a',
+            'dev_requirement' => false,
+        ),
+        'symfony/event-dispatcher' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/event-dispatcher',
+            'aliases' => array(),
+            'reference' => 'f9031c22ec127d4a2450760f81a8677fe8a10177',
+            'dev_requirement' => false,
+        ),
+        'symfony/filesystem' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/filesystem',
+            'aliases' => array(),
+            'reference' => '00cdad0936d06fab136944bc2342b762b1c3a4a2',
+            'dev_requirement' => false,
+        ),
+        'symfony/finder' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/finder',
+            'aliases' => array(),
+            'reference' => '290ae21279b37bfd287cdcce640d51204e84afdf',
+            'dev_requirement' => false,
+        ),
+        'symfony/framework-bundle' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'symfony-bundle',
+            'install_path' => __DIR__ . '/../symfony/framework-bundle',
+            'aliases' => array(),
+            'reference' => '0d61117c7a770da0bd8bbe7ccfa34d8063f272ea',
+            'dev_requirement' => false,
+        ),
+        'symfony/http-foundation' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/http-foundation',
+            'aliases' => array(),
+            'reference' => 'd2d0cfe8e319d9df44c4cca570710fcf221d4593',
+            'dev_requirement' => false,
+        ),
+        'symfony/http-kernel' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/http-kernel',
+            'aliases' => array(),
+            'reference' => 'c42c8339acb28cfff0fb1786948db4d23d609ff7',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-apcu' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-apcu',
+            'aliases' => array(),
+            'reference' => 'a8e961c841b9ec52927a87914f8820a1ad8f8116',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-ctype' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-ctype',
+            'aliases' => array(),
+            'reference' => 'f8f0b461be3385e56d6de3dbb5a0df24c0c275e3',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-mbstring' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-mbstring',
+            'aliases' => array(),
+            'reference' => '7b4aab9743c30be783b73de055d24a39cf4b954f',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-php56' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-php56',
+            'aliases' => array(),
+            'reference' => '53dd1cdf3cb986893ccf2b96665b25b3abb384f4',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-php70' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-php70',
+            'aliases' => array(),
+            'reference' => 'af23c7bb26a73b850840823662dda371484926c4',
+            'dev_requirement' => false,
+        ),
+        'symfony/polyfill-util' => array(
+            'pretty_version' => 'v1.13.1',
+            'version' => '1.13.1.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/polyfill-util',
+            'aliases' => array(),
+            'reference' => '964a67f293b66b95883a5ed918a65354fcd2258f',
+            'dev_requirement' => false,
+        ),
+        'symfony/routing' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/routing',
+            'aliases' => array(),
+            'reference' => 'b689ccd48e234ea404806d94b07eeb45f9f6f06a',
+            'dev_requirement' => false,
+        ),
+        'symfony/stopwatch' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/stopwatch',
+            'aliases' => array(),
+            'reference' => 'efe0af281ad336bc3b10375c88b117499f1d8494',
+            'dev_requirement' => true,
+        ),
+        'symfony/twig-bridge' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'symfony-bridge',
+            'install_path' => __DIR__ . '/../symfony/twig-bridge',
+            'aliases' => array(),
+            'reference' => '49b824ddc7f2d250a1f172349cd9a111d63287c0',
+            'dev_requirement' => false,
+        ),
+        'symfony/twig-bundle' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'symfony-bundle',
+            'install_path' => __DIR__ . '/../symfony/twig-bundle',
+            'aliases' => array(),
+            'reference' => 'd39ed8f5df62aeeeb27a6f3bf7f58a6c02a58ea9',
+            'dev_requirement' => false,
+        ),
+        'symfony/var-dumper' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/var-dumper',
+            'aliases' => array(),
+            'reference' => '569e261461600810845a8305ca3f64abd3e712c0',
+            'dev_requirement' => true,
+        ),
+        'symfony/web-profiler-bundle' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'symfony-bundle',
+            'install_path' => __DIR__ . '/../symfony/web-profiler-bundle',
+            'aliases' => array(),
+            'reference' => '3ae27cf1b2776cd68aa15fdb57089970f78bcf11',
+            'dev_requirement' => true,
+        ),
+        'symfony/yaml' => array(
+            'pretty_version' => 'v3.4.36',
+            'version' => '3.4.36.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../symfony/yaml',
+            'aliases' => array(),
+            'reference' => 'dab657db15207879217fc81df4f875947bf68804',
+            'dev_requirement' => false,
+        ),
+        'tecnickcom/tcpdf' => array(
+            'dev_requirement' => false,
+            'replaced' => array(
+                0 => '6.3.5',
+            ),
+        ),
+        'twig/twig' => array(
+            'pretty_version' => 'v1.42.4',
+            'version' => '1.42.4.0',
+            'type' => 'library',
+            'install_path' => __DIR__ . '/../twig/twig',
+            'aliases' => array(),
+            'reference' => 'e587180584c3d2d6cb864a0454e777bb6dcb6152',
+            'dev_requirement' => false,
+        ),
    ),
-    'combodo/tcpdf' => 
-    array (
-      'pretty_version' => '6.3.5',
-      'version' => '6.3.5.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'aedd4b7b8cf7fcc24e617c405c9d3304150f4b94',
-    ),
-    'nikic/php-parser' => 
-    array (
-      'pretty_version' => 'v3.1.5',
-      'version' => '3.1.5.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'bb87e28e7d7b8d9a7fda231d37457c9210faf6ce',
-    ),
-    'paragonie/random_compat' => 
-    array (
-      'pretty_version' => 'v2.0.18',
-      'version' => '2.0.18.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '0a58ef6e3146256cc3dc7cc393927bcc7d1b72db',
-    ),
-    'pear/archive_tar' => 
-    array (
-      'pretty_version' => '1.4.13',
-      'version' => '1.4.13.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '2b87b41178cc6d4ad3cba678a46a1cae49786011',
-    ),
-    'pear/console_getopt' => 
-    array (
-      'pretty_version' => 'v1.4.3',
-      'version' => '1.4.3.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'a41f8d3e668987609178c7c4a9fe48fecac53fa0',
-    ),
-    'pear/pear-core-minimal' => 
-    array (
-      'pretty_version' => 'v1.10.10',
-      'version' => '1.10.10.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '625a3c429d9b2c1546438679074cac1b089116a7',
-    ),
-    'pear/pear_exception' => 
-    array (
-      'pretty_version' => 'v1.0.1',
-      'version' => '1.0.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'dbb42a5a0e45f3adcf99babfb2a1ba77b8ac36a7',
-    ),
-    'pelago/emogrifier' => 
-    array (
-      'pretty_version' => 'v2.1.0',
-      'version' => '2.1.0.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '40c3d4f475d44ffc7265a760d1dd0e81f579f96f',
-    ),
-    'psr/cache' => 
-    array (
-      'pretty_version' => '1.0.1',
-      'version' => '1.0.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'd11b50ad223250cf17b86e38383413f5a6764bf8',
-    ),
-    'psr/cache-implementation' => 
-    array (
-      'provided' => 
-      array (
-        0 => '1.0',
-      ),
-    ),
-    'psr/container' => 
-    array (
-      'pretty_version' => '1.0.0',
-      'version' => '1.0.0.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'b7ce3b176482dbbc1245ebf52b181af44c2cf55f',
-    ),
-    'psr/container-implementation' => 
-    array (
-      'provided' => 
-      array (
-        0 => '1.0',
-      ),
-    ),
-    'psr/log' => 
-    array (
-      'pretty_version' => '1.1.2',
-      'version' => '1.1.2.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '446d54b4cb6bf489fc9d75f55843658e6f25d801',
-    ),
-    'psr/log-implementation' => 
-    array (
-      'provided' => 
-      array (
-        0 => '1.0',
-      ),
-    ),
-    'psr/simple-cache' => 
-    array (
-      'pretty_version' => '1.0.1',
-      'version' => '1.0.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '408d5eafb83c57f6365a3ca330ff23aa4a5fa39b',
-    ),
-    'psr/simple-cache-implementation' => 
-    array (
-      'provided' => 
-      array (
-        0 => '1.0',
-      ),
-    ),
-    'rsky/pear-core-min' => 
-    array (
-      'replaced' => 
-      array (
-        0 => 'v1.10.10',
-      ),
-    ),
-    'scssphp/scssphp' => 
-    array (
-      'pretty_version' => '1.0.6',
-      'version' => '1.0.6.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '5b3c9d704950d8f9637f5110c36c281ec47dc13c',
-    ),
-    'swiftmailer/swiftmailer' => 
-    array (
-      'pretty_version' => 'v5.4.12',
-      'version' => '5.4.12.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '181b89f18a90f8925ef805f950d47a7190e9b950',
-    ),
-    'symfony/cache' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '3d9f46a6960fd5cd7f030f86adc5b4b63bcfa4e3',
-    ),
-    'symfony/class-loader' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'e212b06996819a2bce026a63da03b7182d05a690',
-    ),
-    'symfony/config' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'a599a867d0e4a07c342b5f1e656b3915a540ddbe',
-    ),
-    'symfony/console' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '1ee23b3b659b06c622f2bd2492a229e416eb4586',
-    ),
-    'symfony/css-selector' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'f819f71ae3ba6f396b4c015bd5895de7d2f1f85f',
-    ),
-    'symfony/debug' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'f72e33fdb1170b326e72c3157f0cd456351dd086',
-    ),
-    'symfony/dependency-injection' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '0d201916bfb3af939fec3c0c8815ea16c60ac1a2',
-    ),
-    'symfony/dotenv' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'c7e8e471fea74e868ae797970b383dea89ae548a',
-    ),
-    'symfony/event-dispatcher' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'f9031c22ec127d4a2450760f81a8677fe8a10177',
-    ),
-    'symfony/filesystem' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '00cdad0936d06fab136944bc2342b762b1c3a4a2',
-    ),
-    'symfony/finder' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '290ae21279b37bfd287cdcce640d51204e84afdf',
-    ),
-    'symfony/framework-bundle' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '0d61117c7a770da0bd8bbe7ccfa34d8063f272ea',
-    ),
-    'symfony/http-foundation' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'd2d0cfe8e319d9df44c4cca570710fcf221d4593',
-    ),
-    'symfony/http-kernel' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'c42c8339acb28cfff0fb1786948db4d23d609ff7',
-    ),
-    'symfony/polyfill-apcu' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'a8e961c841b9ec52927a87914f8820a1ad8f8116',
-    ),
-    'symfony/polyfill-ctype' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'f8f0b461be3385e56d6de3dbb5a0df24c0c275e3',
-    ),
-    'symfony/polyfill-mbstring' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '7b4aab9743c30be783b73de055d24a39cf4b954f',
-    ),
-    'symfony/polyfill-php56' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '53dd1cdf3cb986893ccf2b96665b25b3abb384f4',
-    ),
-    'symfony/polyfill-php70' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'af23c7bb26a73b850840823662dda371484926c4',
-    ),
-    'symfony/polyfill-util' => 
-    array (
-      'pretty_version' => 'v1.13.1',
-      'version' => '1.13.1.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '964a67f293b66b95883a5ed918a65354fcd2258f',
-    ),
-    'symfony/routing' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'b689ccd48e234ea404806d94b07eeb45f9f6f06a',
-    ),
-    'symfony/stopwatch' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'efe0af281ad336bc3b10375c88b117499f1d8494',
-    ),
-    'symfony/twig-bridge' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '49b824ddc7f2d250a1f172349cd9a111d63287c0',
-    ),
-    'symfony/twig-bundle' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'd39ed8f5df62aeeeb27a6f3bf7f58a6c02a58ea9',
-    ),
-    'symfony/var-dumper' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '569e261461600810845a8305ca3f64abd3e712c0',
-    ),
-    'symfony/web-profiler-bundle' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => '3ae27cf1b2776cd68aa15fdb57089970f78bcf11',
-    ),
-    'symfony/yaml' => 
-    array (
-      'pretty_version' => 'v3.4.36',
-      'version' => '3.4.36.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'dab657db15207879217fc81df4f875947bf68804',
-    ),
-    'tecnickcom/tcpdf' => 
-    array (
-      'replaced' => 
-      array (
-        0 => '6.3.5',
-      ),
-    ),
-    'twig/twig' => 
-    array (
-      'pretty_version' => 'v1.42.4',
-      'version' => '1.42.4.0',
-      'aliases' => 
-      array (
-      ),
-      'reference' => 'e587180584c3d2d6cb864a0454e777bb6dcb6152',
-    ),
-  ),
 );
--- a/lib/pear/archive_tar/Archive/Tar.php
+++ b/lib/pear/archive_tar/Archive/Tar.php
@@ -2124,32 +2124,6 @@ class Archive_Tar extends PEAR
                            }
                        }
                    } elseif ($v_header['typeflag'] == "2") {
-                        $link_depth = 0;
-                        foreach (explode("/", $v_header['filename']) as $dir) {
-                            if ($dir === "..") {
-                                $link_depth--;
-                            } elseif ($dir !== "" && $dir !== "." ) {
-                                $link_depth++;
-                            }
-                        }
-                        foreach (explode("/", $v_header['link']) as $dir){
-                            if ($link_depth <= 0) {
-                                break;
-                            }
-                            if ($dir === "..") {
-                                $link_depth--;
-                            } elseif ($dir !== "" && $dir !== ".") {
-                                $link_depth++;
-                            }
-                        }
-                        if (strpos($v_header['link'], "/") === 0 or $link_depth <= 0) {
-                            $this->_error(
-                                 'Out-of-path file extraction {'
-                                 . $v_header['filename'] . ' --> ' .
-                                 $v_header['link'] . '}'
-                            );
-                            return false;
-                        }
                        if (!$p_symlinks) {
                            $this->_warning('Symbolic links are not allowed. '
                                . 'Unable to extract {'
@@ -2157,6 +2131,40 @@ class Archive_Tar extends PEAR
                            );
                            return false;
                        }
+                        $absolute_link = FALSE;
+                        $link_depth = 0;
+                        if (strpos($v_header['link'], "/") === 0 || strpos($v_header['link'], ':') !== FALSE) {
+                          $absolute_link = TRUE;
+                        }
+                        else {
+                            $s_filename = preg_replace('@^' . preg_quote($p_path) . '@', "", $v_header['filename']);
+                            $s_linkname = str_replace('\\', '/', $v_header['link']);
+                            foreach (explode("/", $s_filename) as $dir) {
+                                if ($dir === "..") {
+                                    $link_depth--;
+                                } elseif ($dir !== "" && $dir !== "." ) {
+                                    $link_depth++;
+                                }
+                            }
+                            foreach (explode("/", $s_linkname) as $dir){
+                                if ($link_depth <= 0) {
+                                    break;
+                                }
+                                if ($dir === "..") {
+                                    $link_depth--;
+                                } elseif ($dir !== "" && $dir !== ".") {
+                                    $link_depth++;
+                                }
+                            }
+                        }
+                        if ($absolute_link || $link_depth <= 0) {
+                            $this->_error(
+                                 'Out-of-path file extraction {'
+                                 . $v_header['filename'] . ' --> ' .
+                                 $v_header['link'] . '}'
+                            );
+                            return false;
+                        }
                        if (@file_exists($v_header['filename'])) {
                            @unlink($v_header['filename']);
                        }
--- a/lib/pear/archive_tar/package.xml
+++ b/lib/pear/archive_tar/package.xml
@@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
  <email>stig@php.net</email>
  <active>no</active>
 </helper>
- <date>2021-02-16</date>
- <time>10:49:28</time>
+ <date>2021-07-20</date>
+ <time>18:00:00</time>
 <version>
-  <release>1.4.13</release>
+  <release>1.4.14</release>
  <api>1.4.0</api>
 </version>
 <stability>
@@ -44,7 +44,7 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
 </stability>
 <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
 <notes>
-* Fix Bug #27010: Relative symlinks failing (out-of path file extraction) [mrook]
+* Properly fix symbolic link path traversal (CVE-2021-32610)
 </notes>
 <contents>
  <dir name="/">
@@ -74,6 +74,21 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
 </dependencies>
 <phprelease />
 <changelog>
+  <release>
+   <version>
+    <release>1.4.13</release>
+    <api>1.4.0</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <date>2021-02-16</date>
+   <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
+   <notes>
+    * Fix Bug #27010: Relative symlinks failing (out-of path file extraction) [mrook]
+   </notes>
+  </release>
  <release>
   <version>
    <release>1.4.12</release>