mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-24 02:58:43 +02:00
Merge branch 'support/2.7' into develop
# Conflicts: # README.md # composer.json # composer.lock # core/cmdbsource.class.inc.php # core/dbobject.class.php # datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php # datamodels/2.x/combodo-db-tools/dbtools.php # datamodels/2.x/combodo-db-tools/dictionaries/zh_cn.dict.combodo-db-tools.php # datamodels/2.x/itop-attachments/dictionaries/zh_cn.dict.itop-attachments.php # datamodels/2.x/itop-core-update/dictionaries/zh_cn.dict.itop-core-update.php # dictionaries/zh_cn.dictionary.itop.core.php # dictionaries/zh_cn.dictionary.itop.ui.php # lib/composer/InstalledVersions.php # lib/composer/autoload_classmap.php # lib/composer/autoload_static.php # lib/composer/installed.php # lib/composer/platform_check.php # pages/ajax.render.php # pages/csvimport.php # setup/ajax.dataloader.php # setup/index.php # setup/setuputils.class.inc.php # test/application/UtilsTest.php
This commit is contained in:
2
lib/pear/archive_tar/.github/FUNDING.yml
vendored
Normal file
2
lib/pear/archive_tar/.github/FUNDING.yml
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
github: [mrook]
|
||||
patreon: michielrook
|
||||
11
lib/pear/archive_tar/.github/dependabot.yml
vendored
Normal file
11
lib/pear/archive_tar/.github/dependabot.yml
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "composer" # See documentation for possible values
|
||||
directory: "/" # Location of package manifests
|
||||
schedule:
|
||||
interval: "daily"
|
||||
41
lib/pear/archive_tar/.github/workflows/build.yml
vendored
Normal file
41
lib/pear/archive_tar/.github/workflows/build.yml
vendored
Normal file
@@ -0,0 +1,41 @@
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ${{ matrix.operating-system }}
|
||||
strategy:
|
||||
fail-fast: true
|
||||
matrix:
|
||||
operating-system: [ ubuntu-latest ]
|
||||
php: [ '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0' ]
|
||||
dependencies: [ 'locked' ]
|
||||
|
||||
name: PHP ${{ matrix.php }} on ${{ matrix.operating-system }} with ${{ matrix.dependencies }} dependencies
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
name: Checkout repository
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@v2
|
||||
with:
|
||||
php-version: ${{ matrix.php }}
|
||||
|
||||
- uses: ramsey/composer-install@v1
|
||||
with:
|
||||
dependency-versions: ${{ matrix.dependencies }}
|
||||
|
||||
- name: Install PEAR
|
||||
run: |
|
||||
sudo apt-get install php-pear
|
||||
|
||||
- name: Run tests
|
||||
run: |
|
||||
sudo pear install -f package.xml
|
||||
pear version
|
||||
pear run-tests -qr tests/ || cat run-tests.log
|
||||
for i in `find tests/ -name '*.out'`; do echo "$i"; cat "$i"; done
|
||||
@@ -1397,16 +1397,20 @@ class Archive_Tar extends PEAR
|
||||
|
||||
$v_magic = 'ustar ';
|
||||
$v_version = ' ';
|
||||
$v_uname = '';
|
||||
$v_gname = '';
|
||||
|
||||
if (function_exists('posix_getpwuid')) {
|
||||
$userinfo = posix_getpwuid($v_info[4]);
|
||||
$groupinfo = posix_getgrgid($v_info[5]);
|
||||
|
||||
$v_uname = $userinfo['name'];
|
||||
$v_gname = $groupinfo['name'];
|
||||
} else {
|
||||
$v_uname = '';
|
||||
$v_gname = '';
|
||||
if (isset($userinfo['name'])) {
|
||||
$v_uname = $userinfo['name'];
|
||||
}
|
||||
|
||||
if (isset($groupinfo['name'])) {
|
||||
$v_gname = $groupinfo['name'];
|
||||
}
|
||||
}
|
||||
|
||||
$v_devmajor = '';
|
||||
@@ -1730,7 +1734,7 @@ class Archive_Tar extends PEAR
|
||||
|
||||
// ----- Extract the properties
|
||||
$v_header['filename'] = rtrim($v_data['filename'], "\0");
|
||||
if ($this->_maliciousFilename($v_header['filename'])) {
|
||||
if ($this->_isMaliciousFilename($v_header['filename'])) {
|
||||
$this->_error(
|
||||
'Malicious .tar detected, file "' . $v_header['filename'] .
|
||||
'" will not install in desired directory tree'
|
||||
@@ -1800,9 +1804,9 @@ class Archive_Tar extends PEAR
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
private function _maliciousFilename($file)
|
||||
private function _isMaliciousFilename($file)
|
||||
{
|
||||
if (strpos($file, 'phar://') === 0) {
|
||||
if (strpos($file, '://') !== false) {
|
||||
return true;
|
||||
}
|
||||
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
|
||||
@@ -1838,7 +1842,7 @@ class Archive_Tar extends PEAR
|
||||
|
||||
$v_filename = rtrim(substr($v_filename, 0, $v_filesize), "\0");
|
||||
$v_header['filename'] = $v_filename;
|
||||
if ($this->_maliciousFilename($v_filename)) {
|
||||
if ($this->_isMaliciousFilename($v_filename)) {
|
||||
$this->_error(
|
||||
'Malicious .tar detected, file "' . $v_filename .
|
||||
'" will not install in desired directory tree'
|
||||
@@ -2120,6 +2124,14 @@ class Archive_Tar extends PEAR
|
||||
}
|
||||
}
|
||||
} elseif ($v_header['typeflag'] == "2") {
|
||||
if (strpos(realpath(dirname($v_header['link'])), realpath($p_path)) !== 0) {
|
||||
$this->_error(
|
||||
'Out-of-path file extraction {'
|
||||
. $v_header['filename'] . ' --> ' .
|
||||
$v_header['link'] . '}'
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!$p_symlinks) {
|
||||
$this->_warning('Symbolic links are not allowed. '
|
||||
. 'Unable to extract {'
|
||||
|
||||
@@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
|
||||
<email>stig@php.net</email>
|
||||
<active>no</active>
|
||||
</helper>
|
||||
<date>2020-09-15</date>
|
||||
<time>14:03:45</time>
|
||||
<date>2021-01-18</date>
|
||||
<time>19:29:56</time>
|
||||
<version>
|
||||
<release>1.4.10</release>
|
||||
<release>1.4.12</release>
|
||||
<api>1.4.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
@@ -44,8 +44,7 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
|
||||
</stability>
|
||||
<license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>
|
||||
* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
|
||||
* Don't try to copy username/groupname in chroot jail
|
||||
* Fix Bug #27008: Symlink out-of-path write vulnerability (CVE-2020-36193) [mrook]
|
||||
</notes>
|
||||
<contents>
|
||||
<dir name="/">
|
||||
@@ -75,6 +74,37 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
|
||||
</dependencies>
|
||||
<phprelease />
|
||||
<changelog>
|
||||
<release>
|
||||
<version>
|
||||
<release>1.4.11</release>
|
||||
<api>1.4.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<date>2020-11-19</date>
|
||||
<license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>
|
||||
* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949) [mrook]
|
||||
</notes>
|
||||
</release>
|
||||
<release>
|
||||
<version>
|
||||
<release>1.4.10</release>
|
||||
<api>1.4.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<date>2020-09-15</date>
|
||||
<license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>
|
||||
* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
|
||||
* Don't try to copy username/groupname in chroot jail
|
||||
</notes>
|
||||
</release>
|
||||
<release>
|
||||
<version>
|
||||
<release>1.4.9</release>
|
||||
|
||||
6
lib/pear/pear_exception/.gitignore
vendored
6
lib/pear/pear_exception/.gitignore
vendored
@@ -1,6 +0,0 @@
|
||||
PEAR_Exception*.tgz
|
||||
|
||||
# composer related
|
||||
composer.lock
|
||||
composer.phar
|
||||
vendor
|
||||
@@ -1,7 +0,0 @@
|
||||
language: php
|
||||
php:
|
||||
- 5.6
|
||||
- 5.5
|
||||
- 5.4
|
||||
script:
|
||||
- cd tests && phpunit --coverage-text .
|
||||
@@ -142,7 +142,7 @@ class PEAR_Exception extends Exception
|
||||
$code = null;
|
||||
$this->cause = null;
|
||||
}
|
||||
parent::__construct($message, $code);
|
||||
parent::__construct($message, (int) $code);
|
||||
$this->signal();
|
||||
}
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=4.4.0"
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"autoload": {
|
||||
"classmap": ["PEAR/"]
|
||||
@@ -36,6 +36,6 @@
|
||||
"source": "https://github.com/pear/PEAR_Exception"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "*"
|
||||
"phpunit/phpunit": "<9"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,120 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<package packagerversion="1.9.4" version="2.0"
|
||||
xmlns="http://pear.php.net/dtd/package-2.0"
|
||||
xmlns:tasks="http://pear.php.net/dtd/tasks-1.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 http://pear.php.net/dtd/tasks-1.0.xsd http://pear.php.net/dtd/package-2.0 http://pear.php.net/dtd/package-2.0.xsd"
|
||||
>
|
||||
<name>PEAR_Exception</name>
|
||||
<channel>pear.php.net</channel>
|
||||
<summary>The PEAR Exception base class</summary>
|
||||
<description>PEAR_Exception PHP5 error handling mechanism</description>
|
||||
|
||||
<lead>
|
||||
<name>Christian Weiske</name>
|
||||
<user>cweiske</user>
|
||||
<email>cweiske@php.net</email>
|
||||
<active>yes</active>
|
||||
</lead>
|
||||
<lead>
|
||||
<name>Helgi Thormar</name>
|
||||
<user>dufuz</user>
|
||||
<email>dufuz@php.net</email>
|
||||
<active>no</active>
|
||||
</lead>
|
||||
<developer>
|
||||
<name>Greg Beaver</name>
|
||||
<user>cellog</user>
|
||||
<email>cellog@php.net</email>
|
||||
<active>no</active>
|
||||
</developer>
|
||||
|
||||
<date>2015-02-10</date>
|
||||
<time>21:02:23</time>
|
||||
<version>
|
||||
<release>1.0.0</release>
|
||||
<api>1.0.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<license uri="http://opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>
|
||||
This package was split out from the PEAR package.
|
||||
If you use PEAR_Exception in your package and use nothing from the PEAR package
|
||||
then it's better to depend on just PEAR_Exception.
|
||||
</notes>
|
||||
<contents>
|
||||
<dir name="/">
|
||||
<file name="/PEAR/Exception.php" role="php">
|
||||
<tasks:replace from="@package_version@" to="version" type="package-info" />
|
||||
</file>
|
||||
<dir name="tests">
|
||||
<dir name="PEAR">
|
||||
<file name="ExceptionTest.php" role="test"/>
|
||||
</dir>
|
||||
</dir>
|
||||
</dir>
|
||||
</contents>
|
||||
|
||||
<dependencies>
|
||||
<required>
|
||||
<php>
|
||||
<min>5.4.0</min>
|
||||
</php>
|
||||
<pearinstaller>
|
||||
<min>1.9.5</min>
|
||||
</pearinstaller>
|
||||
</required>
|
||||
</dependencies>
|
||||
|
||||
<phprelease />
|
||||
|
||||
<changelog>
|
||||
<release>
|
||||
<version>
|
||||
<release>1.0.0</release>
|
||||
<api>1.0.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<date>2015-02-10</date>
|
||||
<license uri="http://opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>Release stable version</notes>
|
||||
</release>
|
||||
|
||||
<release>
|
||||
<version>
|
||||
<release>1.0.0beta2</release>
|
||||
<api>1.0.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>beta</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<date>2014-02-21</date>
|
||||
<license uri="http://opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>Bump up PEAR dependency.</notes>
|
||||
</release>
|
||||
|
||||
<release>
|
||||
<version>
|
||||
<release>1.0.0beta1</release>
|
||||
<api>1.0.0</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>beta</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<date>2012-05-10</date>
|
||||
<license uri="http://opensource.org/licenses/bsd-license.php">New BSD License</license>
|
||||
<notes>
|
||||
This packge was split out from the PEAR package. If you use PEAR_Exception in your package
|
||||
and use nothing from the PEAR package then it's better to depend on just PEAR_Exception.
|
||||
</notes>
|
||||
</release>
|
||||
</changelog>
|
||||
</package>
|
||||
Reference in New Issue
Block a user