diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2015-02-19 12:23:35 +0100 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2015-02-19 12:23:44 +0100 |
commit | 04dc1076f13567549602802bbf8e931879174353 (patch) | |
tree | 490cab68e0d887e422246cd0351b309c3d9cdefa /vendor | |
parent | 4b6e528a5f0472624644bd812c19af55fea52080 (diff) |
fix #734 and set a CSP on master
Diffstat (limited to 'vendor')
29 files changed, 569 insertions, 361 deletions
diff --git a/vendor/autoload.php b/vendor/autoload.php index 4ec78c610..832c27dbd 100644 --- a/vendor/autoload.php +++ b/vendor/autoload.php @@ -4,4 +4,4 @@ require_once __DIR__ . '/composer' . '/autoload_real.php'; -return ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308::getLoader(); +return ComposerAutoloaderInit373583df083e6f26edc2b67c5b6380e9::getLoader(); diff --git a/vendor/composer/ClassLoader.php b/vendor/composer/ClassLoader.php index 70d78bc3f..5e1469e83 100644 --- a/vendor/composer/ClassLoader.php +++ b/vendor/composer/ClassLoader.php @@ -54,6 +54,8 @@ class ClassLoader private $useIncludePath = false; private $classMap = array(); + private $classMapAuthoritative = false; + public function getPrefixes() { if (!empty($this->prefixesPsr0)) { @@ -249,6 +251,27 @@ class ClassLoader } /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** * Registers this instance as an autoloader. * * @param bool $prepend Whether to prepend the autoloader or not @@ -299,6 +322,9 @@ class ClassLoader if (isset($this->classMap[$class])) { return $this->classMap[$class]; } + if ($this->classMapAuthoritative) { + return false; + } $file = $this->findFileWithExtension($class, '.php'); diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php index d933a9ab8..4b6457987 100644 --- a/vendor/composer/autoload_real.php +++ b/vendor/composer/autoload_real.php @@ -2,7 +2,7 @@ // autoload_real.php @generated by Composer -class ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308 +class ComposerAutoloaderInit373583df083e6f26edc2b67c5b6380e9 { private static $loader; @@ -19,9 +19,9 @@ class ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308 return self::$loader; } - spl_autoload_register(array('ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308', 'loadClassLoader'), true, true); + spl_autoload_register(array('ComposerAutoloaderInit373583df083e6f26edc2b67c5b6380e9', 'loadClassLoader'), true, true); self::$loader = $loader = new \Composer\Autoload\ClassLoader(); - spl_autoload_unregister(array('ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308', 'loadClassLoader')); + spl_autoload_unregister(array('ComposerAutoloaderInit373583df083e6f26edc2b67c5b6380e9', 'loadClassLoader')); $includePaths = require __DIR__ . '/include_paths.php'; array_push($includePaths, get_include_path()); @@ -46,14 +46,14 @@ class ComposerAutoloaderInitd76dfeebb5ddb82dad6b87cf02d1b308 $includeFiles = require __DIR__ . '/autoload_files.php'; foreach ($includeFiles as $file) { - composerRequired76dfeebb5ddb82dad6b87cf02d1b308($file); + composerRequire373583df083e6f26edc2b67c5b6380e9($file); } return $loader; } } -function composerRequired76dfeebb5ddb82dad6b87cf02d1b308($file) +function composerRequire373583df083e6f26edc2b67c5b6380e9($file) { require $file; } diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index f15987f72..7d781e642 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -47,45 +47,6 @@ ] }, { - "name": "fguillot/picofeed", - "version": "dev-master", - "version_normalized": "9999999-dev", - "source": { - "type": "git", - "url": "https://github.com/fguillot/picoFeed.git", - "reference": "0a1d0d3950f7f047dc8fb1d80aa6296e15f306d0" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/fguillot/picoFeed/zipball/0a1d0d3950f7f047dc8fb1d80aa6296e15f306d0", - "reference": "0a1d0d3950f7f047dc8fb1d80aa6296e15f306d0", - "shasum": "" - }, - "require": { - "php": ">=5.3.0" - }, - "time": "2015-01-27 01:56:40", - "type": "library", - "installation-source": "dist", - "autoload": { - "psr-0": { - "PicoFeed": "lib/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Unlicense" - ], - "authors": [ - { - "name": "Frédéric Guillot", - "homepage": "http://fredericguillot.com" - } - ], - "description": "Modern library to write or read feeds (RSS/Atom)", - "homepage": "http://fguillot.github.io/picoFeed" - }, - { "name": "pear/net_url2", "version": "v2.1.1", "version_normalized": "2.1.1.0", @@ -150,5 +111,49 @@ "uri", "url" ] + }, + { + "name": "fguillot/picofeed", + "version": "dev-master", + "version_normalized": "9999999-dev", + "source": { + "type": "git", + "url": "https://github.com/fguillot/picoFeed.git", + "reference": "6f0ac9238dcb0899c8322933e7f4598890ecf744" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/fguillot/picoFeed/zipball/6f0ac9238dcb0899c8322933e7f4598890ecf744", + "reference": "6f0ac9238dcb0899c8322933e7f4598890ecf744", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "ext-iconv": "*", + "ext-libxml": "*", + "ext-simplexml": "*", + "ext-xml": "*", + "php": ">=5.3.0" + }, + "time": "2015-02-18 02:47:12", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-0": { + "PicoFeed": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Unlicense" + ], + "authors": [ + { + "name": "Frédéric Guillot", + "homepage": "http://fredericguillot.com" + } + ], + "description": "Modern library to write or read feeds (RSS/Atom)", + "homepage": "http://fguillot.github.io/picoFeed" } ] diff --git a/vendor/fguillot/picofeed/README.markdown b/vendor/fguillot/picofeed/README.markdown index ea18adbb6..4a958c24c 100644 --- a/vendor/fguillot/picofeed/README.markdown +++ b/vendor/fguillot/picofeed/README.markdown @@ -33,6 +33,7 @@ Requirements - libxml >= 2.7 - XML PHP extensions: DOM and SimpleXML - cURL or Stream Context (`allow_url_fopen=On`) +- iconv extension Authors ------- diff --git a/vendor/fguillot/picofeed/composer.json b/vendor/fguillot/picofeed/composer.json index bc842f3b1..be2e24e19 100644 --- a/vendor/fguillot/picofeed/composer.json +++ b/vendor/fguillot/picofeed/composer.json @@ -11,7 +11,12 @@ } ], "require": { - "php": ">=5.3.0" + "php": ">=5.3.0", + "ext-iconv": "*", + "ext-dom": "*", + "ext-xml": "*", + "ext-libxml": "*", + "ext-SimpleXML": "*" }, "autoload": { "psr-0": {"PicoFeed": "lib/"} diff --git a/vendor/fguillot/picofeed/docs/config.markdown b/vendor/fguillot/picofeed/docs/config.markdown index 75546abd1..8b197f6f9 100644 --- a/vendor/fguillot/picofeed/docs/config.markdown +++ b/vendor/fguillot/picofeed/docs/config.markdown @@ -283,4 +283,14 @@ $config->setFilterImageProxyCallback(function ($image_url) { $key = hash_hmac('sha1', $image_url, 'secret'); return 'https://mypublicproxy/'.$key.'/'.urlencode($image_url); }); -```
\ No newline at end of file +``` + +### Define image proxy protocol restriction + +- Method name: `setFilterImageProxyProtocol()` +- Default value: Empty (all protocols) +- Argument value: string + +```php +$config->setFilterImageProxyProtocol('http'); +``` diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Client.php b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Client.php index 55d2c562f..84a5cf296 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Client.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Client.php @@ -158,46 +158,21 @@ abstract class Client protected $status_code = 0; /** - * HTTP response body + * Enables direct passthrough to requesting client * * @access protected - * @var string - */ - protected $body = ''; - - /** - * Body size - * - * @access protected - * @var integer - */ - protected $body_length = 0; - - /** - * HTTP response headers - * - * @access protected - * @var array - */ - protected $headers = array(); - - /** - * Counter on the number of header received - * - * @access protected - * @var integer + * @var bool */ - protected $headers_counter = 0; + protected $passthrough = false; /** * Do the HTTP request * * @abstract * @access public - * @param bool $follow_location Flag used when there is an open_basedir restriction * @return array */ - abstract public function doRequest($follow_location = true); + abstract public function doRequest(); /** * Get client instance: curl or stream driver @@ -295,48 +270,6 @@ abstract class Client } } - /** - * Handle manually redirections when there is an open base dir restriction - * - * @access private - * @param string $location Redirected URL - * @return array - */ - public function handleRedirection($location) - { - $nb_redirects = 0; - $result = array(); - $this->url = Url::resolve($location, $this->url); - $this->body = ''; - $this->body_length = 0; - $this->headers = array(); - $this->headers_counter = 0; - - while (true) { - - $nb_redirects++; - - if ($nb_redirects >= $this->max_redirects) { - throw new MaxRedirectException('Maximum number of redirections reached'); - } - - $result = $this->doRequest(false); - - if ($result['status'] == 301 || $result['status'] == 302) { - $this->url = $result['headers']['Location']; - $this->body = ''; - $this->body_length = 0; - $this->headers = array(); - $this->headers_counter = 0; - } - else { - break; - } - } - - return $result; - } - /** * Check if a request has been modified according to the parameters * @@ -538,6 +471,17 @@ abstract class Client } /** + * return true if passthrough mode is enabled + * + * @access public + * @return bool + */ + public function isPassthroughEnabled() + { + return $this->passthrough; + } + + /** * Set connection timeout * * @access public @@ -668,6 +612,30 @@ abstract class Client } /** + * Enable the passthrough mode + * + * @access public + * @return \PicoFeed\Client\Client + */ + public function enablePassthroughMode() + { + $this->passthrough = true; + return $this; + } + + /** + * Disable the passthrough mode + * + * @access public + * @return \PicoFeed\Client\Client + */ + public function disablePassthroughMode() + { + $this->passthrough = false; + return $this; + } + + /** * Set config object * * @access public diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Curl.php b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Curl.php index d45773d2d..5e5514f52 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Curl.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Curl.php @@ -13,6 +13,38 @@ use PicoFeed\Logging\Logger; class Curl extends Client { /** + * HTTP response body + * + * @access private + * @var string + */ + private $body = ''; + + /** + * Body size + * + * @access private + * @var integer + */ + private $body_length = 0; + + /** + * HTTP response headers + * + * @access private + * @var array + */ + private $headers = array(); + + /** + * Counter on the number of header received + * + * @access private + * @var integer + */ + private $headers_counter = 0; + + /** * cURL callback to read the HTTP body * * If the function return -1, curl stop to read the HTTP response @@ -64,6 +96,44 @@ class Curl extends Client } /** + * cURL callback to passthrough the HTTP status header to the client + * + * @access public + * @param resource $ch cURL handler + * @param string $buffer Header line + * @return integer Length of the buffer + */ + public function passthroughHeaders($ch, $buffer) + { + list($status, $headers) = HttpHeaders::parse(array($buffer)); + + if ($status !== 0) { + header(':', true, $status); + } + elseif (isset($headers['Content-Type'])) { + header($buffer); + } + + return $this->readHeaders($ch, $buffer); + } + + /** + * cURL callback to passthrough the HTTP body to the client + * + * If the function return -1, curl stop to read the HTTP response + * + * @access public + * @param resource $ch cURL handler + * @param string $buffer Chunk of data + * @return integer Length of the buffer + */ + public function passthroughBody($ch, $buffer) + { + echo $buffer; + return strlen($buffer); + } + + /** * Prepare HTTP headers * * @access private @@ -131,6 +201,29 @@ class Curl extends Client } /** + * Set write/header functions + * + * @access private + * @return resource $ch + */ + private function prepareDownloadMode($ch) + { + $write_function = 'readBody'; + $header_function = 'readHeaders'; + + if ($this->isPassthroughEnabled()) { + $write_function = 'passthroughBody'; + $header_function = 'passthroughHeaders'; + + } + + curl_setopt($ch, CURLOPT_WRITEFUNCTION, array($this, $write_function)); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, $header_function)); + + return $ch; + } + + /** * Prepare curl context * * @access private @@ -147,12 +240,11 @@ class Curl extends Client curl_setopt($ch, CURLOPT_FOLLOWLOCATION, ini_get('open_basedir') === ''); curl_setopt($ch, CURLOPT_MAXREDIRS, $this->max_redirects); curl_setopt($ch, CURLOPT_ENCODING, ''); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, array($this, 'readBody')); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, 'readHeaders')); curl_setopt($ch, CURLOPT_COOKIEJAR, 'php://memory'); curl_setopt($ch, CURLOPT_COOKIEFILE, 'php://memory'); curl_setopt($ch, CURLOPT_SSLVERSION, 1); // Enforce TLS v1 + $ch = $this->prepareDownloadMode($ch); $ch = $this->prepareProxyContext($ch); $ch = $this->prepareAuthContext($ch); @@ -229,6 +321,48 @@ class Curl extends Client } /** + * Handle manually redirections when there is an open base dir restriction + * + * @access private + * @param string $location Redirected URL + * @return array + */ + private function handleRedirection($location) + { + $nb_redirects = 0; + $result = array(); + $this->url = Url::resolve($location, $this->url); + $this->body = ''; + $this->body_length = 0; + $this->headers = array(); + $this->headers_counter = 0; + + while (true) { + + $nb_redirects++; + + if ($nb_redirects >= $this->max_redirects) { + throw new MaxRedirectException('Maximum number of redirections reached'); + } + + $result = $this->doRequest(false); + + if ($result['status'] == 301 || $result['status'] == 302) { + $this->url = Url::resolve($result['headers']['Location'], $this->url); + $this->body = ''; + $this->body_length = 0; + $this->headers = array(); + $this->headers_counter = 0; + } + else { + break; + } + } + + return $result; + } + + /** * Handle cURL errors (throw individual exceptions) * * We don't use constants because they are not necessary always available diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Client/HttpHeaders.php b/vendor/fguillot/picofeed/lib/PicoFeed/Client/HttpHeaders.php index cde8f757c..ccced5f8e 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Client/HttpHeaders.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Client/HttpHeaders.php @@ -53,12 +53,13 @@ class HttpHeaders implements ArrayAccess */ public static function parse(array $lines) { - $status = 200; + $status = 0; $headers = array(); foreach ($lines as $line) { if (strpos($line, 'HTTP') === 0) { + $headers = array(); $status = (int) substr($line, 9, 3); } else if (strpos($line, ':') !== false) { diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Stream.php b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Stream.php index b80e731d6..1e539b106 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Client/Stream.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Client/Stream.php @@ -25,7 +25,9 @@ class Stream extends Client 'User-Agent: '.$this->user_agent, ); - if (function_exists('gzdecode')) { + // disable compression in passthrough mode. It could result in double + // compressed content which isn't decodeable by browsers + if (function_exists('gzdecode') && ! $this->isPassthroughEnabled()) { $headers[] = 'Accept-Encoding: gzip'; } @@ -49,6 +51,23 @@ class Stream extends Client } /** + * Construct the final URL from location headers + * + * @access private + * @param array $headers List of HTTP response header + */ + private function setEffectiveUrl($headers) + { + foreach($headers as $header) { + if (stripos($header, 'Location') === 0) { + list($name, $value) = explode(': ', $header); + + $this->url = Url::resolve($value, $this->url); + } + } + } + + /** * Prepare stream context * * @access private @@ -61,7 +80,7 @@ class Stream extends Client 'method' => 'GET', 'protocol_version' => 1.1, 'timeout' => $this->timeout, - 'follow_location' => 0, + 'max_redirects' => $this->max_redirects, ) ); @@ -89,11 +108,12 @@ class Stream extends Client * Do the HTTP request * * @access public - * @param bool $follow_location Flag used when there is an open_basedir restriction - * @return array HTTP response ['body' => ..., 'status' => ..., 'headers' => ...] + * @return array HTTP response ['body' => ..., 'status' => ..., 'headers' => ...] */ - public function doRequest($follow_location = false) + public function doRequest() { + $body = ''; + // Create context $context = stream_context_create($this->prepareContext()); @@ -103,30 +123,36 @@ class Stream extends Client throw new InvalidUrlException('Unable to establish a connection'); } - // Get the entir |