diff options
-rw-r--r-- | 3rdparty/ZendXml/composer.json | 35 | ||||
-rw-r--r-- | 3rdparty/ZendXml/library/ZendXml/Exception/ExceptionInterface.php | 14 | ||||
-rw-r--r-- | 3rdparty/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php | 19 | ||||
-rw-r--r-- | 3rdparty/ZendXml/library/ZendXml/Exception/RuntimeException.php | 19 | ||||
-rw-r--r-- | 3rdparty/ZendXml/library/ZendXml/Security.php | 143 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/autoload.php | 7 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/composer/ClassLoader.php | 383 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/composer/autoload_classmap.php | 9 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/composer/autoload_namespaces.php | 10 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/composer/autoload_psr4.php | 9 | ||||
-rw-r--r-- | 3rdparty/ZendXml/vendor/composer/autoload_real.php | 50 | ||||
-rw-r--r-- | appinfo/application.php | 5 |
12 files changed, 702 insertions, 1 deletions
diff --git a/3rdparty/ZendXml/composer.json b/3rdparty/ZendXml/composer.json new file mode 100644 index 000000000..3b4ca91de --- /dev/null +++ b/3rdparty/ZendXml/composer.json @@ -0,0 +1,35 @@ +{ + "name": "zendframework/zendxml", + "description": "Utility library for XML usage, best practices, and security in PHP", + "type": "library", + "license": "BSD-3-Clause", + "keywords": [ + "zf2", + "xml", + "security" + ], + "homepage": "http://packages.zendframework.com/", + "autoload": { + "psr-0": { + "ZendXml": "library/" + } + }, + "repositories": [ + { + "type": "composer", + "url": "http://packages.zendframework.com/" + } + ], + "require": { + "php": ">=5.3.3" + }, + "extra": { + "branch-alias": { + "dev-master": "1.0-dev" + } + }, + "require-dev": { + "fabpot/php-cs-fixer": "*@dev", + "phpunit/phpunit": "~3.7" + } +} diff --git a/3rdparty/ZendXml/library/ZendXml/Exception/ExceptionInterface.php b/3rdparty/ZendXml/library/ZendXml/Exception/ExceptionInterface.php new file mode 100644 index 000000000..c55eb9034 --- /dev/null +++ b/3rdparty/ZendXml/library/ZendXml/Exception/ExceptionInterface.php @@ -0,0 +1,14 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + */ + +namespace ZendXml\Exception; + +interface ExceptionInterface +{ +} diff --git a/3rdparty/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php b/3rdparty/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php new file mode 100644 index 000000000..819fb9f6e --- /dev/null +++ b/3rdparty/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php @@ -0,0 +1,19 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + */ + +namespace ZendXml\Exception; + +/** + * Invalid argument exception + */ +class InvalidArgumentException + extends \InvalidArgumentException + implements ExceptionInterface +{ +} diff --git a/3rdparty/ZendXml/library/ZendXml/Exception/RuntimeException.php b/3rdparty/ZendXml/library/ZendXml/Exception/RuntimeException.php new file mode 100644 index 000000000..1d5f50625 --- /dev/null +++ b/3rdparty/ZendXml/library/ZendXml/Exception/RuntimeException.php @@ -0,0 +1,19 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + */ + +namespace ZendXml\Exception; + +/** + * Runtime exception + */ +class RuntimeException + extends \RuntimeException + implements ExceptionInterface +{ +} diff --git a/3rdparty/ZendXml/library/ZendXml/Security.php b/3rdparty/ZendXml/library/ZendXml/Security.php new file mode 100644 index 000000000..d258311f4 --- /dev/null +++ b/3rdparty/ZendXml/library/ZendXml/Security.php @@ -0,0 +1,143 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + */ +namespace ZendXml; + +use DOMDocument; +use SimpleXMLElement; + +class Security +{ + const ENTITY_DETECT = 'Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks'; + + /** + * Heuristic scan to detect entity in XML + * + * @param string $xml + * @throws Exception\RuntimeException + */ + protected static function heuristicScan($xml) + { + if (strpos($xml, '<!ENTITY') !== false) { + throw new Exception\RuntimeException(self::ENTITY_DETECT); + } + } + + /** + * Scan XML string for potential XXE and XEE attacks + * + * @param string $xml + * @param DomDocument $dom + * @param Callable( + * @param $xml + * @param $dom + * @return DomDocument|boolean + * ) $loadCallback if given allows to customize the load command e.g.: + * function ($xml, $dom) { return $dom->loadHTML($xml, LIBXML_NONET); } + * @throws Exception\RuntimeException + * @return SimpleXMLElement|DomDocument|boolean + */ + public static function scan($xml, DOMDocument $dom = null, + $loadCallback = null) + { + // If running with PHP-FPM we perform an heuristic scan + // We cannot use libxml_disable_entity_loader because of this bug + // @see https://bugs.php.net/bug.php?id=64938 + if (self::isPhpFpm()) { + self::heuristicScan($xml); + } + + if (null === $dom) { + $simpleXml = true; + $dom = new DOMDocument(); + } + + if (!self::isPhpFpm()) { + $loadEntities = libxml_disable_entity_loader(true); + $useInternalXmlErrors = libxml_use_internal_errors(true); + } + + // Load XML with network access disabled (LIBXML_NONET) + // error disabled with @ for PHP-FPM scenario + set_error_handler(function ($errno, $errstr) { + if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) { + return true; + } + return false; + }, E_WARNING); + + if ($loadCallback) { + $result = $loadCallback($xml, $dom); + } else { + $result = $dom->loadXml($xml, LIBXML_NONET); + } + + restore_error_handler(); + + // Entity load to previous setting + if (!self::isPhpFpm()) { + libxml_disable_entity_loader($loadEntities); + libxml_use_internal_errors($useInternalXmlErrors); + } + + if (!$result) { + return false; + } + + // Scan for potential XEE attacks using ENTITY, if not PHP-FPM + if (!self::isPhpFpm()) { + foreach ($dom->childNodes as $child) { + if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { + if ($child->entities->length > 0) { + throw new Exception\RuntimeException(self::ENTITY_DETECT); + } + } + } + } + + if (isset($simpleXml)) { + $result = simplexml_import_dom($dom); + if (!$result instanceof SimpleXMLElement) { + return false; + } + return $result; + } + return $dom; + } + + /** + * Scan XML file for potential XXE/XEE attacks + * + * @param string $file + * @param DOMDocument $dom + * @throws Exception\InvalidArgumentException + * @return SimpleXMLElement|DomDocument + */ + public static function scanFile($file, DOMDocument $dom = null) + { + if (!file_exists($file)) { + throw new Exception\InvalidArgumentException( + "The file $file specified doesn't exist" + ); + } + return self::scan(file_get_contents($file), $dom); + } + + /** + * Return true if PHP is running with PHP-FPM + * + * @return boolean + */ + public static function isPhpFpm() + { + if (substr(php_sapi_name(), 0, 3) === 'fpm') { + return true; + } + return false; + } +} diff --git a/3rdparty/ZendXml/vendor/autoload.php b/3rdparty/ZendXml/vendor/autoload.php new file mode 100644 index 000000000..cc69a96d3 --- /dev/null +++ b/3rdparty/ZendXml/vendor/autoload.php @@ -0,0 +1,7 @@ +<?php + +// autoload.php @generated by Composer + +require_once __DIR__ . '/composer' . '/autoload_real.php'; + +return ComposerAutoloaderInit44f71f876fa818738e1bb91ba3f97956::getLoader(); diff --git a/3rdparty/ZendXml/vendor/composer/ClassLoader.php b/3rdparty/ZendXml/vendor/composer/ClassLoader.php new file mode 100644 index 000000000..443364959 --- /dev/null +++ b/3rdparty/ZendXml/vendor/composer/ClassLoader.php @@ -0,0 +1,383 @@ +<?php + +/* + * This file is part of Composer. + * + * (c) Nils Adermann <naderman@naderman.de> + * Jordi Boggiano <j.boggiano@seld.be> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0 class loader + * + * See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier <fabien@symfony.com> + * @author Jordi Boggiano <j.boggiano@seld.be> + */ +class ClassLoader +{ + // PSR-4 + private $prefixLengthsPsr4 = array(); + private $prefixDirsPsr4 = array(); + private $fallbackDirsPsr4 = array(); + + // PSR-0 + private $prefixesPsr0 = array(); + private $fallbackDirsPsr0 = array(); + + private $useIncludePath = false; + private $classMap = array(); + + public function getPrefixes() + { + return call_user_func_array('array_merge', $this->prefixesPsr0); + } + + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + */ + public function add($prefix, $paths, $prepend = false) + { + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + (array) $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + (array) $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = (array) $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + (array) $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-0 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + (array) $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + (array) $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + (array) $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + (array) $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + } + + /** + * Unregisters this instance as an autoloader. + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return bool|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + includeFile($file); + + return true; + } + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731 + if ('\\' == $class[0]) { + $class = substr($class, 1); + } + + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if ($file === null && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if ($file === null) { + // Remember that this class does not exist. + return $this->classMap[$class] = false; + } + + return $file; + } + + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) { + if (0 === strpos($class, $prefix)) { + foreach ($this->prefixDirsPsr4[$prefix] as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + } +} + +/** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + */ +function includeFile($file) +{ + include $file; +} diff --git a/3rdparty/ZendXml/vendor/composer/autoload_classmap.php b/3rdparty/ZendXml/vendor/composer/autoload_classmap.php new file mode 100644 index 000000000..7a91153b0 --- /dev/null +++ b/3rdparty/ZendXml/vendor/composer/autoload_classmap.php @@ -0,0 +1,9 @@ +<?php + +// autoload_classmap.php @generated by Composer + +$vendorDir = dirname(dirname(__FILE__)); +$baseDir = dirname($vendorDir); + +return array( +); diff --git a/3rdparty/ZendXml/vendor/composer/autoload_namespaces.php b/3rdparty/ZendXml/vendor/composer/autoload_namespaces.php new file mode 100644 index 000000000..22f78f2ff --- /dev/null +++ b/3rdparty/ZendXml/vendor/composer/autoload_namespaces.php @@ -0,0 +1,10 @@ +<?php + +// autoload_namespaces.php @generated by Composer + +$vendorDir = dirname(dirname(__FILE__)); +$baseDir = dirname($vendorDir); + +return array( + 'ZendXml' => array($baseDir . '/library'), +); diff --git a/3rdparty/ZendXml/vendor/composer/autoload_psr4.php b/3rdparty/ZendXml/vendor/composer/autoload_psr4.php new file mode 100644 index 000000000..b265c64a2 --- /dev/null +++ b/3rdparty/ZendXml/vendor/composer/autoload_psr4.php @@ -0,0 +1,9 @@ +<?php + +// autoload_psr4.php @generated by Composer + +$vendorDir = dirname(dirname(__FILE__)); +$baseDir = dirname($vendorDir); + +return array( +); diff --git a/3rdparty/ZendXml/vendor/composer/autoload_real.php b/3rdparty/ZendXml/vendor/composer/autoload_real.php new file mode 100644 index 000000000..d33fba17e --- /dev/null +++ b/3rdparty/ZendXml/vendor/composer/autoload_real.php @@ -0,0 +1,50 @@ +<?php + +// autoload_real.php @generated by Composer + +class ComposerAutoloaderInit44f71f876fa818738e1bb91ba3f97956 +{ + private static $loader; + + public static function loadClassLoader($class) + { + if ('Composer\Autoload\ClassLoader' === $class) { + require __DIR__ . '/ClassLoader.php'; + } + } + + public static function getLoader() + { + if (null !== self::$loader) { + return self::$loader; + } + + spl_autoload_register(array('ComposerAutoloaderInit44f71f876fa818738e1bb91ba3f97956', 'loadClassLoader'), true, true); + self::$loader = $loader = new \Composer\Autoload\ClassLoader(); + spl_autoload_unregister(array('ComposerAutoloaderInit44f71f876fa818738e1bb91ba3f97956', 'loadClassLoader')); + + $map = require __DIR__ . '/autoload_namespaces.php'; + foreach ($map as $namespace => $path) { + $loader->set($namespace, $path); + } + + $map = require __DIR__ . '/autoload_psr4.php'; + foreach ($map as $namespace => $path) { + $loader->setPsr4($namespace, $path); + } + + $classMap = require __DIR__ . '/autoload_classmap.php'; + if ($classMap) { + $loader->addClassMap($classMap); + } + + $loader->register(true); + + return $loader; + } +} + +function composerRequire44f71f876fa818738e1bb91ba3f97956($file) +{ + require $file; +} diff --git a/appinfo/application.php b/appinfo/application.php index f8c2bc7fa..297b00ad9 100644 --- a/appinfo/application.php +++ b/appinfo/application.php @@ -57,10 +57,13 @@ use \OCA\News\ArticleEnhancer\RegexArticleEnhancer; require_once __DIR__ . '/../3rdparty/htmlpurifier/library/HTMLPurifier.auto.php'; // to prevent clashes with installed app framework versions -if(!class_exists('\SimplePie')) { +if (!class_exists('\SimplePie')) { require_once __DIR__ . '/../3rdparty/simplepie/autoloader.php'; } +if (!class_exists('\ZendXML\Security')) { + require_once __DIR__ . '/../3rdparty/ZendXml/vendor/autoload.php'; +} class Application extends App { |