Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-11-17 02:31:02 +01:00
Code Issues Packages Projects Releases Activity

Updated with new supported picofeed

Browse Source
This commit is contained in:
Andy Miller
2019-02-08 14:01:00 -07:00
parent 536898f41b
commit bee93d55c8
370 changed files with 776 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
vendor/zendframework/zendxml/CHANGELOG.md vendored
View File

@@ -2,6 +2,62 @@
All notable changes to this project will be documented in this file, in reverse chronological order by release.
## 1.2.0 - 2019-01-22
### Added
- [#6](https://github.com/zendframework/zendxml/pull/6) adds the following method:
```php
Security::scanHtml(
string $html,
DOMDocument $dom = null,
int $libXmlConstants = 0
) : SimpleXMLElement|DOMDocument|bool
```
This method allows scanning markup known to be HTML, versus assuming the
markup is generic XML.
### Changed
- Nothing.
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- Nothing.
## 1.1.1 - 2019-01-22
### Added
- [#16](https://github.com/zendframework/ZendXml/pull/16) adds support for PHP 7.3.
### Changed
- Nothing.
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- [#17](https://github.com/zendframework/ZendXml/pull/17) properly enables heuristic security checks for PHP 5.6.0 - 5.6.5 when PHP
is running as PHP-FPM.
## 1.1.0 - 2018-04-30
### Added

54
vendor/zendframework/zendxml/composer.json vendored Normal file
View File

@@ -0,0 +1,54 @@
{
"name": "zendframework/zendxml",
"description": "Utility library for XML usage, best practices, and security in PHP",
"license": "BSD-3-Clause",
"keywords": [
"zf",
"zendframework",
"xml",
"security"
],
"support": {
"issues": "https://github.com/zendframework/ZendXml/issues",
"source": "https://github.com/zendframework/ZendXml",
"rss": "https://github.com/zendframework/ZendXml/releases.atom",
"chat": "https://zendframework-slack.herokuapp.com",
"forum": "https://discourse.zendframework.com/c/questions/components"
},
"require": {
"php": "^5.6 || ^7.0"
},
"require-dev": {
"zendframework/zend-coding-standard": "~1.0.0",
"phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.4"
},
"autoload": {
"psr-4": {
"ZendXml\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"ZendXmlTest\\": "test/"
}
},
"config": {
"sort-packages": true
},
"extra": {
"branch-alias": {
"dev-master": "1.2.x-dev",
"dev-develop": "1.3.x-dev"
}
},
"scripts": {
"check": [
"@cs-check",
"@test"
],
"cs-check": "phpcs",
"cs-fix": "phpcbf",
"test": "phpunit --colors=always",
"test-coverage": "phpunit --colors=always --coverage-clover clover.xml"
}
}

55
vendor/zendframework/zendxml/src/Security.php vendored
View File

@@ -34,10 +34,12 @@ class Security
*
* @param string $xml
* @param DomDocument $dom
* @param int $libXmlConstants additional libxml constants to pass in
* @param callable $callback the callback to use to create the dom element
* @throws Exception\RuntimeException
* @return SimpleXMLElement|DomDocument|boolean
*/
public static function scan($xml, DOMDocument $dom = null)
private static function scanString($xml, DOMDocument $dom = null, $libXmlConstants, callable $callback)
{
// If running with PHP-FPM we perform an heuristic scan
// We cannot use libxml_disable_entity_loader because of this bug
@@ -64,7 +66,9 @@ class Security
}
return false;
}, E_WARNING);
$result = $dom->loadXml($xml, LIBXML_NONET);
$result = $callback($xml, $dom, LIBXML_NONET | $libXmlConstants);
restore_error_handler();
if (! $result) {
@@ -103,6 +107,40 @@ class Security
return $dom;
}
/**
* Scan XML string for potential XXE and XEE attacks
*
* @param string $xml
* @param DomDocument $dom
* @param int $libXmlConstants additional libxml constants to pass in
* @throws Exception\RuntimeException
* @return SimpleXMLElement|DomDocument|boolean
*/
public static function scan($xml, DOMDocument $dom = null, $libXmlConstants = 0)
{
$callback = function ($xml, $dom, $constants) {
return $dom->loadXml($xml, $constants);
};
return self::scanString($xml, $dom, $libXmlConstants, $callback);
}
/**
* Scan HTML string for potential XXE and XEE attacks
*
* @param string $xml
* @param DomDocument $dom
* @param int $libXmlConstants additional libxml constants to pass in
* @throws Exception\RuntimeException
* @return SimpleXMLElement|DomDocument|boolean
*/
public static function scanHtml($html, DOMDocument $dom = null, $libXmlConstants = 0)
{
$callback = function ($html, $dom, $constants) {
return $dom->loadHtml($html, $constants);
};
return self::scanString($html, $dom, $libXmlConstants, $callback);
}
/**
* Scan XML file for potential XXE/XEE attacks
*
@@ -128,7 +166,7 @@ class Security
* (vs libxml checks) should be made, due to threading issues in libxml;
* under php-fpm, threading becomes a concern.
*
* However, PHP versions 5.5.22+ and 5.6.6+ contain a patch to the
* However, PHP versions 5.6.6+ contain a patch to the
* libxml support in PHP that makes the libxml checks viable; in such
* versions, this method will return false to enforce those checks, which
* are more strict and accurate than the heuristic checks.
@@ -137,15 +175,10 @@ class Security
*/
public static function isPhpFpm()
{
$isVulnerableVersion = (
version_compare(PHP_VERSION, '5.5.22', 'lt')
|| (
version_compare(PHP_VERSION, '5.6', 'gte')
&& version_compare(PHP_VERSION, '5.6.6', 'lt')
)
);
$isVulnerableVersion = version_compare(PHP_VERSION, '5.6', 'ge')
&& version_compare(PHP_VERSION, '5.6.6', 'lt');
if (substr(php_sapi_name(), 0, 3) === 'fpm' && $isVulnerableVersion) {
if (0 === strpos(php_sapi_name(), 'fpm') && $isVulnerableVersion) {
return true;
}
return false;