Update sabre

7 files changed, 14 insertions, 7 deletions

diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php
index 78fa8aa9a..fa13f462c 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php
@@ -11,7 +11,7 @@ use Sabre\DAV\Locks;
  * to ensure that if default code is required in the backend, there will be a
  * non-bc-breaking way to do so.
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php
index 7665a10b5..7bd7d572d 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php
@@ -8,7 +8,7 @@ use Sabre\DAV\Locks;
  * If you are defining your own Locks backend, you must implement this
  * interface.
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php
index b77d8b5af..971db9740 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php
@@ -17,7 +17,7 @@ use Sabre\DAV\Locks\LockInfo;
  * You are recommended to use either the PDO or the File backend instead.
  *
  * @deprecated
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php
index 22d31e347..c62e1d465 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php
@@ -12,7 +12,7 @@ use Sabre\DAV\Locks\LockInfo;
  * Note that this is not nearly as robust as a database, you are encouraged
  * to use the PDO backend instead.
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php
index cb9f633cc..3617daafc 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php
@@ -10,7 +10,7 @@ use Sabre\DAV\Locks\LockInfo;
  * This Lock Manager stores all its data in a database. You must pass a PDO
  * connection object in the constructor.
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php
index f7178a819..d3588ac10 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php
@@ -8,7 +8,7 @@ namespace Sabre\DAV\Locks;
  * An object of the LockInfo class holds all the information relevant to a
  * single lock.
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php
index ece363e1b..34e1b53f9 100644
--- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php
+++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php
@@ -14,7 +14,7 @@ use Sabre\DAV;
  * $lockPlugin = new Sabre\DAV\Locks\Plugin($lockBackend);
  * $server->addPlugin($lockPlugin);
  *
- * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/).
+ * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
  * @author Evert Pot (http://evertpot.com/)
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
@@ -621,10 +621,17 @@ class Plugin extends DAV\ServerPlugin {
      */
     protected function parseLockRequest($body) {
 
+        // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or
+        // 5.4.13.
+        $previous = libxml_disable_entity_loader(true);
+
+
         $xml = simplexml_load_string(
             DAV\XMLUtil::convertDAVNamespace($body),
             null,
             LIBXML_NOWARNING);
+        libxml_disable_entity_loader($previous);
+
         $xml->registerXPathNamespace('d','urn:DAV');
         $lockInfo = new LockInfo();