diff options
author | Thomas Willingham <founder@kakste.com> | 2014-04-12 18:13:37 +0100 |
---|---|---|
committer | Thomas Willingham <founder@kakste.com> | 2014-04-12 18:13:37 +0100 |
commit | cdc8454cf112006e4199b6221bcaa3c3a509b564 (patch) | |
tree | 267293b7f5536bda899324af8913549baf4c4c72 /vendor/sabre/dav/lib/Sabre/DAV | |
parent | 2fdcd0c27eac389709f48d6b40723e153c1492e6 (diff) | |
download | volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.tar.gz volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.tar.bz2 volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.zip |
Update sabre
Diffstat (limited to 'vendor/sabre/dav/lib/Sabre/DAV')
81 files changed, 110 insertions, 87 deletions
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractBasic.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractBasic.php index daa8bd8ad..5ea6f6c7c 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractBasic.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractBasic.php @@ -12,7 +12,7 @@ use Sabre\HTTP; * Most of the digest logic is handled, implementors just need to worry about * the validateUserPass method. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author James David Low (http://jameslow.com/) * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractDigest.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractDigest.php index 14993a014..e140f7b3a 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractDigest.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/AbstractDigest.php @@ -12,7 +12,7 @@ use Sabre\DAV; * Most of the digest logic is handled, implementors just need to worry about * the getDigestHash method * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/Apache.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/Apache.php index bdde16716..308f5eff2 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/Apache.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/Apache.php @@ -11,7 +11,7 @@ use Sabre\DAV; * * Make sure apache is properly configured for this to work. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/BackendInterface.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/BackendInterface.php index 140adaa2e..36e472002 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/BackendInterface.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/BackendInterface.php @@ -5,7 +5,7 @@ namespace Sabre\DAV\Auth\Backend; /** * This is the base class for any authentication object. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/File.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/File.php index c325b1e5b..c7c1047a5 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/File.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * The backend file must conform to Apache's htdigest format * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/PDO.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/PDO.php index 1bc6699b7..a5fb5f18c 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/PDO.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Backend/PDO.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Auth\Backend; * * The backend file must conform to Apache's htdigest format * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Plugin.php index fccbcc22f..95c669e4a 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Auth/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Auth/Plugin.php @@ -12,7 +12,7 @@ use Sabre\DAV; * * {DAV:}current-user-principal property from RFC5397 * * {DAV:}principal-collection-set property from RFC3744 * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Browser/GuessContentType.php b/vendor/sabre/dav/lib/Sabre/DAV/Browser/GuessContentType.php index 36c63f515..41ec4bb8b 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Browser/GuessContentType.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Browser/GuessContentType.php @@ -15,7 +15,7 @@ use Sabre\DAV; * so this extension does what the rest of the world does, and guesses it based * on the file extension. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Browser/MapGetToPropFind.php b/vendor/sabre/dav/lib/Sabre/DAV/Browser/MapGetToPropFind.php index a429e8f88..ff8452c57 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Browser/MapGetToPropFind.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Browser/MapGetToPropFind.php @@ -10,7 +10,7 @@ use Sabre\DAV; * * This should allow easy debugging of PROPFIND * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Browser/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Browser/Plugin.php index 5fefc7ee2..0e54f706f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Browser/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Browser/Plugin.php @@ -13,7 +13,7 @@ use Sabre\DAV; * The class intercepts GET requests to collection resources and generates a simple * html index. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -374,7 +374,7 @@ class Plugin extends DAV\ServerPlugin { $html.=$output; $html.= "</table> - <address>Generated by SabreDAV " . $version . " (c)2007-2013 <a href=\"http://code.google.com/p/sabredav/\">http://code.google.com/p/sabredav/</a></address> + <address>Generated by SabreDAV " . $version . " (c)2007-2014 <a href=\"http://code.google.com/p/sabredav/\">http://code.google.com/p/sabredav/</a></address> </body> </html>"; diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Client.php b/vendor/sabre/dav/lib/Sabre/DAV/Client.php index b9cf043a2..1cec8ff6f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Client.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Client.php @@ -10,7 +10,7 @@ namespace Sabre\DAV; * * NOTE: This class is experimental, it's api will likely change in the future. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -314,7 +314,11 @@ class Client { CURLOPT_RETURNTRANSFER => true, // Return headers as part of the response CURLOPT_HEADER => true, - CURLOPT_POSTFIELDS => $body, + + // For security we cast this to a string. If somehow an array could + // be passed here, it would be possible for an attacker to use @ to + // post local files. + CURLOPT_POSTFIELDS => (string)$body, // Automatically follow redirects CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, @@ -526,7 +530,12 @@ class Client { $body = XMLUtil::convertDAVNamespace($body); + // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or + // 5.4.13. + $previous = libxml_disable_entity_loader(true); $responseXML = simplexml_load_string($body, null, LIBXML_NOBLANKS | LIBXML_NOCDATA); + libxml_disable_entity_loader($previous); + if ($responseXML===false) { throw new \InvalidArgumentException('The passed data is not valid XML'); } diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Collection.php b/vendor/sabre/dav/lib/Sabre/DAV/Collection.php index d8d5265b9..9564dd462 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Collection.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Collection.php @@ -8,7 +8,7 @@ namespace Sabre\DAV; * This is a helper class, that should aid in getting collections classes setup. * Most of its methods are implemented, and throw permission denied exceptions * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception.php index 9c7a985b4..3f99fc4dd 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception.php @@ -5,7 +5,7 @@ * * This is SabreDAV's base exception file, use this to implement your own exception. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/BadRequest.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/BadRequest.php index bcf4c8eb4..2fcd4c04d 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/BadRequest.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/BadRequest.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Exception; * The BadRequest is thrown when the user submitted an invalid HTTP request * BadRequest * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Conflict.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Conflict.php index 2c8fa8167..b15ca37cc 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Conflict.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Conflict.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Exception; * A 409 Conflict is thrown when a user tried to make a directory over an existing * file or in a parent directory that doesn't exist. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ConflictingLock.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ConflictingLock.php index ba66f243d..33cdf50d8 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ConflictingLock.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ConflictingLock.php @@ -10,7 +10,7 @@ use Sabre\DAV; * Similar to the Locked exception, this exception thrown when a LOCK request * was made, on a resource which was already locked * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/FileNotFound.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/FileNotFound.php index da700ebb0..6743d1d04 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/FileNotFound.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/FileNotFound.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Exception; * Deprecated: Warning, this class is deprecated and will be removed in a * future version of SabreDAV. Please use Sabre\DAV\Exception\NotFound instead. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @deprecated Use Sabre\DAV\Exception\NotFound instead * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Forbidden.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Forbidden.php index 3c9a46677..6fb5004d7 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Forbidden.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Forbidden.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Exception; * * This exception is thrown whenever a user tries to do an operation he's not allowed to * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/InsufficientStorage.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/InsufficientStorage.php index 8505ce17f..90aa6abb2 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/InsufficientStorage.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/InsufficientStorage.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Exception; * * This Exception can be thrown, when for example a harddisk is full or a quota is exceeded * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/InvalidResourceType.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/InvalidResourceType.php index ce64f2ee0..16162e08f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/InvalidResourceType.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/InvalidResourceType.php @@ -10,7 +10,7 @@ namespace Sabre\DAV\Exception; * * See RFC5689 section 3.3 * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/LockTokenMatchesRequestUri.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/LockTokenMatchesRequestUri.php index a8f8407f0..e99b68d40 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/LockTokenMatchesRequestUri.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/LockTokenMatchesRequestUri.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * This exception is thrown by UNLOCK if a supplied lock-token is invalid * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Locked.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Locked.php index 2f8460be2..000adaac9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/Locked.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/Locked.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * The 423 is thrown when a client tried to access a resource that was locked, without supplying a valid lock token * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/MethodNotAllowed.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/MethodNotAllowed.php index 09aeca4c8..7dd97f48f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/MethodNotAllowed.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/MethodNotAllowed.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Exception; * * The 405 is thrown when a client tried to create a directory on an already existing directory * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotAuthenticated.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotAuthenticated.php index 695edda15..1c4dc2ae9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotAuthenticated.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotAuthenticated.php @@ -10,7 +10,7 @@ use Sabre\DAV; * This exception is thrown when the client did not provide valid * authentication credentials. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotFound.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotFound.php index 605c650a4..281ba2136 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotFound.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotFound.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Exception; * * This Exception is thrown when a Node couldn't be found. It returns HTTP error code 404 * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotImplemented.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotImplemented.php index 6934a53e5..0b76fb19a 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotImplemented.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/NotImplemented.php @@ -7,7 +7,7 @@ namespace Sabre\DAV\Exception; * * This exception is thrown when the client tried to call an unsupported HTTP method or other feature * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/PaymentRequired.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/PaymentRequired.php index ad053fd79..511403c2b 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/PaymentRequired.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/PaymentRequired.php @@ -10,7 +10,7 @@ use Sabre\DAV; * The PaymentRequired exception may be thrown in a case where a user must pay * to access a certain resource or operation. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/PreconditionFailed.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/PreconditionFailed.php index 225b99a36..9e51ba01f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/PreconditionFailed.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/PreconditionFailed.php @@ -11,7 +11,7 @@ use Sabre\DAV; * like for example an If, If-None-Match or If-Match header, which caused the HTTP * request to not execute (the condition of the header failed) * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ReportNotSupported.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ReportNotSupported.php index d55c99bd0..59bee3f34 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ReportNotSupported.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ReportNotSupported.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * This exception is thrown when the client requested an unknown report through the REPORT method * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/RequestedRangeNotSatisfiable.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/RequestedRangeNotSatisfiable.php index 0a8a85808..c33aa9bb1 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/RequestedRangeNotSatisfiable.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/RequestedRangeNotSatisfiable.php @@ -10,7 +10,7 @@ use Sabre\DAV; * This exception is normally thrown when the user * request a range that is out of the entity bounds. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ServiceUnavailable.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ServiceUnavailable.php index dca764899..157687c6e 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/ServiceUnavailable.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/ServiceUnavailable.php @@ -11,7 +11,7 @@ use Sabre\DAV; * is currently not available (e.g. down for maintenance). * * @author Thomas Müller <thomas.mueller@tmit.eu> - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ class ServiceUnavailable extends DAV\Exception { diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Exception/UnsupportedMediaType.php b/vendor/sabre/dav/lib/Sabre/DAV/Exception/UnsupportedMediaType.php index 38f5a9fac..293c9b7b9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Exception/UnsupportedMediaType.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Exception/UnsupportedMediaType.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Exception; * The 415 Unsupported Media Type status code is generally sent back when the client * tried to call an HTTP method, with a body the server didn't understand * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FS/Directory.php b/vendor/sabre/dav/lib/Sabre/DAV/FS/Directory.php index 333492d17..8a6d1f038 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FS/Directory.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FS/Directory.php @@ -6,7 +6,7 @@ use Sabre\DAV; /** * Directory class * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FS/File.php b/vendor/sabre/dav/lib/Sabre/DAV/FS/File.php index 437a4dd78..b15883555 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FS/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FS/File.php @@ -7,7 +7,7 @@ use Sabre\DAV; /** * File class * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FS/Node.php b/vendor/sabre/dav/lib/Sabre/DAV/FS/Node.php index 4f52e1683..dc31bdfe9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FS/Node.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FS/Node.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * The node class implements the method used by both the File and the Directory classes * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Directory.php b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Directory.php index c27ad5ba5..e547b368a 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Directory.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Directory.php @@ -7,7 +7,7 @@ use Sabre\DAV; /** * Directory class * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/File.php b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/File.php index 402195757..e895d9140 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/File.php @@ -6,7 +6,7 @@ use Sabre\DAV; /** * File class * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Node.php b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Node.php index 4fb6c9a9a..285ab496a 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Node.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/FSExt/Node.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * The node class implements the method used by both the File and the Directory classes * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/File.php b/vendor/sabre/dav/lib/Sabre/DAV/File.php index 10f56c540..4ab25530d 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/File.php @@ -8,7 +8,7 @@ namespace Sabre\DAV; * This is a helper class, that should aid in getting file classes setup. * Most of its methods are implemented, and throw permission denied exceptions * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/ICollection.php b/vendor/sabre/dav/lib/Sabre/DAV/ICollection.php index 3f26c1245..2c4d95456 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/ICollection.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/ICollection.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * This interface should be implemented by each class that represents a collection * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/IExtendedCollection.php b/vendor/sabre/dav/lib/Sabre/DAV/IExtendedCollection.php index 50ae3f4d2..45ab8630f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/IExtendedCollection.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/IExtendedCollection.php @@ -8,7 +8,7 @@ namespace Sabre\DAV; * This interface can be used to create special-type of collection-resources * as defined by RFC 5689. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/IFile.php b/vendor/sabre/dav/lib/Sabre/DAV/IFile.php index 025b0213d..1df454db2 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/IFile.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/IFile.php @@ -9,7 +9,7 @@ namespace Sabre\DAV; * this specific node a PUT or GET method may be performed, to either update, * or retrieve the contents of the file. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/INode.php b/vendor/sabre/dav/lib/Sabre/DAV/INode.php index c3f3c4abd..f59dca754 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/INode.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/INode.php @@ -5,7 +5,7 @@ namespace Sabre\DAV; /** * The INode interface is the base interface, and the parent class of both ICollection and IFile * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/IProperties.php b/vendor/sabre/dav/lib/Sabre/DAV/IProperties.php index 5e0124549..7f0d8b259 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/IProperties.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/IProperties.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * Implement this interface to support custom WebDAV properties requested and sent from clients. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/IQuota.php b/vendor/sabre/dav/lib/Sabre/DAV/IQuota.php index 463c0f0db..60fedb5a5 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/IQuota.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/IQuota.php @@ -9,7 +9,7 @@ namespace Sabre\DAV; * will check for quota information on any given node. If the information is not available it will * attempt to fetch the information from the root node. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php index 78fa8aa9a..fa13f462c 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php @@ -11,7 +11,7 @@ use Sabre\DAV\Locks; * to ensure that if default code is required in the backend, there will be a * non-bc-breaking way to do so. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php index 7665a10b5..7bd7d572d 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php @@ -8,7 +8,7 @@ use Sabre\DAV\Locks; * If you are defining your own Locks backend, you must implement this * interface. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php index b77d8b5af..971db9740 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php @@ -17,7 +17,7 @@ use Sabre\DAV\Locks\LockInfo; * You are recommended to use either the PDO or the File backend instead. * * @deprecated - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php index 22d31e347..c62e1d465 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php @@ -12,7 +12,7 @@ use Sabre\DAV\Locks\LockInfo; * Note that this is not nearly as robust as a database, you are encouraged * to use the PDO backend instead. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php index cb9f633cc..3617daafc 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php @@ -10,7 +10,7 @@ use Sabre\DAV\Locks\LockInfo; * This Lock Manager stores all its data in a database. You must pass a PDO * connection object in the constructor. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php index f7178a819..d3588ac10 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Locks; * An object of the LockInfo class holds all the information relevant to a * single lock. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php index ece363e1b..34e1b53f9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php @@ -14,7 +14,7 @@ use Sabre\DAV; * $lockPlugin = new Sabre\DAV\Locks\Plugin($lockBackend); * $server->addPlugin($lockPlugin); * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -621,10 +621,17 @@ class Plugin extends DAV\ServerPlugin { */ protected function parseLockRequest($body) { + // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or + // 5.4.13. + $previous = libxml_disable_entity_loader(true); + + $xml = simplexml_load_string( DAV\XMLUtil::convertDAVNamespace($body), null, LIBXML_NOWARNING); + libxml_disable_entity_loader($previous); + $xml->registerXPathNamespace('d','urn:DAV'); $lockInfo = new LockInfo(); diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Mount/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Mount/Plugin.php index 669acafc0..23f7f31e2 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Mount/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Mount/Plugin.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * Simply append ?mount to any collection to generate the davmount response. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Node.php b/vendor/sabre/dav/lib/Sabre/DAV/Node.php index 53c4b831a..3619ac250 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Node.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Node.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * This is a helper class, that should aid in getting nodes setup. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/ObjectTree.php b/vendor/sabre/dav/lib/Sabre/DAV/ObjectTree.php index fda55e19a..5bdfdffe6 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/ObjectTree.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/ObjectTree.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * This implementation of the Tree class makes use of the INode, IFile and ICollection API's * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/IFile.php b/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/IFile.php index 15598a010..69c41b008 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/IFile.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/IFile.php @@ -9,7 +9,7 @@ use Sabre\DAV; * It may be used to update a file chunk, upload big a file into smaller * chunks or resume an upload * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Jean-Tiare LE BIGOT (http://www.jtlebi.fr/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/Plugin.php index cc06c8369..26188a1fa 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/PartialUpdate/Plugin.php @@ -14,7 +14,7 @@ use Sabre\DAV; * $patchPlugin = new \Sabre\DAV\PartialUpdate\Plugin(); * $server->addPlugin($patchPlugin); * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Jean-Tiare LE BIGOT (http://www.jtlebi.fr/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property.php b/vendor/sabre/dav/lib/Sabre/DAV/Property.php index 00f0df3fe..c5943f1b0 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * Extend this class to create custom complex properties * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/GetLastModified.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/GetLastModified.php index 9240f55cc..b0b950535 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/GetLastModified.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/GetLastModified.php @@ -14,7 +14,7 @@ use Sabre\HTTP; * This class uses unix timestamps internally, and converts them to RFC 1123 times for * serialization * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/Href.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/Href.php index ac198c723..e51d4e3f7 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/Href.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/Href.php @@ -10,7 +10,7 @@ use Sabre\DAV; * The href property represents a url within a {DAV:}href element. * This is used by many WebDAV extensions, but not really within the WebDAV core spec * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/HrefList.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/HrefList.php index 3eab755ca..e0cca68cd 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/HrefList.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/HrefList.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * This property contains multiple {DAV:}href elements, each containing a url. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/IHref.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/IHref.php index a4ae09b3f..473c1942f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/IHref.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/IHref.php @@ -9,7 +9,7 @@ namespace Sabre\DAV\Property; * This is used by certain subsystems to aquire more information about for example * the owner of a file * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/LockDiscovery.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/LockDiscovery.php index 3b36ca6a7..52095f733 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/LockDiscovery.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/LockDiscovery.php @@ -9,7 +9,7 @@ use Sabre\DAV; * * This property contains all the open locks on a given resource * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/ResourceType.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/ResourceType.php index 9582d5598..e5ce84b7f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/ResourceType.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/ResourceType.php @@ -10,7 +10,7 @@ use Sabre\DAV; * Normally for files this is empty, and for collection {DAV:}collection. * However, other specs define different values for this. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/Response.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/Response.php index 58e90d89d..16aa23168 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/Response.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/Response.php @@ -11,7 +11,7 @@ use Sabre\DAV; * This is used by the Server class to encode individual items within a multistatus * response. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/ResponseList.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/ResponseList.php index b605a4e9a..d9840f585 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/ResponseList.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/ResponseList.php @@ -11,7 +11,7 @@ use Sabre\DAV; * This is used by the Server class to encode items within a multistatus * response. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedLock.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedLock.php index e6f477c38..1bab4e0be 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedLock.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedLock.php @@ -10,7 +10,7 @@ use Sabre\DAV; * This property contains information about what kind of locks * this server supports. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedReportSet.php b/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedReportSet.php index 993105b8a..d5ed32c42 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedReportSet.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Property/SupportedReportSet.php @@ -10,7 +10,7 @@ use Sabre\DAV; * This property is defined in RFC3253, but since it's * so common in other webdav-related specs, it is part of the core server. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/PropertyInterface.php b/vendor/sabre/dav/lib/Sabre/DAV/PropertyInterface.php index 856e643f3..f3b8862aa 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/PropertyInterface.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/PropertyInterface.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * Implement this interface to create new complex properties * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Server.php b/vendor/sabre/dav/lib/Sabre/DAV/Server.php index 11ac642d6..4aa6cacd4 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Server.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Server.php @@ -6,7 +6,7 @@ use Sabre\HTTP; /** * Main DAV server class * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/ServerPlugin.php b/vendor/sabre/dav/lib/Sabre/DAV/ServerPlugin.php index b8396abaf..44bd037b9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/ServerPlugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/ServerPlugin.php @@ -7,7 +7,7 @@ namespace Sabre\DAV; * * Plugins can modify or extend the servers behaviour. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/SimpleCollection.php b/vendor/sabre/dav/lib/Sabre/DAV/SimpleCollection.php index c38c39e72..17af83c8c 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/SimpleCollection.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/SimpleCollection.php @@ -8,7 +8,7 @@ namespace Sabre\DAV; * The SimpleCollection is used to quickly setup static directory structures. * Just create the object with a proper name, and add children to use it. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/SimpleFile.php b/vendor/sabre/dav/lib/Sabre/DAV/SimpleFile.php index 694207eec..4c3b673ae 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/SimpleFile.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/SimpleFile.php @@ -9,7 +9,7 @@ namespace Sabre\DAV; * the directory structure. One usecase would be to add a 'readme.txt' to a * root of a webserver with some standard content. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/StringUtil.php b/vendor/sabre/dav/lib/Sabre/DAV/StringUtil.php index 0f299bf11..1f42694a5 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/StringUtil.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/StringUtil.php @@ -9,7 +9,7 @@ namespace Sabre\DAV; * the CalDAV calendar-query REPORT, and CardDAV addressbook-query REPORT. * Because they both need it, it was decided to put it in Sabre\DAV instead. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/TemporaryFileFilterPlugin.php b/vendor/sabre/dav/lib/Sabre/DAV/TemporaryFileFilterPlugin.php index d1ae18d5b..6c3f05b56 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/TemporaryFileFilterPlugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/TemporaryFileFilterPlugin.php @@ -22,7 +22,7 @@ namespace Sabre\DAV; * Additional patterns can be added, by adding on to the * temporaryFilePatterns property. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Tree.php b/vendor/sabre/dav/lib/Sabre/DAV/Tree.php index af08c39f0..196b6024b 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Tree.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Tree.php @@ -5,7 +5,7 @@ namespace Sabre\DAV; /** * Abstract tree object * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Tree/Filesystem.php b/vendor/sabre/dav/lib/Sabre/DAV/Tree/Filesystem.php index 9004f678a..2e478b306 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Tree/Filesystem.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Tree/Filesystem.php @@ -13,7 +13,7 @@ use Sabre\DAV; * * Specifically copying and moving are much, much faster. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/URLUtil.php b/vendor/sabre/dav/lib/Sabre/DAV/URLUtil.php index b71ea003d..1ab874077 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/URLUtil.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/URLUtil.php @@ -14,7 +14,10 @@ namespace Sabre\DAV; * ). Since these are reserved, but don't have a reserved meaning in url, these characters are * kept as-is. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * It was also discovered that versions of the SOGO connector for thunderbird + * has issues with urlencoded colons. + * + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -30,7 +33,7 @@ class URLUtil { */ static function encodePath($path) { - return preg_replace_callback('/([^A-Za-z0-9_\-\.~\(\)\/])/',function($match) { + return preg_replace_callback('/([^A-Za-z0-9_\-\.~\(\)\/:])/',function($match) { return '%'.sprintf('%02x',ord($match[0])); @@ -48,7 +51,7 @@ class URLUtil { */ static function encodePathSegment($pathSegment) { - return preg_replace_callback('/([^A-Za-z0-9_\-\.~\(\)])/',function($match) { + return preg_replace_callback('/([^A-Za-z0-9_\-\.~\(\):])/',function($match) { return '%'.sprintf('%02x',ord($match[0])); diff --git a/vendor/sabre/dav/lib/Sabre/DAV/UUIDUtil.php b/vendor/sabre/dav/lib/Sabre/DAV/UUIDUtil.php index e6b78fac6..f20e1cba0 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/UUIDUtil.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/UUIDUtil.php @@ -9,7 +9,7 @@ namespace Sabre\DAV; * UUIDs are used a decent amount within various *DAV standards, so it made * sense to include it. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Version.php b/vendor/sabre/dav/lib/Sabre/DAV/Version.php index c82bc17e3..c15de9de9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Version.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Version.php @@ -5,7 +5,7 @@ namespace Sabre\DAV; /** * This class contains the SabreDAV version constants. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -14,7 +14,7 @@ class Version { /** * Full version number */ - const VERSION = '1.8.7'; + const VERSION = '1.8.9'; /** * Stability : alpha, beta, stable diff --git a/vendor/sabre/dav/lib/Sabre/DAV/XMLUtil.php b/vendor/sabre/dav/lib/Sabre/DAV/XMLUtil.php index 298398da0..046a59162 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/XMLUtil.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/XMLUtil.php @@ -5,7 +5,7 @@ namespace Sabre\DAV; /** * XML utilities for WebDAV * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -113,6 +113,9 @@ class XMLUtil { // Retaining old error setting $oldErrorSetting = libxml_use_internal_errors(true); + // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or + // 5.4.13. + $oldEntityLoaderSetting = libxml_disable_entity_loader(true); // Clearing any previous errors libxml_clear_errors(); @@ -121,7 +124,7 @@ class XMLUtil { // We don't generally care about any whitespace $dom->preserveWhiteSpace = false; - + $dom->loadXML(self::convertDAVNamespace($xml),LIBXML_NOWARNING | LIBXML_NOERROR); if ($error = libxml_get_last_error()) { @@ -131,6 +134,7 @@ class XMLUtil { // Restoring old mechanism for error handling if ($oldErrorSetting===false) libxml_use_internal_errors(false); + if ($oldEntityLoaderSetting===false) libxml_disable_entity_loader(true); return $dom; |