diff options
-rw-r--r-- | composer.lock | 22 | ||||
-rw-r--r-- | vendor/blueimp/jquery-file-upload/bower.json | 2 | ||||
-rw-r--r-- | vendor/blueimp/jquery-file-upload/package.json | 2 | ||||
-rw-r--r-- | vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php | 116 | ||||
-rw-r--r-- | vendor/composer/installed.json | 26 | ||||
-rw-r--r-- | vendor/sabre/xml/CHANGELOG.md | 6 | ||||
-rw-r--r-- | vendor/sabre/xml/composer.json | 2 | ||||
-rw-r--r-- | vendor/sabre/xml/lib/Deserializer/functions.php | 33 | ||||
-rw-r--r-- | vendor/sabre/xml/lib/Service.php | 3 |
9 files changed, 125 insertions, 87 deletions
diff --git a/composer.lock b/composer.lock index 2520df134..8ef154324 100644 --- a/composer.lock +++ b/composer.lock @@ -8,16 +8,16 @@ "packages": [ { "name": "blueimp/jquery-file-upload", - "version": "v9.30.0", + "version": "v9.31.0", "source": { "type": "git", "url": "https://github.com/vkhramtsov/jQuery-File-Upload.git", - "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558" + "reference": "2485bf016e1085f0cd8308723064458cb0af5729" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558", - "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558", + "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729", + "reference": "2485bf016e1085f0cd8308723064458cb0af5729", "shasum": "" }, "type": "library", @@ -59,7 +59,7 @@ "upload", "widget" ], - "time": "2019-04-22T09:21:57+00:00" + "time": "2019-05-24T07:59:46+00:00" }, { "name": "bshaffer/oauth2-server-php", @@ -957,16 +957,16 @@ }, { "name": "sabre/xml", - "version": "1.5.0", + "version": "1.5.1", "source": { "type": "git", "url": "https://github.com/sabre-io/xml.git", - "reference": "59b20e5bbace9912607481634f97d05a776ffca7" + "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7", - "reference": "59b20e5bbace9912607481634f97d05a776ffca7", + "url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e", + "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e", "shasum": "" }, "require": { @@ -978,7 +978,7 @@ "sabre/uri": ">=1.0,<3.0.0" }, "require-dev": { - "phpunit/phpunit": "*", + "phpunit/phpunit": "~4.8|~5.7", "sabre/cs": "~1.0.0" }, "type": "library", @@ -1016,7 +1016,7 @@ "dom", "xml" ], - "time": "2016-10-09T22:57:52+00:00" + "time": "2019-01-09T13:51:57+00:00" }, { "name": "simplepie/simplepie", diff --git a/vendor/blueimp/jquery-file-upload/bower.json b/vendor/blueimp/jquery-file-upload/bower.json index a5d439147..3a771f9ee 100644 --- a/vendor/blueimp/jquery-file-upload/bower.json +++ b/vendor/blueimp/jquery-file-upload/bower.json @@ -1,6 +1,6 @@ { "name": "blueimp-file-upload", - "version": "9.30.0", + "version": "9.31.0", "title": "jQuery File Upload", "description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images.", "keywords": [ diff --git a/vendor/blueimp/jquery-file-upload/package.json b/vendor/blueimp/jquery-file-upload/package.json index 7db22a104..bb1f9fbc5 100644 --- a/vendor/blueimp/jquery-file-upload/package.json +++ b/vendor/blueimp/jquery-file-upload/package.json @@ -1,6 +1,6 @@ { "name": "blueimp-file-upload", - "version": "9.30.0", + "version": "9.31.0", "title": "jQuery File Upload", "description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.", "keywords": [ diff --git a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php index 5215e4c0f..1d79c893c 100644 --- a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php +++ b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php @@ -43,9 +43,9 @@ class UploadHandler const IMAGETYPE_PNG = 3; protected $image_objects = array(); + protected $response = array(); public function __construct($options = null, $initialize = true, $error_messages = null) { - $this->response = array(); $this->options = array( 'script_url' => $this->get_full_url().'/'.$this->basename($this->get_server_var('SCRIPT_NAME')), 'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/', @@ -75,12 +75,12 @@ class UploadHandler ), // By default, allow redirects to the referer protocol+host: 'redirect_allow_target' => '/^'.preg_quote( - parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME) - .'://' - .parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST) - .'/', // Trailing slash to not match subdomains by mistake - '/' // preg_quote delimiter param - ).'/', + parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME) + .'://' + .parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST) + .'/', // Trailing slash to not match subdomains by mistake + '/' // preg_quote delimiter param + ).'/', // Enable to provide file downloads via GET requests to the PHP script: // 1. Set to 1 to download files via readfile method through PHP // 2. Set to 2 to send a X-Sendfile header for lighttpd/Apache @@ -151,21 +151,21 @@ class UploadHandler 'identify_bin' => 'identify', 'image_versions' => array( // The empty image version key defines options for the original image. - // Keep in mind: these image manipulations are inherited by all other image versions from this point onwards. + // Keep in mind: these image manipulations are inherited by all other image versions from this point onwards. // Also note that the property 'no_cache' is not inherited, since it's not a manipulation. '' => array( // Automatically rotate images based on EXIF meta data: 'auto_orient' => true ), // You can add arrays to generate different versions. - // The name of the key is the name of the version (example: 'medium'). + // The name of the key is the name of the version (example: 'medium'). // the array contains the options to apply. /* 'medium' => array( 'max_width' => 800, 'max_height' => 600 ), - */ + */ 'thumbnail' => array( // Uncomment the following to use a defined directory for the thumbnails // instead of a subdirectory based on the version identifier. @@ -223,13 +223,13 @@ class UploadHandler protected function get_full_url() { $https = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'on') === 0 || !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && - strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0; + strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0; return ($https ? 'https://' : 'http://'). (!empty($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'].'@' : ''). (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ($_SERVER['SERVER_NAME']. - ($https && $_SERVER['SERVER_PORT'] === 443 || - $_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))). + ($https && $_SERVER['SERVER_PORT'] === 443 || + $_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))). substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/')); } @@ -377,7 +377,11 @@ class UploadHandler public function get_config_bytes($val) { $val = trim($val); $last = strtolower($val[strlen($val)-1]); - $val = (int)$val; + if (is_numeric($val)) { + $val = (int)$val; + } else { + $val = (int)substr($val, 0, -1); + } switch ($last) { case 'g': $val *= 1024; @@ -414,7 +418,7 @@ class UploadHandler if ($this->options['max_file_size'] && ( $file_size > $this->options['max_file_size'] || $file->size > $this->options['max_file_size']) - ) { + ) { $file->error = $this->get_error_message('max_file_size'); return false; } @@ -424,9 +428,9 @@ class UploadHandler return false; } if (is_int($this->options['max_number_of_files']) && - ($this->count_file_objects() >= $this->options['max_number_of_files']) && - // Ignore additional chunks of existing files: - !is_file($this->get_upload_path($file->name))) { + ($this->count_file_objects() >= $this->options['max_number_of_files']) && + // Ignore additional chunks of existing files: + !is_file($this->get_upload_path($file->name))) { $file->error = $this->get_error_message('max_number_of_files'); return false; } @@ -451,7 +455,7 @@ class UploadHandler unset($tmp); } } - if (!empty($img_width)) { + if (!empty($img_width) && !empty($img_height)) { if ($max_width && $img_width > $max_width) { $file->error = $this->get_error_message('max_width'); return false; @@ -488,7 +492,7 @@ class UploadHandler } protected function get_unique_filename($file_path, $name, $size, $type, $error, - $index, $content_range) { + $index, $content_range) { while(is_dir($this->get_upload_path($name))) { $name = $this->upcount_name($name); } @@ -505,10 +509,10 @@ class UploadHandler } protected function fix_file_extension($file_path, $name, $size, $type, $error, - $index, $content_range) { + $index, $content_range) { // Add missing file extension for known image types: if (strpos($name, '.') === false && - preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { + preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { $name .= '.'.$matches[1]; } if ($this->options['correct_image_extensions']) { @@ -538,7 +542,7 @@ class UploadHandler } protected function trim_file_name($file_path, $name, $size, $type, $error, - $index, $content_range) { + $index, $content_range) { // Remove path information and dots around the filename, to prevent uploading // into different directories or replacing hidden system files. // Also remove control characters and spaces (\x00..\x20) around the filename: @@ -561,7 +565,7 @@ class UploadHandler } protected function get_file_name($file_path, $name, $size, $type, $error, - $index, $content_range) { + $index, $content_range) { $name = $this->trim_file_name($file_path, $name, $size, $type, $error, $index, $content_range); return $this->get_unique_filename( @@ -795,25 +799,26 @@ class UploadHandler // Handle transparency in GIF and PNG images: switch ($type) { case 'gif': - case 'png': imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0)); + break; case 'png': + imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0)); imagealphablending($new_img, false); imagesavealpha($new_img, true); break; } $success = imagecopyresampled( - $new_img, - $src_img, - $dst_x, - $dst_y, - 0, - 0, - $new_width, - $new_height, - $img_width, - $img_height - ) && $write_func($new_img, $new_file_path, $image_quality); + $new_img, + $src_img, + $dst_x, + $dst_y, + 0, + 0, + $new_width, + $new_height, + $img_width, + $img_height + ) && $write_func($new_img, $new_file_path, $image_quality); $this->gd_set_image_object($file_path, $new_img); return $success; } @@ -827,7 +832,12 @@ class UploadHandler $image->setResourceLimit($type, $limit); } } - $image->readImage($file_path); + try { + $image->readImage($file_path); + } catch (ImagickException $e) { + error_log($e->getMessage()); + return null; + } $this->image_objects[$file_path] = $image; } return $this->image_objects[$file_path]; @@ -884,6 +894,7 @@ class UploadHandler $file_path, !empty($options['crop']) || !empty($options['no_cache']) ); + if (is_null($image)) return false; if ($image->getImageFormat() === 'GIF') { // Handle animated GIFs: $images = $image->coalesceImages(); @@ -896,32 +907,28 @@ class UploadHandler $image_oriented = false; if (!empty($options['auto_orient'])) { $image_oriented = $this->imagick_orient_image($image); - } - - $image_resize = false; + } + $image_resize = false; $new_width = $max_width = $img_width = $image->getImageWidth(); - $new_height = $max_height = $img_height = $image->getImageHeight(); - + $new_height = $max_height = $img_height = $image->getImageHeight(); // use isset(). User might be setting max_width = 0 (auto in regular resizing). Value 0 would be considered empty when you use empty() if (isset($options['max_width'])) { - $image_resize = true; - $new_width = $max_width = $options['max_width']; + $image_resize = true; + $new_width = $max_width = $options['max_width']; } if (isset($options['max_height'])) { $image_resize = true; $new_height = $max_height = $options['max_height']; } - $image_strip = (isset($options['strip']) ? $options['strip'] : false); - - if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) { + if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) { if ($file_path !== $new_file_path) { return copy($file_path, $new_file_path); } return true; } $crop = (isset($options['crop']) ? $options['crop'] : false); - + if ($crop) { $x = 0; $y = 0; @@ -1111,14 +1118,14 @@ class UploadHandler } if (count($failed_versions)) { $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions, ', ').')'; + .' ('.implode($failed_versions, ', ').')'; } // Free memory: $this->destroy_image_object($file_path); } protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, - $index = null, $content_range = null) { + $index = null, $content_range = null) { $file = new \stdClass(); $file->name = $this->get_file_name($uploaded_file, $name, $size, $type, $error, $index, $content_range); @@ -1319,8 +1326,7 @@ class UploadHandler $json = json_encode($content); $redirect = stripslashes($this->get_post_param('redirect')); if ($redirect && preg_match($this->options['redirect_allow_target'], $redirect)) { - $this->header('Location: '.sprintf($redirect, rawurlencode($json))); - return; + return $this->header('Location: '.sprintf($redirect, rawurlencode($json))); } $this->head(); if ($this->get_server_var('HTTP_CONTENT_RANGE')) { @@ -1411,11 +1417,11 @@ class UploadHandler $files[] = $this->handle_file_upload( isset($upload['tmp_name']) ? $upload['tmp_name'] : null, $file_name ? $file_name : (isset($upload['name']) ? - $upload['name'] : null), + $upload['name'] : null), $size ? $size : (isset($upload['size']) ? - $upload['size'] : $this->get_server_var('CONTENT_LENGTH')), + $upload['size'] : $this->get_server_var('CONTENT_LENGTH')), isset($upload['type']) ? - $upload['type'] : $this->get_server_var('CONTENT_TYPE'), + $upload['type'] : $this->get_server_var('CONTENT_TYPE'), isset($upload['error']) ? $upload['error'] : null, null, $content_range diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index ea73a3d27..212bb79ba 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -1,20 +1,20 @@ [ { "name": "blueimp/jquery-file-upload", - "version": "v9.30.0", - "version_normalized": "9.30.0.0", + "version": "v9.31.0", + "version_normalized": "9.31.0.0", "source": { "type": "git", "url": "https://github.com/vkhramtsov/jQuery-File-Upload.git", - "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558" + "reference": "2485bf016e1085f0cd8308723064458cb0af5729" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558", - "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558", + "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729", + "reference": "2485bf016e1085f0cd8308723064458cb0af5729", "shasum": "" }, - "time": "2019-04-22T09:21:57+00:00", + "time": "2019-05-24T07:59:46+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -984,17 +984,17 @@ }, { "name": "sabre/xml", - "version": "1.5.0", - "version_normalized": "1.5.0.0", + "version": "1.5.1", + "version_normalized": "1.5.1.0", "source": { "type": "git", "url": "https://github.com/sabre-io/xml.git", - "reference": "59b20e5bbace9912607481634f97d05a776ffca7" + "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7", - "reference": "59b20e5bbace9912607481634f97d05a776ffca7", + "url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e", + "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e", "shasum": "" }, "require": { @@ -1006,10 +1006,10 @@ "sabre/uri": ">=1.0,<3.0.0" }, "require-dev": { - "phpunit/phpunit": "*", + "phpunit/phpunit": "~4.8|~5.7", "sabre/cs": "~1.0.0" }, - "time": "2016-10-09T22:57:52+00:00", + "time": "2019-01-09T13:51:57+00:00", "type": "library", "installation-source": "dist", "autoload": { diff --git a/vendor/sabre/xml/CHANGELOG.md b/vendor/sabre/xml/CHANGELOG.md index 39a39bffe..faeba20e5 100644 --- a/vendor/sabre/xml/CHANGELOG.md +++ b/vendor/sabre/xml/CHANGELOG.md @@ -1,6 +1,12 @@ ChangeLog ========= +1.5.1 (2019-01-09) +------------------ + +* #161: Prevent infinite loop on empty xml elements + + 1.5.0 (2016-10-09) ------------------ diff --git a/vendor/sabre/xml/composer.json b/vendor/sabre/xml/composer.json index 386f8213f..1b5760393 100644 --- a/vendor/sabre/xml/composer.json +++ b/vendor/sabre/xml/composer.json @@ -45,7 +45,7 @@ }, "require-dev": { "sabre/cs": "~1.0.0", - "phpunit/phpunit" : "*" + "phpunit/phpunit" : "~4.8|~5.7" }, "config" : { "bin-dir" : "bin/" diff --git a/vendor/sabre/xml/lib/Deserializer/functions.php b/vendor/sabre/xml/lib/Deserializer/functions.php index 2e5d877e9..07038d99a 100644 --- a/vendor/sabre/xml/lib/Deserializer/functions.php +++ b/vendor/sabre/xml/lib/Deserializer/functions.php @@ -66,9 +66,20 @@ function keyValue(Reader $reader, $namespace = null) { return []; } + if (!$reader->read()) { + $reader->next(); + + return []; + } + + if (Reader::END_ELEMENT === $reader->nodeType) { + $reader->next(); + + return []; + } + $values = []; - $reader->read(); do { if ($reader->nodeType === Reader::ELEMENT) { @@ -79,7 +90,9 @@ function keyValue(Reader $reader, $namespace = null) { $values[$clark] = $reader->parseCurrentElement()['value']; } } else { - $reader->read(); + if (!$reader->read()) { + break; + } } } while ($reader->nodeType !== Reader::END_ELEMENT); @@ -144,7 +157,17 @@ function enum(Reader $reader, $namespace = null) { $reader->next(); return []; } - $reader->read(); + if (!$reader->read()) { + $reader->next(); + + return []; + } + + if (Reader::END_ELEMENT === $reader->nodeType) { + $reader->next(); + + return []; + } $currentDepth = $reader->depth; $values = []; @@ -204,7 +227,9 @@ function valueObject(Reader $reader, $className, $namespace) { $reader->next(); } } else { - $reader->read(); + if (!$reader->read()) { + break; + } } } while ($reader->nodeType !== Reader::END_ELEMENT); diff --git a/vendor/sabre/xml/lib/Service.php b/vendor/sabre/xml/lib/Service.php index 09ee341cf..acea94ea9 100644 --- a/vendor/sabre/xml/lib/Service.php +++ b/vendor/sabre/xml/lib/Service.php @@ -138,7 +138,8 @@ class Service { * @param string|string[] $rootElementName * @param string|resource $input * @param string|null $contextUri - * @return void + * @throws ParseException + * @return array|object|string */ function expect($rootElementName, $input, $contextUri = null) { |