aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--composer.lock22
-rw-r--r--vendor/blueimp/jquery-file-upload/bower.json2
-rw-r--r--vendor/blueimp/jquery-file-upload/package.json2
-rw-r--r--vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php116
-rw-r--r--vendor/composer/installed.json26
-rw-r--r--vendor/sabre/xml/CHANGELOG.md6
-rw-r--r--vendor/sabre/xml/composer.json2
-rw-r--r--vendor/sabre/xml/lib/Deserializer/functions.php33
-rw-r--r--vendor/sabre/xml/lib/Service.php3
9 files changed, 125 insertions, 87 deletions
diff --git a/composer.lock b/composer.lock
index 2520df134..8ef154324 100644
--- a/composer.lock
+++ b/composer.lock
@@ -8,16 +8,16 @@
"packages": [
{
"name": "blueimp/jquery-file-upload",
- "version": "v9.30.0",
+ "version": "v9.31.0",
"source": {
"type": "git",
"url": "https://github.com/vkhramtsov/jQuery-File-Upload.git",
- "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558"
+ "reference": "2485bf016e1085f0cd8308723064458cb0af5729"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558",
- "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558",
+ "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729",
+ "reference": "2485bf016e1085f0cd8308723064458cb0af5729",
"shasum": ""
},
"type": "library",
@@ -59,7 +59,7 @@
"upload",
"widget"
],
- "time": "2019-04-22T09:21:57+00:00"
+ "time": "2019-05-24T07:59:46+00:00"
},
{
"name": "bshaffer/oauth2-server-php",
@@ -957,16 +957,16 @@
},
{
"name": "sabre/xml",
- "version": "1.5.0",
+ "version": "1.5.1",
"source": {
"type": "git",
"url": "https://github.com/sabre-io/xml.git",
- "reference": "59b20e5bbace9912607481634f97d05a776ffca7"
+ "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7",
- "reference": "59b20e5bbace9912607481634f97d05a776ffca7",
+ "url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e",
+ "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e",
"shasum": ""
},
"require": {
@@ -978,7 +978,7 @@
"sabre/uri": ">=1.0,<3.0.0"
},
"require-dev": {
- "phpunit/phpunit": "*",
+ "phpunit/phpunit": "~4.8|~5.7",
"sabre/cs": "~1.0.0"
},
"type": "library",
@@ -1016,7 +1016,7 @@
"dom",
"xml"
],
- "time": "2016-10-09T22:57:52+00:00"
+ "time": "2019-01-09T13:51:57+00:00"
},
{
"name": "simplepie/simplepie",
diff --git a/vendor/blueimp/jquery-file-upload/bower.json b/vendor/blueimp/jquery-file-upload/bower.json
index a5d439147..3a771f9ee 100644
--- a/vendor/blueimp/jquery-file-upload/bower.json
+++ b/vendor/blueimp/jquery-file-upload/bower.json
@@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
- "version": "9.30.0",
+ "version": "9.31.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images.",
"keywords": [
diff --git a/vendor/blueimp/jquery-file-upload/package.json b/vendor/blueimp/jquery-file-upload/package.json
index 7db22a104..bb1f9fbc5 100644
--- a/vendor/blueimp/jquery-file-upload/package.json
+++ b/vendor/blueimp/jquery-file-upload/package.json
@@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
- "version": "9.30.0",
+ "version": "9.31.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
"keywords": [
diff --git a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
index 5215e4c0f..1d79c893c 100644
--- a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
+++ b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
@@ -43,9 +43,9 @@ class UploadHandler
const IMAGETYPE_PNG = 3;
protected $image_objects = array();
+ protected $response = array();
public function __construct($options = null, $initialize = true, $error_messages = null) {
- $this->response = array();
$this->options = array(
'script_url' => $this->get_full_url().'/'.$this->basename($this->get_server_var('SCRIPT_NAME')),
'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/',
@@ -75,12 +75,12 @@ class UploadHandler
),
// By default, allow redirects to the referer protocol+host:
'redirect_allow_target' => '/^'.preg_quote(
- parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME)
- .'://'
- .parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST)
- .'/', // Trailing slash to not match subdomains by mistake
- '/' // preg_quote delimiter param
- ).'/',
+ parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME)
+ .'://'
+ .parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST)
+ .'/', // Trailing slash to not match subdomains by mistake
+ '/' // preg_quote delimiter param
+ ).'/',
// Enable to provide file downloads via GET requests to the PHP script:
// 1. Set to 1 to download files via readfile method through PHP
// 2. Set to 2 to send a X-Sendfile header for lighttpd/Apache
@@ -151,21 +151,21 @@ class UploadHandler
'identify_bin' => 'identify',
'image_versions' => array(
// The empty image version key defines options for the original image.
- // Keep in mind: these image manipulations are inherited by all other image versions from this point onwards.
+ // Keep in mind: these image manipulations are inherited by all other image versions from this point onwards.
// Also note that the property 'no_cache' is not inherited, since it's not a manipulation.
'' => array(
// Automatically rotate images based on EXIF meta data:
'auto_orient' => true
),
// You can add arrays to generate different versions.
- // The name of the key is the name of the version (example: 'medium').
+ // The name of the key is the name of the version (example: 'medium').
// the array contains the options to apply.
/*
'medium' => array(
'max_width' => 800,
'max_height' => 600
),
- */
+ */
'thumbnail' => array(
// Uncomment the following to use a defined directory for the thumbnails
// instead of a subdirectory based on the version identifier.
@@ -223,13 +223,13 @@ class UploadHandler
protected function get_full_url() {
$https = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'on') === 0 ||
!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
- strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
+ strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
return
($https ? 'https://' : 'http://').
(!empty($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'].'@' : '').
(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ($_SERVER['SERVER_NAME'].
- ($https && $_SERVER['SERVER_PORT'] === 443 ||
- $_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))).
+ ($https && $_SERVER['SERVER_PORT'] === 443 ||
+ $_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))).
substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/'));
}
@@ -377,7 +377,11 @@ class UploadHandler
public function get_config_bytes($val) {
$val = trim($val);
$last = strtolower($val[strlen($val)-1]);
- $val = (int)$val;
+ if (is_numeric($val)) {
+ $val = (int)$val;
+ } else {
+ $val = (int)substr($val, 0, -1);
+ }
switch ($last) {
case 'g':
$val *= 1024;
@@ -414,7 +418,7 @@ class UploadHandler
if ($this->options['max_file_size'] && (
$file_size > $this->options['max_file_size'] ||
$file->size > $this->options['max_file_size'])
- ) {
+ ) {
$file->error = $this->get_error_message('max_file_size');
return false;
}
@@ -424,9 +428,9 @@ class UploadHandler
return false;
}
if (is_int($this->options['max_number_of_files']) &&
- ($this->count_file_objects() >= $this->options['max_number_of_files']) &&
- // Ignore additional chunks of existing files:
- !is_file($this->get_upload_path($file->name))) {
+ ($this->count_file_objects() >= $this->options['max_number_of_files']) &&
+ // Ignore additional chunks of existing files:
+ !is_file($this->get_upload_path($file->name))) {
$file->error = $this->get_error_message('max_number_of_files');
return false;
}
@@ -451,7 +455,7 @@ class UploadHandler
unset($tmp);
}
}
- if (!empty($img_width)) {
+ if (!empty($img_width) && !empty($img_height)) {
if ($max_width && $img_width > $max_width) {
$file->error = $this->get_error_message('max_width');
return false;
@@ -488,7 +492,7 @@ class UploadHandler
}
protected function get_unique_filename($file_path, $name, $size, $type, $error,
- $index, $content_range) {
+ $index, $content_range) {
while(is_dir($this->get_upload_path($name))) {
$name = $this->upcount_name($name);
}
@@ -505,10 +509,10 @@ class UploadHandler
}
protected function fix_file_extension($file_path, $name, $size, $type, $error,
- $index, $content_range) {
+ $index, $content_range) {
// Add missing file extension for known image types:
if (strpos($name, '.') === false &&
- preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
+ preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
$name .= '.'.$matches[1];
}
if ($this->options['correct_image_extensions']) {
@@ -538,7 +542,7 @@ class UploadHandler
}
protected function trim_file_name($file_path, $name, $size, $type, $error,
- $index, $content_range) {
+ $index, $content_range) {
// Remove path information and dots around the filename, to prevent uploading
// into different directories or replacing hidden system files.
// Also remove control characters and spaces (\x00..\x20) around the filename:
@@ -561,7 +565,7 @@ class UploadHandler
}
protected function get_file_name($file_path, $name, $size, $type, $error,
- $index, $content_range) {
+ $index, $content_range) {
$name = $this->trim_file_name($file_path, $name, $size, $type, $error,
$index, $content_range);
return $this->get_unique_filename(
@@ -795,25 +799,26 @@ class UploadHandler
// Handle transparency in GIF and PNG images:
switch ($type) {
case 'gif':
- case 'png':
imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0));
+ break;
case 'png':
+ imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0));
imagealphablending($new_img, false);
imagesavealpha($new_img, true);
break;
}
$success = imagecopyresampled(
- $new_img,
- $src_img,
- $dst_x,
- $dst_y,
- 0,
- 0,
- $new_width,
- $new_height,
- $img_width,
- $img_height
- ) && $write_func($new_img, $new_file_path, $image_quality);
+ $new_img,
+ $src_img,
+ $dst_x,
+ $dst_y,
+ 0,
+ 0,
+ $new_width,
+ $new_height,
+ $img_width,
+ $img_height
+ ) && $write_func($new_img, $new_file_path, $image_quality);
$this->gd_set_image_object($file_path, $new_img);
return $success;
}
@@ -827,7 +832,12 @@ class UploadHandler
$image->setResourceLimit($type, $limit);
}
}
- $image->readImage($file_path);
+ try {
+ $image->readImage($file_path);
+ } catch (ImagickException $e) {
+ error_log($e->getMessage());
+ return null;
+ }
$this->image_objects[$file_path] = $image;
}
return $this->image_objects[$file_path];
@@ -884,6 +894,7 @@ class UploadHandler
$file_path,
!empty($options['crop']) || !empty($options['no_cache'])
);
+ if (is_null($image)) return false;
if ($image->getImageFormat() === 'GIF') {
// Handle animated GIFs:
$images = $image->coalesceImages();
@@ -896,32 +907,28 @@ class UploadHandler
$image_oriented = false;
if (!empty($options['auto_orient'])) {
$image_oriented = $this->imagick_orient_image($image);
- }
-
- $image_resize = false;
+ }
+ $image_resize = false;
$new_width = $max_width = $img_width = $image->getImageWidth();
- $new_height = $max_height = $img_height = $image->getImageHeight();
-
+ $new_height = $max_height = $img_height = $image->getImageHeight();
// use isset(). User might be setting max_width = 0 (auto in regular resizing). Value 0 would be considered empty when you use empty()
if (isset($options['max_width'])) {
- $image_resize = true;
- $new_width = $max_width = $options['max_width'];
+ $image_resize = true;
+ $new_width = $max_width = $options['max_width'];
}
if (isset($options['max_height'])) {
$image_resize = true;
$new_height = $max_height = $options['max_height'];
}
-
$image_strip = (isset($options['strip']) ? $options['strip'] : false);
-
- if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) {
+ if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) {
if ($file_path !== $new_file_path) {
return copy($file_path, $new_file_path);
}
return true;
}
$crop = (isset($options['crop']) ? $options['crop'] : false);
-
+
if ($crop) {
$x = 0;
$y = 0;
@@ -1111,14 +1118,14 @@ class UploadHandler
}
if (count($failed_versions)) {
$file->error = $this->get_error_message('image_resize')
- .' ('.implode($failed_versions, ', ').')';
+ .' ('.implode($failed_versions, ', ').')';
}
// Free memory:
$this->destroy_image_object($file_path);
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
- $index = null, $content_range = null) {
+ $index = null, $content_range = null) {
$file = new \stdClass();
$file->name = $this->get_file_name($uploaded_file, $name, $size, $type, $error,
$index, $content_range);
@@ -1319,8 +1326,7 @@ class UploadHandler
$json = json_encode($content);
$redirect = stripslashes($this->get_post_param('redirect'));
if ($redirect && preg_match($this->options['redirect_allow_target'], $redirect)) {
- $this->header('Location: '.sprintf($redirect, rawurlencode($json)));
- return;
+ return $this->header('Location: '.sprintf($redirect, rawurlencode($json)));
}
$this->head();
if ($this->get_server_var('HTTP_CONTENT_RANGE')) {
@@ -1411,11 +1417,11 @@ class UploadHandler
$files[] = $this->handle_file_upload(
isset($upload['tmp_name']) ? $upload['tmp_name'] : null,
$file_name ? $file_name : (isset($upload['name']) ?
- $upload['name'] : null),
+ $upload['name'] : null),
$size ? $size : (isset($upload['size']) ?
- $upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
+ $upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
isset($upload['type']) ?
- $upload['type'] : $this->get_server_var('CONTENT_TYPE'),
+ $upload['type'] : $this->get_server_var('CONTENT_TYPE'),
isset($upload['error']) ? $upload['error'] : null,
null,
$content_range
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index ea73a3d27..212bb79ba 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -1,20 +1,20 @@
[
{
"name": "blueimp/jquery-file-upload",
- "version": "v9.30.0",
- "version_normalized": "9.30.0.0",
+ "version": "v9.31.0",
+ "version_normalized": "9.31.0.0",
"source": {
"type": "git",
"url": "https://github.com/vkhramtsov/jQuery-File-Upload.git",
- "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558"
+ "reference": "2485bf016e1085f0cd8308723064458cb0af5729"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558",
- "reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558",
+ "url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729",
+ "reference": "2485bf016e1085f0cd8308723064458cb0af5729",
"shasum": ""
},
- "time": "2019-04-22T09:21:57+00:00",
+ "time": "2019-05-24T07:59:46+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -984,17 +984,17 @@
},
{
"name": "sabre/xml",
- "version": "1.5.0",
- "version_normalized": "1.5.0.0",
+ "version": "1.5.1",
+ "version_normalized": "1.5.1.0",
"source": {
"type": "git",
"url": "https://github.com/sabre-io/xml.git",
- "reference": "59b20e5bbace9912607481634f97d05a776ffca7"
+ "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7",
- "reference": "59b20e5bbace9912607481634f97d05a776ffca7",
+ "url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e",
+ "reference": "a367665f1df614c3b8fefc30a54de7cd295e444e",
"shasum": ""
},
"require": {
@@ -1006,10 +1006,10 @@
"sabre/uri": ">=1.0,<3.0.0"
},
"require-dev": {
- "phpunit/phpunit": "*",
+ "phpunit/phpunit": "~4.8|~5.7",
"sabre/cs": "~1.0.0"
},
- "time": "2016-10-09T22:57:52+00:00",
+ "time": "2019-01-09T13:51:57+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
diff --git a/vendor/sabre/xml/CHANGELOG.md b/vendor/sabre/xml/CHANGELOG.md
index 39a39bffe..faeba20e5 100644
--- a/vendor/sabre/xml/CHANGELOG.md
+++ b/vendor/sabre/xml/CHANGELOG.md
@@ -1,6 +1,12 @@
ChangeLog
=========
+1.5.1 (2019-01-09)
+------------------
+
+* #161: Prevent infinite loop on empty xml elements
+
+
1.5.0 (2016-10-09)
------------------
diff --git a/vendor/sabre/xml/composer.json b/vendor/sabre/xml/composer.json
index 386f8213f..1b5760393 100644
--- a/vendor/sabre/xml/composer.json
+++ b/vendor/sabre/xml/composer.json
@@ -45,7 +45,7 @@
},
"require-dev": {
"sabre/cs": "~1.0.0",
- "phpunit/phpunit" : "*"
+ "phpunit/phpunit" : "~4.8|~5.7"
},
"config" : {
"bin-dir" : "bin/"
diff --git a/vendor/sabre/xml/lib/Deserializer/functions.php b/vendor/sabre/xml/lib/Deserializer/functions.php
index 2e5d877e9..07038d99a 100644
--- a/vendor/sabre/xml/lib/Deserializer/functions.php
+++ b/vendor/sabre/xml/lib/Deserializer/functions.php
@@ -66,9 +66,20 @@ function keyValue(Reader $reader, $namespace = null) {
return [];
}
+ if (!$reader->read()) {
+ $reader->next();
+
+ return [];
+ }
+
+ if (Reader::END_ELEMENT === $reader->nodeType) {
+ $reader->next();
+
+ return [];
+ }
+
$values = [];
- $reader->read();
do {
if ($reader->nodeType === Reader::ELEMENT) {
@@ -79,7 +90,9 @@ function keyValue(Reader $reader, $namespace = null) {
$values[$clark] = $reader->parseCurrentElement()['value'];
}
} else {
- $reader->read();
+ if (!$reader->read()) {
+ break;
+ }
}
} while ($reader->nodeType !== Reader::END_ELEMENT);
@@ -144,7 +157,17 @@ function enum(Reader $reader, $namespace = null) {
$reader->next();
return [];
}
- $reader->read();
+ if (!$reader->read()) {
+ $reader->next();
+
+ return [];
+ }
+
+ if (Reader::END_ELEMENT === $reader->nodeType) {
+ $reader->next();
+
+ return [];
+ }
$currentDepth = $reader->depth;
$values = [];
@@ -204,7 +227,9 @@ function valueObject(Reader $reader, $className, $namespace) {
$reader->next();
}
} else {
- $reader->read();
+ if (!$reader->read()) {
+ break;
+ }
}
} while ($reader->nodeType !== Reader::END_ELEMENT);
diff --git a/vendor/sabre/xml/lib/Service.php b/vendor/sabre/xml/lib/Service.php
index 09ee341cf..acea94ea9 100644
--- a/vendor/sabre/xml/lib/Service.php
+++ b/vendor/sabre/xml/lib/Service.php
@@ -138,7 +138,8 @@ class Service {
* @param string|string[] $rootElementName
* @param string|resource $input
* @param string|null $contextUri
- * @return void
+ * @throws ParseException
+ * @return array|object|string
*/
function expect($rootElementName, $input, $contextUri = null) {