aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--composer.lock12
-rw-r--r--vendor/composer/InstalledVersions.php140
-rw-r--r--vendor/composer/autoload_classmap.php1
-rw-r--r--vendor/composer/autoload_real.php2
-rw-r--r--vendor/composer/autoload_static.php1
-rw-r--r--vendor/composer/installed.json14
-rw-r--r--vendor/composer/installed.php10
-rw-r--r--vendor/composer/platform_check.php26
-rw-r--r--vendor/smarty/smarty/CHANGELOG.md6
-rw-r--r--vendor/smarty/smarty/expectException0
-rw-r--r--vendor/smarty/smarty/libs/Smarty.class.php2
-rw-r--r--vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php5
-rw-r--r--vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php4
13 files changed, 144 insertions, 79 deletions
diff --git a/composer.lock b/composer.lock
index 8275ea0d5..445ff335f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1411,16 +1411,16 @@
},
{
"name": "smarty/smarty",
- "version": "v3.1.38",
+ "version": "v3.1.39",
"source": {
"type": "git",
"url": "https://github.com/smarty-php/smarty.git",
- "reference": "63b3c0aed0f614880cda21a5c08c606e97b489bb"
+ "reference": "e27da524f7bcd7361e3ea5cdfa99c4378a7b5419"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/smarty-php/smarty/zipball/63b3c0aed0f614880cda21a5c08c606e97b489bb",
- "reference": "63b3c0aed0f614880cda21a5c08c606e97b489bb",
+ "url": "https://api.github.com/repos/smarty-php/smarty/zipball/e27da524f7bcd7361e3ea5cdfa99c4378a7b5419",
+ "reference": "e27da524f7bcd7361e3ea5cdfa99c4378a7b5419",
"shasum": ""
},
"require": {
@@ -1468,9 +1468,9 @@
"forum": "http://www.smarty.net/forums/",
"irc": "irc://irc.freenode.org/smarty",
"issues": "https://github.com/smarty-php/smarty/issues",
- "source": "https://github.com/smarty-php/smarty/tree/v3.1.38"
+ "source": "https://github.com/smarty-php/smarty/tree/v3.1.39"
},
- "time": "2021-01-08T14:05:42+00:00"
+ "time": "2021-02-17T21:57:51+00:00"
},
{
"name": "symfony/polyfill-ctype",
diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php
index 0e6b84d2a..5a1f2016d 100644
--- a/vendor/composer/InstalledVersions.php
+++ b/vendor/composer/InstalledVersions.php
@@ -12,6 +12,7 @@
namespace Composer;
+use Composer\Autoload\ClassLoader;
use Composer\Semver\VersionParser;
@@ -19,6 +20,8 @@ use Composer\Semver\VersionParser;
+
+
class InstalledVersions
{
private static $installed = array (
@@ -29,7 +32,7 @@ private static $installed = array (
'aliases' =>
array (
),
- 'reference' => '6fae291cc8ec69a74d0c1673186b3d8f319378d4',
+ 'reference' => '0784d2ea4e4f492d9f03d025b56d603d15b5ee89',
'name' => 'zotlabs/hubzilla',
),
'versions' =>
@@ -232,12 +235,12 @@ private static $installed = array (
),
'smarty/smarty' =>
array (
- 'pretty_version' => 'v3.1.38',
- 'version' => '3.1.38.0',
+ 'pretty_version' => 'v3.1.39',
+ 'version' => '3.1.39.0',
'aliases' =>
array (
),
- 'reference' => '63b3c0aed0f614880cda21a5c08c606e97b489bb',
+ 'reference' => 'e27da524f7bcd7361e3ea5cdfa99c4378a7b5419',
),
'symfony/polyfill-ctype' =>
array (
@@ -271,10 +274,12 @@ private static $installed = array (
'aliases' =>
array (
),
- 'reference' => '6fae291cc8ec69a74d0c1673186b3d8f319378d4',
+ 'reference' => '0784d2ea4e4f492d9f03d025b56d603d15b5ee89',
),
),
);
+private static $canGetVendors;
+private static $installedByVendor = array();
@@ -284,7 +289,16 @@ private static $installed = array (
public static function getInstalledPackages()
{
-return array_keys(self::$installed['versions']);
+$packages = array();
+foreach (self::getInstalled() as $installed) {
+$packages[] = array_keys($installed['versions']);
+}
+
+if (1 === \count($packages)) {
+return $packages[0];
+}
+
+return array_keys(array_flip(\call_user_func_array('array_merge', $packages)));
}
@@ -297,7 +311,13 @@ return array_keys(self::$installed['versions']);
public static function isInstalled($packageName)
{
-return isset(self::$installed['versions'][$packageName]);
+foreach (self::getInstalled() as $installed) {
+if (isset($installed['versions'][$packageName])) {
+return true;
+}
+}
+
+return false;
}
@@ -332,42 +352,50 @@ return $provided->matches($constraint);
public static function getVersionRanges($packageName)
{
-if (!isset(self::$installed['versions'][$packageName])) {
-throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
+foreach (self::getInstalled() as $installed) {
+if (!isset($installed['versions'][$packageName])) {
+continue;
}
$ranges = array();
-if (isset(self::$installed['versions'][$packageName]['pretty_version'])) {
-$ranges[] = self::$installed['versions'][$packageName]['pretty_version'];
+if (isset($installed['versions'][$packageName]['pretty_version'])) {
+$ranges[] = $installed['versions'][$packageName]['pretty_version'];
}
-if (array_key_exists('aliases', self::$installed['versions'][$packageName])) {
-$ranges = array_merge($ranges, self::$installed['versions'][$packageName]['aliases']);
+if (array_key_exists('aliases', $installed['versions'][$packageName])) {
+$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']);
}
-if (array_key_exists('replaced', self::$installed['versions'][$packageName])) {
-$ranges = array_merge($ranges, self::$installed['versions'][$packageName]['replaced']);
+if (array_key_exists('replaced', $installed['versions'][$packageName])) {
+$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']);
}
-if (array_key_exists('provided', self::$installed['versions'][$packageName])) {
-$ranges = array_merge($ranges, self::$installed['versions'][$packageName]['provided']);
+if (array_key_exists('provided', $installed['versions'][$packageName])) {
+$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']);
}
return implode(' || ', $ranges);
}
+throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
+}
+
public static function getVersion($packageName)
{
-if (!isset(self::$installed['versions'][$packageName])) {
-throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
+foreach (self::getInstalled() as $installed) {
+if (!isset($installed['versions'][$packageName])) {
+continue;
}
-if (!isset(self::$installed['versions'][$packageName]['version'])) {
+if (!isset($installed['versions'][$packageName]['version'])) {
return null;
}
-return self::$installed['versions'][$packageName]['version'];
+return $installed['versions'][$packageName]['version'];
+}
+
+throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
@@ -376,15 +404,19 @@ return self::$installed['versions'][$packageName]['version'];
public static function getPrettyVersion($packageName)
{
-if (!isset(self::$installed['versions'][$packageName])) {
-throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
+foreach (self::getInstalled() as $installed) {
+if (!isset($installed['versions'][$packageName])) {
+continue;
}
-if (!isset(self::$installed['versions'][$packageName]['pretty_version'])) {
+if (!isset($installed['versions'][$packageName]['pretty_version'])) {
return null;
}
-return self::$installed['versions'][$packageName]['pretty_version'];
+return $installed['versions'][$packageName]['pretty_version'];
+}
+
+throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
@@ -393,15 +425,19 @@ return self::$installed['versions'][$packageName]['pretty_version'];
public static function getReference($packageName)
{
-if (!isset(self::$installed['versions'][$packageName])) {
-throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
+foreach (self::getInstalled() as $installed) {
+if (!isset($installed['versions'][$packageName])) {
+continue;
}
-if (!isset(self::$installed['versions'][$packageName]['reference'])) {
+if (!isset($installed['versions'][$packageName]['reference'])) {
return null;
}
-return self::$installed['versions'][$packageName]['reference'];
+return $installed['versions'][$packageName]['reference'];
+}
+
+throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
}
@@ -410,7 +446,9 @@ return self::$installed['versions'][$packageName]['reference'];
public static function getRootPackage()
{
-return self::$installed['root'];
+$installed = self::getInstalled();
+
+return $installed[0]['root'];
}
@@ -419,8 +457,11 @@ return self::$installed['root'];
+
public static function getRawData()
{
+@trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED);
+
return self::$installed;
}
@@ -430,6 +471,17 @@ return self::$installed;
+public static function getAllRawData()
+{
+return self::getInstalled();
+}
+
+
+
+
+
+
+
@@ -445,5 +497,33 @@ return self::$installed;
public static function reload($data)
{
self::$installed = $data;
+self::$installedByVendor = array();
+}
+
+
+
+
+
+private static function getInstalled()
+{
+if (null === self::$canGetVendors) {
+self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders');
+}
+
+$installed = array();
+
+if (self::$canGetVendors) {
+foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+if (isset(self::$installedByVendor[$vendorDir])) {
+$installed[] = self::$installedByVendor[$vendorDir];
+} elseif (is_file($vendorDir.'/composer/installed.php')) {
+$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
+}
+}
+}
+
+$installed[] = self::$installed;
+
+return $installed;
}
}
diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php
index cccf3a7bc..c19984103 100644
--- a/vendor/composer/autoload_classmap.php
+++ b/vendor/composer/autoload_classmap.php
@@ -1291,7 +1291,6 @@ return array(
'Zotlabs\\Module\\Photo' => $baseDir . '/Zotlabs/Module/Photo.php',
'Zotlabs\\Module\\Photos' => $baseDir . '/Zotlabs/Module/Photos.php',
'Zotlabs\\Module\\Pin' => $baseDir . '/Zotlabs/Module/Pin.php',
- 'Zotlabs\\Module\\Ping' => $baseDir . '/Zotlabs/Module/Ping.php',
'Zotlabs\\Module\\Poco' => $baseDir . '/Zotlabs/Module/Poco.php',
'Zotlabs\\Module\\Poke' => $baseDir . '/Zotlabs/Module/Poke.php',
'Zotlabs\\Module\\Poster' => $baseDir . '/Zotlabs/Module/Poster.php',
diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php
index fbfac821c..01be3a52c 100644
--- a/vendor/composer/autoload_real.php
+++ b/vendor/composer/autoload_real.php
@@ -22,8 +22,6 @@ class ComposerAutoloaderInit7b34d7e50a62201ec5d5e526a5b8b35d
return self::$loader;
}
- require __DIR__ . '/platform_check.php';
-
spl_autoload_register(array('ComposerAutoloaderInit7b34d7e50a62201ec5d5e526a5b8b35d', 'loadClassLoader'), true, true);
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
spl_autoload_unregister(array('ComposerAutoloaderInit7b34d7e50a62201ec5d5e526a5b8b35d', 'loadClassLoader'));
diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
index eb89becdf..bd6fb0600 100644
--- a/vendor/composer/autoload_static.php
+++ b/vendor/composer/autoload_static.php
@@ -1481,7 +1481,6 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d
'Zotlabs\\Module\\Photo' => __DIR__ . '/../..' . '/Zotlabs/Module/Photo.php',
'Zotlabs\\Module\\Photos' => __DIR__ . '/../..' . '/Zotlabs/Module/Photos.php',
'Zotlabs\\Module\\Pin' => __DIR__ . '/../..' . '/Zotlabs/Module/Pin.php',
- 'Zotlabs\\Module\\Ping' => __DIR__ . '/../..' . '/Zotlabs/Module/Ping.php',
'Zotlabs\\Module\\Poco' => __DIR__ . '/../..' . '/Zotlabs/Module/Poco.php',
'Zotlabs\\Module\\Poke' => __DIR__ . '/../..' . '/Zotlabs/Module/Poke.php',
'Zotlabs\\Module\\Poster' => __DIR__ . '/../..' . '/Zotlabs/Module/Poster.php',
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index ce3eae708..518683c5c 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -1437,17 +1437,17 @@
},
{
"name": "smarty/smarty",
- "version": "v3.1.38",
- "version_normalized": "3.1.38.0",
+ "version": "v3.1.39",
+ "version_normalized": "3.1.39.0",
"source": {
"type": "git",
"url": "https://github.com/smarty-php/smarty.git",
- "reference": "63b3c0aed0f614880cda21a5c08c606e97b489bb"
+ "reference": "e27da524f7bcd7361e3ea5cdfa99c4378a7b5419"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/smarty-php/smarty/zipball/63b3c0aed0f614880cda21a5c08c606e97b489bb",
- "reference": "63b3c0aed0f614880cda21a5c08c606e97b489bb",
+ "url": "https://api.github.com/repos/smarty-php/smarty/zipball/e27da524f7bcd7361e3ea5cdfa99c4378a7b5419",
+ "reference": "e27da524f7bcd7361e3ea5cdfa99c4378a7b5419",
"shasum": ""
},
"require": {
@@ -1457,7 +1457,7 @@
"phpunit/phpunit": "^7.5 || ^6.5 || ^5.7 || ^4.8",
"smarty/smarty-lexer": "^3.1"
},
- "time": "2021-01-08T14:05:42+00:00",
+ "time": "2021-02-17T21:57:51+00:00",
"type": "library",
"extra": {
"branch-alias": {
@@ -1497,7 +1497,7 @@
"forum": "http://www.smarty.net/forums/",
"irc": "irc://irc.freenode.org/smarty",
"issues": "https://github.com/smarty-php/smarty/issues",
- "source": "https://github.com/smarty-php/smarty/tree/v3.1.38"
+ "source": "https://github.com/smarty-php/smarty/tree/v3.1.39"
},
"install-path": "../smarty/smarty"
},
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 151f3da50..9d660ee03 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -6,7 +6,7 @@
'aliases' =>
array (
),
- 'reference' => '6fae291cc8ec69a74d0c1673186b3d8f319378d4',
+ 'reference' => '0784d2ea4e4f492d9f03d025b56d603d15b5ee89',
'name' => 'zotlabs/hubzilla',
),
'versions' =>
@@ -209,12 +209,12 @@
),
'smarty/smarty' =>
array (
- 'pretty_version' => 'v3.1.38',
- 'version' => '3.1.38.0',
+ 'pretty_version' => 'v3.1.39',
+ 'version' => '3.1.39.0',
'aliases' =>
array (
),
- 'reference' => '63b3c0aed0f614880cda21a5c08c606e97b489bb',
+ 'reference' => 'e27da524f7bcd7361e3ea5cdfa99c4378a7b5419',
),
'symfony/polyfill-ctype' =>
array (
@@ -248,7 +248,7 @@
'aliases' =>
array (
),
- 'reference' => '6fae291cc8ec69a74d0c1673186b3d8f319378d4',
+ 'reference' => '0784d2ea4e4f492d9f03d025b56d603d15b5ee89',
),
),
);
diff --git a/vendor/composer/platform_check.php b/vendor/composer/platform_check.php
deleted file mode 100644
index 92370c5a0..000000000
--- a/vendor/composer/platform_check.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-// platform_check.php @generated by Composer
-
-$issues = array();
-
-if (!(PHP_VERSION_ID >= 70300)) {
- $issues[] = 'Your Composer dependencies require a PHP version ">= 7.3.0". You are running ' . PHP_VERSION . '.';
-}
-
-if ($issues) {
- if (!headers_sent()) {
- header('HTTP/1.1 500 Internal Server Error');
- }
- if (!ini_get('display_errors')) {
- if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
- fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, $issues) . PHP_EOL.PHP_EOL);
- } elseif (!headers_sent()) {
- echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL;
- }
- }
- trigger_error(
- 'Composer detected issues in your platform: ' . implode(' ', $issues),
- E_USER_ERROR
- );
-}
diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md
index 06b898223..e3bb93a4f 100644
--- a/vendor/smarty/smarty/CHANGELOG.md
+++ b/vendor/smarty/smarty/CHANGELOG.md
@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [3.1.39] - 2021-02-17
+
+### Security
+- Prevent access to `$smarty.template_object` in sandbox mode
+- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`
+
## [3.1.38] - 2021-01-08
### Fixed
diff --git a/vendor/smarty/smarty/expectException b/vendor/smarty/smarty/expectException
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/smarty/smarty/expectException
diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php
index 6564be6d2..375bab133 100644
--- a/vendor/smarty/smarty/libs/Smarty.class.php
+++ b/vendor/smarty/smarty/libs/Smarty.class.php
@@ -111,7 +111,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/**
* smarty version
*/
- const SMARTY_VERSION = '3.1.38';
+ const SMARTY_VERSION = '3.1.39';
/**
* define variable scopes
*/
diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php
index 6e408ca72..d0f2b0f4a 100644
--- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php
+++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php
@@ -58,6 +58,11 @@ class Smarty_Internal_Compile_Function extends Smarty_Internal_CompileBase
}
unset($_attr[ 'nocache' ]);
$_name = trim($_attr[ 'name' ], '\'"');
+
+ if (!preg_match('/^[a-zA-Z0-9_\x80-\xff]+$/', $_name)) {
+ $compiler->trigger_template_error("Function name contains invalid characters: {$_name}", null, true);
+ }
+
$compiler->parent_compiler->tpl_function[ $_name ] = array();
$save = array(
$_attr, $compiler->parser->current_buffer, $compiler->template->compiled->has_nocache_code,
diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php
index de7d4a224..d53ef51ff 100644
--- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php
+++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php
@@ -81,6 +81,10 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
case 'template':
return 'basename($_smarty_tpl->source->filepath)';
case 'template_object':
+ if (isset($compiler->smarty->security_policy)) {
+ $compiler->trigger_template_error("(secure mode) template_object not permitted");
+ break;
+ }
return '$_smarty_tpl';
case 'current_dir':
return 'dirname($_smarty_tpl->source->filepath)';