From c80837a9e6a1d5049a03fbb608b2b650c1b0f92d Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sun, 18 Mar 2018 02:13:05 +0100 Subject: :arrow_up: Update libraries. michelf/php-markdown (1.7.0 => 1.8.0) ezyang/htmlpurifier (v4.9.3 => v4.10.0) commerceguys/intl (v0.7.4 => v0.7.5) sabre/http (4.2.3 => v4.2.4) sabre/vobject (4.1.3 => 4.1.5) --- vendor/ezyang/htmlpurifier/NEWS | 14 ++++++ vendor/ezyang/htmlpurifier/README.md | 4 +- vendor/ezyang/htmlpurifier/VERSION | 2 +- .../extras/HTMLPurifierExtras.autoload-legacy.php | 15 ++++++ .../extras/HTMLPurifierExtras.autoload.php | 5 +- .../library/HTMLPurifier.autoload-legacy.php | 15 ++++++ .../htmlpurifier/library/HTMLPurifier.autoload.php | 5 +- .../htmlpurifier/library/HTMLPurifier.includes.php | 2 +- .../ezyang/htmlpurifier/library/HTMLPurifier.php | 6 +-- .../library/HTMLPurifier/AttrDef/URI/Host.php | 2 +- .../htmlpurifier/library/HTMLPurifier/Config.php | 2 +- .../HTMLPurifier/DefinitionCache/Serializer.php | 13 +++-- .../HTMLPurifier/DefinitionCache/Serializer/README | 0 .../htmlpurifier/library/HTMLPurifier/Injector.php | 12 +++-- .../htmlpurifier/library/HTMLPurifier/Length.php | 6 ++- .../library/HTMLPurifier/Lexer/DOMLex.php | 57 ++++++++++++++++++---- .../library/HTMLPurifier/Lexer/PH5P.php | 4 +- vendor/ezyang/htmlpurifier/maintenance/PH5P.php | 4 +- .../htmlpurifier/maintenance/compile-doxygen.sh | 0 .../maintenance/flush-definition-cache.php | 0 .../maintenance/generate-entity-file.php | 0 .../maintenance/generate-standalone.php | 0 .../htmlpurifier/maintenance/merge-library.php | 0 .../htmlpurifier/maintenance/regenerate-docs.sh | 0 24 files changed, 126 insertions(+), 42 deletions(-) create mode 100644 vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php create mode 100644 vendor/ezyang/htmlpurifier/library/HTMLPurifier.autoload-legacy.php mode change 100755 => 100644 vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/compile-doxygen.sh mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/flush-definition-cache.php mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/generate-entity-file.php mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/generate-standalone.php mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/merge-library.php mode change 100755 => 100644 vendor/ezyang/htmlpurifier/maintenance/regenerate-docs.sh (limited to 'vendor/ezyang') diff --git a/vendor/ezyang/htmlpurifier/NEWS b/vendor/ezyang/htmlpurifier/NEWS index fd5d56cf0..9b6e10232 100644 --- a/vendor/ezyang/htmlpurifier/NEWS +++ b/vendor/ezyang/htmlpurifier/NEWS @@ -9,6 +9,20 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier . Internal change ========================== +4.10.0, released 2018-02-22 +# PHP 5.3 is no longer officially supported by HTML Purifier + (we did not specifically break support, but we are no longer + testing on PHP 5.3) +! Relative CSS length units are now supported +- A few PHP 7.2 compatibility fixes, thanks John Flatness + +- Improve portability with old versions of libxml which don't + support accessing the data of a node +- IDNA2008 is now used for converting domains to ASCII, fixing + some rather strange bugs with international domains +- Fix race condition resulting in E_WARNING when creating + directories with Serializer + 4.9.3, released 2017-06-02 - Workaround PHP 7.1 infinite loop when opcode cache is enabled. Thanks @Xiphin (#134, #135) diff --git a/vendor/ezyang/htmlpurifier/README.md b/vendor/ezyang/htmlpurifier/README.md index b321f2b69..37715c607 100644 --- a/vendor/ezyang/htmlpurifier/README.md +++ b/vendor/ezyang/htmlpurifier/README.md @@ -2,7 +2,7 @@ HTML Purifier [![Build Status](https://secure.travis-ci.org/ezyang/htmlpurifier. ============= HTML Purifier is an HTML filtering solution that uses a unique combination -of robust whitelists and agressive parsing to ensure that not only are +of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant. HTML Purifier is oriented towards richly formatted documents from @@ -26,4 +26,4 @@ Package available on [Composer](https://packagist.org/packages/ezyang/htmlpurifi If you're using Composer to manage dependencies, you can use - $ composer require "ezyang/htmlpurifier": "dev-master" + $ composer require "ezyang/htmlpurifier":"dev-master" diff --git a/vendor/ezyang/htmlpurifier/VERSION b/vendor/ezyang/htmlpurifier/VERSION index e94f14fa9..1910ba9d2 100644 --- a/vendor/ezyang/htmlpurifier/VERSION +++ b/vendor/ezyang/htmlpurifier/VERSION @@ -1 +1 @@ -4.9.3 \ No newline at end of file +4.10.0 \ No newline at end of file diff --git a/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php new file mode 100644 index 000000000..d1485bf2e --- /dev/null +++ b/vendor/ezyang/htmlpurifier/extras/HTMLPurifierExtras.autoload-legacy.php @@ -0,0 +1,15 @@ +generateDirectoryPath($config); $chmod = $config->get('Cache.SerializerPermissions'); if ($chmod === null) { - // TODO: This races - if (is_dir($directory)) return true; - return mkdir($directory); + if (!@mkdir($directory) && !is_dir($directory)) { + trigger_error( + 'Could not create directory ' . $directory . '', + E_USER_WARNING + ); + return false; + } + return true; } if (!is_dir($directory)) { $base = $this->generateBaseDirectoryPath($config); @@ -233,7 +238,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac } elseif (!$this->_testPermissions($base, $chmod)) { return false; } - if (!mkdir($directory, $chmod)) { + if (!@mkdir($directory, $chmod) && !is_dir($directory)) { trigger_error( 'Could not create directory ' . $directory . '', E_USER_WARNING diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/README old mode 100755 new mode 100644 diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php index 5060eef9e..116b470c3 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Injector.php @@ -157,11 +157,13 @@ abstract class HTMLPurifier_Injector return false; } // check for exclusion - for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) { - $node = $this->currentNesting[$i]; - $def = $this->htmlDefinition->info[$node->name]; - if (isset($def->excludes[$name])) { - return false; + if (!empty($this->currentNesting)) { + for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) { + $node = $this->currentNesting[$i]; + $def = $this->htmlDefinition->info[$node->name]; + if (isset($def->excludes[$name])) { + return false; + } } } return true; diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php index bbfbe6624..e70da55a9 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php @@ -26,12 +26,14 @@ class HTMLPurifier_Length protected $isValid; /** - * Array Lookup array of units recognized by CSS 2.1 + * Array Lookup array of units recognized by CSS 3 * @type array */ protected static $allowedUnits = array( 'em' => true, 'ex' => true, 'px' => true, 'in' => true, - 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true + 'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true, + 'ch' => true, 'rem' => true, 'vw' => true, 'vh' => true, + 'vmin' => true, 'vmax' => true ); /** diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php index 22ab5820c..6238a99e3 100644 --- a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php @@ -126,6 +126,41 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer } while ($level > 0); } + /** + * Portably retrieve the tag name of a node; deals with older versions + * of libxml like 2.7.6 + * @param DOMNode $node + */ + protected function getTagName($node) + { + if (property_exists($node, 'tagName')) { + return $node->tagName; + } else if (property_exists($node, 'nodeName')) { + return $node->nodeName; + } else if (property_exists($node, 'localName')) { + return $node->localName; + } + return null; + } + + /** + * Portably retrieve the data of a node; deals with older versions + * of libxml like 2.7.6 + * @param DOMNode $node + */ + protected function getData($node) + { + if (property_exists($node, 'data')) { + return $node->data; + } else if (property_exists($node, 'nodeValue')) { + return $node->nodeValue; + } else if (property_exists($node, 'textContent')) { + return $node->textContent; + } + return null; + } + + /** * @param DOMNode $node DOMNode to be tokenized. * @param HTMLPurifier_Token[] $tokens Array-list of already tokenized tokens. @@ -141,7 +176,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer // but we're not getting the character reference nodes because // those should have been preprocessed if ($node->nodeType === XML_TEXT_NODE) { - $tokens[] = $this->factory->createText($node->data); + $data = $this->getData($node); // Handle variable data property + if ($data !== null) { + $tokens[] = $this->factory->createText($data); + } return false; } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) { // undo libxml's special treatment of