From cdc8454cf112006e4199b6221bcaa3c3a509b564 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Sat, 12 Apr 2014 18:13:37 +0100 Subject: Update sabre --- vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php | 2 +- .../sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php | 2 +- vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php | 2 +- vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php | 2 +- vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php | 2 +- vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php | 2 +- vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php | 9 ++++++++- 7 files changed, 14 insertions(+), 7 deletions(-) (limited to 'vendor/sabre/dav/lib/Sabre/DAV/Locks') diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php index 78fa8aa9a..fa13f462c 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/AbstractBackend.php @@ -11,7 +11,7 @@ use Sabre\DAV\Locks; * to ensure that if default code is required in the backend, there will be a * non-bc-breaking way to do so. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php index 7665a10b5..7bd7d572d 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/BackendInterface.php @@ -8,7 +8,7 @@ use Sabre\DAV\Locks; * If you are defining your own Locks backend, you must implement this * interface. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php index b77d8b5af..971db9740 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/FS.php @@ -17,7 +17,7 @@ use Sabre\DAV\Locks\LockInfo; * You are recommended to use either the PDO or the File backend instead. * * @deprecated - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php index 22d31e347..c62e1d465 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/File.php @@ -12,7 +12,7 @@ use Sabre\DAV\Locks\LockInfo; * Note that this is not nearly as robust as a database, you are encouraged * to use the PDO backend instead. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php index cb9f633cc..3617daafc 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Backend/PDO.php @@ -10,7 +10,7 @@ use Sabre\DAV\Locks\LockInfo; * This Lock Manager stores all its data in a database. You must pass a PDO * connection object in the constructor. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php index f7178a819..d3588ac10 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/LockInfo.php @@ -8,7 +8,7 @@ namespace Sabre\DAV\Locks; * An object of the LockInfo class holds all the information relevant to a * single lock. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php index ece363e1b..34e1b53f9 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Locks/Plugin.php @@ -14,7 +14,7 @@ use Sabre\DAV; * $lockPlugin = new Sabre\DAV\Locks\Plugin($lockBackend); * $server->addPlugin($lockPlugin); * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -621,10 +621,17 @@ class Plugin extends DAV\ServerPlugin { */ protected function parseLockRequest($body) { + // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or + // 5.4.13. + $previous = libxml_disable_entity_loader(true); + + $xml = simplexml_load_string( DAV\XMLUtil::convertDAVNamespace($body), null, LIBXML_NOWARNING); + libxml_disable_entity_loader($previous); + $xml->registerXPathNamespace('d','urn:DAV'); $lockInfo = new LockInfo(); -- cgit v1.2.3