diff options
author | ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org> | 2022-02-25 20:23:41 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-25 20:23:41 +0300 |
commit | b4131010bd2905bf949cac8eea5d64c7f8b6a89b (patch) | |
tree | 621387e004d5b4f4060d0090588735f88c3c5b81 | |
parent | 03df13ac34d2f5a148146aa4ebe6bce177c6ac4d (diff) |
Remove ozh/phpass and use on password_* functions (#3232)
Fixes #3231
-rw-r--r-- | composer.json | 1 | ||||
-rw-r--r-- | composer.lock | 55 | ||||
-rw-r--r-- | includes/functions-auth.php | 65 | ||||
-rw-r--r-- | includes/vendor/composer/ClassLoader.php | 123 | ||||
-rw-r--r-- | includes/vendor/composer/InstalledVersions.php | 747 | ||||
-rw-r--r-- | includes/vendor/composer/autoload_namespaces.php | 1 | ||||
-rw-r--r-- | includes/vendor/composer/autoload_real.php | 9 | ||||
-rw-r--r-- | includes/vendor/composer/autoload_static.php | 4 | ||||
-rw-r--r-- | includes/vendor/composer/installed.json | 50 | ||||
-rw-r--r-- | includes/vendor/composer/installed.php | 322 | ||||
-rw-r--r-- | includes/vendor/ozh/phpass/README.md | 55 | ||||
-rw-r--r-- | includes/vendor/ozh/phpass/src/Ozh/Phpass/PasswordHash.php | 333 | ||||
-rw-r--r-- | tests/data/config/yourls-tests-config-ci.php | 6 | ||||
-rw-r--r-- | tests/data/config/yourls-tests-config-sample.php | 6 |
14 files changed, 622 insertions, 1155 deletions
diff --git a/composer.json b/composer.json index 21ea8b3e..41898271 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,6 @@ "php": ">=7.4", "ext-pdo": "*", "ozh/bookmarkletgen": "^1.2", - "ozh/phpass": "^1.3", "rmccue/requests" : "^2.0", "pomo/pomo" : "^1.4", "geoip2/geoip2" : "^2.10", diff --git a/composer.lock b/composer.lock index 15cc204d..54d2fff5 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "92135ab5ee4b8b25e604da09216bd7b7", + "content-hash": "0c97edf54011e45987134a05ae1f2971", "packages": [ { "name": "aura/sql", @@ -395,57 +395,6 @@ "time": "2017-05-18T12:46:21+00:00" }, { - "name": "ozh/phpass", - "version": "1.3.0", - "source": { - "type": "git", - "url": "https://github.com/ozh/phpass.git", - "reference": "44149d1ee06ccbda397f08f69d32c59802e4ce43" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/ozh/phpass/zipball/44149d1ee06ccbda397f08f69d32c59802e4ce43", - "reference": "44149d1ee06ccbda397f08f69d32c59802e4ce43", - "shasum": "" - }, - "require": { - "php": ">=5.6" - }, - "require-dev": { - "phpunit/phpunit": ">=4.0" - }, - "type": "library", - "autoload": { - "psr-0": { - "Ozh\\Phpass\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Public Domain" - ], - "authors": [ - { - "name": "Solar Designer", - "email": "solar@openwall.com", - "homepage": "http://openwall.com/phpass/" - } - ], - "description": "Portable PHP password hashing framework", - "homepage": "http://github.com/ozh/phpass/", - "keywords": [ - "blowfish", - "crypt", - "password", - "security" - ], - "support": { - "issues": "https://github.com/ozh/phpass/issues", - "source": "https://github.com/ozh/phpass/tree/1.3.0" - }, - "time": "2020-03-29T10:39:31+00:00" - }, - { "name": "pomo/pomo", "version": "v1.4.1", "source": { @@ -1043,5 +992,5 @@ "platform-overrides": { "php": "7.4.0" }, - "plugin-api-version": "2.2.0" + "plugin-api-version": "2.0.0" } diff --git a/includes/functions-auth.php b/includes/functions-auth.php index 44630e84..651b8962 100644 --- a/includes/functions-auth.php +++ b/includes/functions-auth.php @@ -148,7 +148,7 @@ function yourls_check_password_hash( $user, $submitted_password ) { return false; if ( yourls_has_phpass_password( $user ) ) { - // Stored password is hashed with phpass + // Stored password is hashed list( , $hash ) = explode( ':', $yourls_user_passwords[ $user ] ); $hash = str_replace( '!', '$', $hash ); return ( yourls_phpass_check( $submitted_password, $hash ) ); @@ -163,11 +163,11 @@ function yourls_check_password_hash( $user, $submitted_password ) { } /** - * Overwrite plaintext passwords in config file with phpassed versions. + * Overwrite plaintext passwords in config file with hashed versions. * * @since 1.7 * @param string $config_file Full path to file - * @return true if overwrite was successful, an error message otherwise + * @return true|string if overwrite was successful, an error message otherwise */ function yourls_hash_passwords_now( $config_file ) { if( !is_readable( $config_file ) ) @@ -176,6 +176,7 @@ function yourls_hash_passwords_now( $config_file ) { if( !is_writable( $config_file ) ) return 'cannot write file'; + $yourls_user_passwords = []; // Include file to read value of $yourls_user_passwords // Temporary suppress error reporting to avoid notices about redeclared constants $errlevel = error_reporting(); @@ -221,48 +222,43 @@ function yourls_hash_passwords_now( $config_file ) { } /** - * Hash a password using phpass + * Create a password hash * * @since 1.7 * @param string $password password to hash * @return string hashed password */ function yourls_phpass_hash( $password ) { - $hasher = yourls_phpass_instance(); - return $hasher->HashPassword( $password ); + /** + * Filter for hashing algorithm. See https://www.php.net/manual/en/function.password-hash.php + * Hashing algos are available if PHP was compiled with it. + * PASSWORD_BCRYPT is always available. + */ + $algo = yourls_apply_filter('hash_algo', PASSWORD_BCRYPT); + + /** + * Filter for hashing options. See https://www.php.net/manual/en/function.password-hash.php + * A typical option for PASSWORD_BCRYPT would be ['cost' => <int in range 4-31> ] + * We're leaving the options at default values, which means a cost of 10 for PASSWORD_BCRYPT. + * + * If willing to modify this, be warned about the computing time, as there is a 2^n factor. + * See https://gist.github.com/ozh/65a75392b7cb254131cc55afd28de99b for examples. + */ + $options = yourls_apply_filter('hash_options', [] ); + + return password_hash($password, $algo, $options); } /** - * Check a clear password against a phpass hash + * Verify that a password matches a hash * * @since 1.7 * @param string $password clear (eg submitted in a form) password - * @param string $hash hash supposedly generated by phpass - * @return bool true if the hash matches the password once hashed by phpass, false otherwise + * @param string $hash hash + * @return bool true if the hash matches the password, false otherwise */ function yourls_phpass_check( $password, $hash ) { - $hasher = yourls_phpass_instance(); - return $hasher->CheckPassword( $password, $hash ); -} - -/** - * Helper function: create new instance or return existing instance of phpass class - * - * @since 1.7 - * @param int $iteration iteration count - 8 is default in phpass - * @param bool $portable flag to force portable (cross platform and system independant) hashes - false to use whatever the system can do best - * @return object a PasswordHash instance - */ -function yourls_phpass_instance( $iteration = 8, $portable = false ) { - $iteration = yourls_apply_filter( 'phpass_new_instance_iteration', $iteration ); - $portable = yourls_apply_filter( 'phpass_new_instance_portable', $portable ); - - static $instance = false; - if( $instance == false ) { - $instance = new \Ozh\Phpass\PasswordHash( $iteration, $portable ); - } - - return $instance; + return password_verify($password, $hash); } @@ -283,7 +279,7 @@ function yourls_has_cleartext_passwords() { } /** - * Check if a user has a hashed password + * Check if a user has a md5 hashed password * * Check if a user password is 'md5:[38 chars]'. * TODO: deprecate this when/if we have proper user management with password hashes stored in the DB @@ -301,14 +297,15 @@ function yourls_has_md5_password( $user ) { } /** - * Check if a user's password is hashed with PHPASS. + * Check if a user's password is hashed with password_hash * * Check if a user password is 'phpass:[lots of chars]'. + * (For historical reason we're using 'phpass' as an identifier.) * TODO: deprecate this when/if we have proper user management with password hashes stored in the DB * * @since 1.7 * @param string $user user login - * @return bool true if password hashed with PHPASS, otherwise false + * @return bool true if password hashed with password_hash, otherwise false */ function yourls_has_phpass_password( $user ) { global $yourls_user_passwords; diff --git a/includes/vendor/composer/ClassLoader.php b/includes/vendor/composer/ClassLoader.php index afef3fa2..4d989a21 100644 --- a/includes/vendor/composer/ClassLoader.php +++ b/includes/vendor/composer/ClassLoader.php @@ -42,75 +42,30 @@ namespace Composer\Autoload; */ class ClassLoader { - /** @var ?string */ private $vendorDir; // PSR-4 - /** - * @var array[] - * @psalm-var array<string, array<string, int>> - */ private $prefixLengthsPsr4 = array(); - /** - * @var array[] - * @psalm-var array<string, array<int, string>> - */ private $prefixDirsPsr4 = array(); - /** - * @var array[] - * @psalm-var array<string, string> - */ private $fallbackDirsPsr4 = array(); // PSR-0 - /** - * @var array[] - * @psalm-var array<string, array<string, string[]>> - */ private $prefixesPsr0 = array(); - /** - * @var array[] - * @psalm-var array<string, string> - */ private $fallbackDirsPsr0 = array(); - /** @var bool */ private $useIncludePath = false; - - /** - * @var string[] - * @psalm-var array<string, string> - */ private $classMap = array(); - - /** @var bool */ private $classMapAuthoritative = false; - - /** - * @var bool[] - * @psalm-var array<string, bool> - */ private $missingClasses = array(); - - /** @var ?string */ private $apcuPrefix; - /** - * @var self[] - */ private static $registeredLoaders = array(); - /** - * @param ?string $vendorDir - */ public function __construct($vendorDir = null) { $this->vendorDir = $vendorDir; } - /** - * @return string[] - */ public function getPrefixes() { if (!empty($this->prefixesPsr0)) { @@ -120,47 +75,28 @@ class ClassLoader return array(); } - /** - * @return array[] - * @psalm-return array<string, array<int, string>> - */ public function getPrefixesPsr4() { return $this->prefixDirsPsr4; } - /** - * @return array[] - * @psalm-return array<string, string> - */ public function getFallbackDirs() { return $this->fallbackDirsPsr0; } - /** - * @return array[] - * @psalm-return array<string, string> - */ public function getFallbackDirsPsr4() { return $this->fallbackDirsPsr4; } - /** - * @return string[] Array of classname => path - * @psalm-return array<string, string> - */ public function getClassMap() { return $this->classMap; } /** - * @param string[] $classMap Class to filename map - * @psalm-param array<string, string> $classMap - * - * @return void + * @param array $classMap Class to filename map */ public function addClassMap(array $classMap) { @@ -175,11 +111,9 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, either * appending or prepending to the ones previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 root directories - * @param bool $prepend Whether to prepend the directories - * - * @return void + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories */ public function add($prefix, $paths, $prepend = false) { @@ -222,13 +156,11 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, either * appending or prepending to the ones previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories - * @param bool $prepend Whether to prepend the directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories * * @throws \InvalidArgumentException - * - * @return void */ public function addPsr4($prefix, $paths, $prepend = false) { @@ -272,10 +204,8 @@ class ClassLoader * Registers a set of PSR-0 directories for a given prefix, * replacing any others previously set for this prefix. * - * @param string $prefix The prefix - * @param string[]|string $paths The PSR-0 base directories - * - * @return void + * @param string $prefix The prefix + * @param array|string $paths The PSR-0 base directories */ public function set($prefix, $paths) { @@ -290,12 +220,10 @@ class ClassLoader * Registers a set of PSR-4 directories for a given namespace, * replacing any others previously set for this namespace. * - * @param string $prefix The prefix/namespace, with trailing '\\' - * @param string[]|string $paths The PSR-4 base directories + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param array|string $paths The PSR-4 base directories * * @throws \InvalidArgumentException - * - * @return void */ public function setPsr4($prefix, $paths) { @@ -315,8 +243,6 @@ class ClassLoader * Turns on searching the include path for class files. * * @param bool $useIncludePath - * - * @return void */ public function setUseIncludePath($useIncludePath) { @@ -339,8 +265,6 @@ class ClassLoader * that have not been registered with the class map. * * @param bool $classMapAuthoritative - * - * @return void */ public function setClassMapAuthoritative($classMapAuthoritative) { @@ -361,8 +285,6 @@ class ClassLoader * APCu prefix to use to cache found/not-found classes, if the extension is enabled. * * @param string|null $apcuPrefix - * - * @return void */ public function setApcuPrefix($apcuPrefix) { @@ -383,18 +305,14 @@ class ClassLoader * Registers this instance as an autoloader. * * @param bool $prepend Whether to prepend the autoloader or not - * - * @return void */ public function register($prepend = false) { spl_autoload_register(array($this, 'loadClass'), true, $prepend); if (null === $this->vendorDir) { - return; - } - - if ($prepend) { + //no-op + } elseif ($prepend) { self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; } else { unset(self::$registeredLoaders[$this->vendorDir]); @@ -404,8 +322,6 @@ class ClassLoader /** * Unregisters this instance as an autoloader. - * - * @return void */ public function unregister() { @@ -420,7 +336,7 @@ class ClassLoader * Loads the given class or interface. * * @param string $class The name of the class - * @return true|null True if loaded, null otherwise + * @return bool|null True if loaded, null otherwise */ public function loadClass($class) { @@ -429,8 +345,6 @@ class ClassLoader return true; } - - return null; } /** @@ -485,11 +399,6 @@ class ClassLoader return self::$registeredLoaders; } - /** - * @param string $class - * @param string $ext - * @return string|false - */ private function findFileWithExtension($class, $ext) { // PSR-4 lookup @@ -561,10 +470,6 @@ class ClassLoader * Scope isolated include. * * Prevents access to $this/self from included files. - * - * @param string $file - * @return void - * @private */ function includeFile($file) { diff --git a/includes/vendor/composer/InstalledVersions.php b/includes/vendor/composer/InstalledVersions.php index d50e0c9f..2ff5f207 100644 --- a/includes/vendor/composer/InstalledVersions.php +++ b/includes/vendor/composer/InstalledVersions.php @@ -1,350 +1,419 @@ <?php -/* - * This file is part of Composer. - * - * (c) Nils Adermann <naderman@naderman.de> - * Jordi Boggiano <j.boggiano@seld.be> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ + + + + + + + + + namespace Composer; use Composer\Autoload\ClassLoader; use Composer\Semver\VersionParser; -/** - * This class is copied in every Composer installed project and available to all - * - * See also https://getcomposer.org/doc/07-runtime.md#installed-versions - * - * To require its presence, you can require `composer-runtime-api ^2.0` - */ + + + + + class InstalledVersions { - /** - * @var mixed[]|null - * @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}|array{}|null - */ - private static $installed; - - /** - * @var bool|null - */ - private static $canGetVendors; - - /** - * @var array[] - * @psalm-var array<string, array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}> - */ - private static $installedByVendor = array(); - - /** - * Returns a list of all package names which are present, either by being installed, replaced or provided - * - * @return string[] - * @psalm-return list<string> - */ - public static function getInstalledPackages() - { - $packages = array(); - foreach (self::getInstalled() as $installed) { - $packages[] = array_keys($installed['versions']); - } - - if (1 === \count($packages)) { - return $packages[0]; - } - - return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); - } - - /** - * Returns a list of all package names with a specific type e.g. 'library' - * - * @param string $type - * @return string[] - * @psalm-return list<string> - */ - public static function getInstalledPackagesByType($type) - { - $packagesByType = array(); - - foreach (self::getInstalled() as $installed) { - foreach ($installed['versions'] as $name => $package) { - if (isset($package['type']) && $package['type'] === $type) { - $packagesByType[] = $name; - } - } - } - - return $packagesByType; - } - - /** - * Checks whether the given package is installed - * - * This also returns true if the package name is provided or replaced by another package - * - * @param string $packageName - * @param bool $includeDevRequirements - * @return bool - */ - public static function isInstalled($packageName, $includeDevRequirements = true) - { - foreach (self::getInstalled() as $installed) { - if (isset($installed['versions'][$packageName])) { - return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']); - } - } - - return false; - } - - /** - * Checks whether the given package satisfies a version constraint - * - * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: - * - * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') - * - * @param VersionParser $parser Install composer/semver to have access to this class and functionality - * @param string $packageName - * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package - * @return bool - */ - public static function satisfies(VersionParser $parser, $packageName, $constraint) - { - $constraint = $parser->parseConstraints($constraint); - $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); - - return $provided->matches($constraint); - } - - /** - * Returns a version constraint representing all the range(s) which are installed for a given package - * - * It is easier to use this via isInstalled() with the $constraint argument if you need to check - * whether a given version of a package is installed, and not just whether it exists - * - * @param string $packageName - * @return string Version constraint usable with composer/semver - */ - public static function getVersionRanges($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - $ranges = array(); - if (isset($installed['versions'][$packageName]['pretty_version'])) { - $ranges[] = $installed['versions'][$packageName]['pretty_version']; - } - if (array_key_exists('aliases', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); - } - if (array_key_exists('replaced', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); - } - if (array_key_exists('provided', $installed['versions'][$packageName])) { - $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); - } - - return implode(' || ', $ranges); - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present - */ - public static function getVersion($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['version'])) { - return null; - } - - return $installed['versions'][$packageName]['version']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present - */ - public static function getPrettyVersion($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['pretty_version'])) { - return null; - } - - return $installed['versions'][$packageName]['pretty_version']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference - */ - public static function getReference($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - if (!isset($installed['versions'][$packageName]['reference'])) { - return null; - } - - return $installed['versions'][$packageName]['reference']; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @param string $packageName - * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. - */ - public static function getInstallPath($packageName) - { - foreach (self::getInstalled() as $installed) { - if (!isset($installed['versions'][$packageName])) { - continue; - } - - return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; - } - - throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); - } - - /** - * @return array - * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string} - */ - public static function getRootPackage() - { - $installed = self::getInstalled(); - - return $installed[0]['root']; - } - - /** - * Returns the raw installed.php data for custom implementations - * - * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. - * @return array[] - * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} - */ - public static function getRawData() - { - @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); - - if (null === self::$installed) { - // only require the installed.php file if this file is loaded from its dumped location, - // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 - if (substr(__DIR__, -8, 1) !== 'C') { - self::$installed = include __DIR__ . '/installed.php'; - } else { - self::$installed = array(); - } - } - - return self::$installed; - } - - /** - * Returns the raw data of all installed.php which are currently loaded for custom implementations - * - * @return array[] - * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}> - */ - public static function getAllRawData() - { - return self::getInstalled(); - } - - /** - * Lets you reload the static array from another file - * - * This is only useful for complex integrations in which a project needs to use - * this class but then also needs to execute another project's autoloader in process, - * and wants to ensure both projects have access to their version of installed.php. - * - * A typical case would be PHPUnit, where it would need to make sure it reads all - * the data it needs from this class, then call reload() with - * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure - * the project in which it runs can then also use this class safely, without - * interference between PHPUnit's dependencies and the project's dependencies. - * - * @param array[] $data A vendor/composer/installed.php data set - * @return void - * - * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} $data - */ - public static function reload($data) - { - self::$installed = $data; - self::$installedByVendor = array(); - } - - /** - * @return array[] - * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}> - */ - private static function getInstalled() - { - if (null === self::$canGetVendors) { - self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); - } - - $installed = array(); - - if (self::$canGetVendors) { - foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { - if (isset(self::$installedByVendor[$vendorDir])) { - $installed[] = self::$installedByVendor[$vendorDir]; - } elseif (is_file($vendorDir.'/composer/installed.php')) { - $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; - if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { - self::$installed = $installed[count($installed) - 1]; - } - } - } - } - - if (null === self::$installed) { - // only require the installed.php file if this file is loaded from its dumped location, - // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 - if (substr(__DIR__, -8, 1) !== 'C') { - self::$installed = require __DIR__ . '/installed.php'; - } else { - self::$installed = array(); - } - } - $installed[] = self::$installed; - - return $installed; - } +private static $installed = array ( + 'root' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '03df13ac34d2f5a148146aa4ebe6bce177c6ac4d', + 'name' => 'yourls/yourls', + ), + 'versions' => + array ( + 'aura/sql' => + array ( + 'pretty_version' => '3.0.0', + 'version' => '3.0.0.0', + 'aliases' => + array ( + ), + 'reference' => '2be02d5dfd9fdee6df199de1a19572aa490bb744', + ), + 'composer/ca-bundle' => + array ( + 'pretty_version' => '1.3.1', + 'version' => '1.3.1.0', + 'aliases' => + array ( + ), + 'reference' => '4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b', + ), + 'geoip2/geoip2' => + array ( + 'pretty_version' => 'v2.12.2', + 'version' => '2.12.2.0', + 'aliases' => + array ( + ), + 'reference' => '83adb44ac4b9553d36b579a14673ed124583082f', + ), + 'jakeasmith/http_build_url' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '93c273e77cb1edead0cf8bcf8cd2003428e74e37', + ), + 'maxmind-db/reader' => + array ( + 'pretty_version' => 'v1.11.0', + 'version' => '1.11.0.0', + 'aliases' => + array ( + ), + 'reference' => 'b1f3c0699525336d09cc5161a2861268d9f2ae5b', + ), + 'maxmind/web-service-common' => + array ( + 'pretty_version' => 'v0.8.1', + 'version' => '0.8.1.0', + 'aliases' => + array ( + ), + 'reference' => '32f274051c543fc865e5a84d3a2c703913641ea8', + ), + 'ozh/bookmarkletgen' => + array ( + 'pretty_version' => '1.2', + 'version' => '1.2.0.0', + 'aliases' => + array ( + ), + 'reference' => '3319b53c493a1474a03d1cc4e087617652284c20', + ), + 'pomo/pomo' => + array ( + 'pretty_version' => 'v1.4.1', + 'version' => '1.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '1594bd1f90c89a45ffc3da2ee6d5d582bfac7542', + ), + 'psr/log' => + array ( + 'pretty_version' => '1.1.4', + 'version' => '1.1.4.0', + 'aliases' => + array ( + ), + 'reference' => 'd49695b909c3b7628b6289db5479a1c204601f11', + ), + 'rmccue/requests' => + array ( + 'pretty_version' => 'v2.0.1', + 'version' => '2.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '294ec523096241433ffea3fcf3127d16b1b7af4c', + ), + 'spatie/array-to-xml' => + array ( + 'pretty_version' => '2.16.0', + 'version' => '2.16.0.0', + 'aliases' => + array ( + ), + 'reference' => 'db39308c5236b69b89cadc3f44f191704814eae2', + ), + 'symfony/polyfill-intl-idn' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '749045c69efb97c70d25d7463abba812e91f3a44', + ), + 'symfony/polyfill-intl-normalizer' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '8590a5f561694770bdcd3f9b5c69dde6945028e8', + ), + 'symfony/polyfill-mbstring' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825', + ), + 'symfony/polyfill-php72' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '9a142215a36a3888e30d0a9eeea9766764e96976', + ), + 'yourls/yourls' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '03df13ac34d2f5a148146aa4ebe6bce177c6ac4d', + ), + ), +); +private static $canGetVendors; +private static $installedByVendor = array(); + + + + + + + +public static function getInstalledPackages() +{ +$packages = array(); +foreach (self::getInstalled() as $installed) { +$packages[] = array_keys($installed['versions']); +} + + +if (1 === \count($packages)) { +return $packages[0]; +} + +return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); +} + + + + + + + + + +public static function isInstalled($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (isset($installed['versions'][$packageName])) { +return true; +} +} + +return false; +} + + + + + + + + + + + + + + +public static function satisfies(VersionParser $parser, $packageName, $constraint) +{ +$constraint = $parser->parseConstraints($constraint); +$provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + +return $provided->matches($constraint); +} + + + + + + + + + + +public static function getVersionRanges($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +$ranges = array(); +if (isset($installed['versions'][$packageName]['pretty_version'])) { +$ranges[] = $installed['versions'][$packageName]['pretty_version']; +} +if (array_key_exists('aliases', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); +} +if (array_key_exists('replaced', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); +} +if (array_key_exists('provided', $installed['versions'][$packageName])) { +$ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); +} + +return implode(' || ', $ranges); +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['version'])) { +return null; +} + +return $installed['versions'][$packageName]['version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getPrettyVersion($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['pretty_version'])) { +return null; +} + +return $installed['versions'][$packageName]['pretty_version']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getReference($packageName) +{ +foreach (self::getInstalled() as $installed) { +if (!isset($installed['versions'][$packageName])) { +continue; +} + +if (!isset($installed['versions'][$packageName]['reference'])) { +return null; +} + +return $installed['versions'][$packageName]['reference']; +} + +throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); +} + + + + + +public static function getRootPackage() +{ +$installed = self::getInstalled(); + +return $installed[0]['root']; +} + + + + + + + +public static function getRawData() +{ +return self::$installed; +} + + + + + + + + + + + + + + + + + + + +public static function reload($data) +{ +self::$installed = $data; +self::$installedByVendor = array(); +} + + + + +private static function getInstalled() +{ +if (null === self::$canGetVendors) { +self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); +} + +$installed = array(); + +if (self::$canGetVendors) { + +foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { +if (isset(self::$installedByVendor[$vendorDir])) { +$installed[] = self::$installedByVendor[$vendorDir]; +} elseif (is_file($vendorDir.'/composer/installed.php')) { +$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php'; +} +} +} + +$installed[] = self::$installed; + +return $installed; +} } diff --git a/includes/vendor/composer/autoload_namespaces.php b/includes/vendor/composer/autoload_namespaces.php index 2e8e6b42..9baf5379 100644 --- a/includes/vendor/composer/autoload_namespaces.php +++ b/includes/vendor/composer/autoload_namespaces.php @@ -6,6 +6,5 @@ $vendorDir = dirname(dirname(__FILE__)); $baseDir = dirname(dirname($vendorDir)); return array( - 'Ozh\\Phpass\\' => array($vendorDir . '/ozh/phpass/src'), 'Ozh\\Bookmarkletgen\\' => array($vendorDir . '/ozh/bookmarkletgen/src'), ); diff --git a/includes/vendor/composer/autoload_real.php b/includes/vendor/composer/autoload_real.php index 906ecb23..50a2b3a2 100644 --- a/includes/vendor/composer/autoload_real.php +++ b/includes/vendor/composer/autoload_real.php @@ -65,16 +65,11 @@ class ComposerAutoloaderInit2d6d15a8f6cc4bfbfd4a2943a6c4df59 } } -/** - * @param string $fileIdentifier - * @param string $file - * @return void - */ function composerRequire2d6d15a8f6cc4bfbfd4a2943a6c4df59($fileIdentifier, $file) { if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { - $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; - require $file; + + $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; } } diff --git a/includes/vendor/composer/autoload_static.php b/includes/vendor/composer/autoload_static.php index 099b9882..acd7aa55 100644 --- a/includes/vendor/composer/autoload_static.php +++ b/includes/vendor/composer/autoload_static.php @@ -123,10 +123,6 @@ class ComposerStaticInit2d6d15a8f6cc4bfbfd4a2943a6c4df59 public static $prefixesPsr0 = array ( 'O' => array ( - 'Ozh\\Phpass\\' => - array ( - 0 => __DIR__ . '/..' . '/ozh/phpass/src', - ), 'Ozh\\Bookmarkletgen\\' => array ( 0 => __DIR__ . '/..' . '/ozh/bookmarkletgen/src', diff --git a/includes/vendor/composer/installed.json b/includes/vendor/composer/installed.json index ca551be4..2d142ad3 100644 --- a/includes/vendor/composer/installed.json +++ b/includes/vendor/composer/installed.json @@ -402,56 +402,6 @@ "install-path": "../ozh/bookmarkletgen" }, { - "name": "ozh/phpass", - "version": "1.3.0", - "version_normalized": "1.3.0.0", - "source": { - "type": "git", - "url": "https://github.com/ozh/phpass.git", - "reference": "44149d1ee06ccbda397f08f69d32c59802e4ce43" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/ozh/phpass/zipball/44149d1ee06ccbda397f08f69d32c59802e4ce43", - "reference": "44149d1ee06ccbda397f08f69d32c59802e4ce43", - "shasum": "" - }, - "require": { - "php": ">=5.6" - }, - "require-dev": { - "phpunit/phpunit": ">=4.0" - }, - "time": "2020-03-29T10:39:31+00:00", - "type": "library", - "installation-source": "dist", - "autoload": { - "psr-0": { - "Ozh\\Phpass\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Public Domain" - ], - "authors": [ - { - "name": "Solar Designer", - "email": "solar@openwall.com", - "homepage": "http://openwall.com/phpass/" - } - ], - "description": "Portable PHP password hashing framework", - "homepage": "http://github.com/ozh/phpass/", - "keywords": [ - "blowfish", - "crypt", - "password", - "security" - ], - "install-path": "../ozh/phpass" - }, - { "name": "pomo/pomo", "version": "v1.4.1", "version_normalized": "1.4.1.0", diff --git a/includes/vendor/composer/installed.php b/includes/vendor/composer/installed.php index 3518b18c..8118e7fc 100644 --- a/includes/vendor/composer/installed.php +++ b/includes/vendor/composer/installed.php @@ -1,167 +1,159 @@ -<?php return array( - 'root' => array( - 'pretty_version' => 'dev-master', - 'version' => 'dev-master', - 'type' => 'project', - 'install_path' => __DIR__ . '/../../../', - 'aliases' => array(), - 'reference' => 'e6179ac229ba18e77daaeb73d0379acc59aa2506', - 'name' => 'yourls/yourls', - 'dev' => true, - ), - 'versions' => array( - 'aura/sql' => array( - 'pretty_version' => '3.0.0', - 'version' => '3.0.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../aura/sql', - 'aliases' => array(), - 'reference' => '2be02d5dfd9fdee6df199de1a19572aa490bb744', - 'dev_requirement' => false, - ), - 'composer/ca-bundle' => array( - 'pretty_version' => '1.3.1', - 'version' => '1.3.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/./ca-bundle', - 'aliases' => array(), - 'reference' => '4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b', - 'dev_requirement' => false, - ), - 'geoip2/geoip2' => array( - 'pretty_version' => 'v2.12.2', - 'version' => '2.12.2.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../geoip2/geoip2', - 'aliases' => array(), - 'reference' => '83adb44ac4b9553d36b579a14673ed124583082f', - 'dev_requirement' => false, - ), - 'jakeasmith/http_build_url' => array( - 'pretty_version' => '1.0.1', - 'version' => '1.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../jakeasmith/http_build_url', - 'aliases' => array(), - 'reference' => '93c273e77cb1edead0cf8bcf8cd2003428e74e37', - 'dev_requirement' => false, - ), - 'maxmind-db/reader' => array( - 'pretty_version' => 'v1.11.0', - 'version' => '1.11.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../maxmind-db/reader', - 'aliases' => array(), - 'reference' => 'b1f3c0699525336d09cc5161a2861268d9f2ae5b', - 'dev_requirement' => false, - ), - 'maxmind/web-service-common' => array( - 'pretty_version' => 'v0.8.1', - 'version' => '0.8.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../maxmind/web-service-common', - 'aliases' => array(), - 'reference' => '32f274051c543fc865e5a84d3a2c703913641ea8', - 'dev_requirement' => false, - ), - 'ozh/bookmarkletgen' => array( - 'pretty_version' => '1.2', - 'version' => '1.2.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../ozh/bookmarkletgen', - 'aliases' => array(), - 'reference' => '3319b53c493a1474a03d1cc4e087617652284c20', - 'dev_requirement' => false, - ), - 'ozh/phpass' => array( - 'pretty_version' => '1.3.0', - 'version' => '1.3.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../ozh/phpass', - 'aliases' => array(), - 'reference' => '44149d1ee06ccbda397f08f69d32c59802e4ce43', - 'dev_requirement' => false, - ), - 'pomo/pomo' => array( - 'pretty_version' => 'v1.4.1', - 'version' => '1.4.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../pomo/pomo', - 'aliases' => array(), - 'reference' => '1594bd1f90c89a45ffc3da2ee6d5d582bfac7542', - 'dev_requirement' => false, - ), - 'psr/log' => array( - 'pretty_version' => '1.1.4', - 'version' => '1.1.4.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../psr/log', - 'aliases' => array(), - 'reference' => 'd49695b909c3b7628b6289db5479a1c204601f11', - 'dev_requirement' => false, - ), - 'rmccue/requests' => array( - 'pretty_version' => 'v2.0.1', - 'version' => '2.0.1.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../rmccue/requests', - 'aliases' => array(), - 'reference' => '294ec523096241433ffea3fcf3127d16b1b7af4c', - 'dev_requirement' => false, - ), - 'spatie/array-to-xml' => array( - 'pretty_version' => '2.16.0', - 'version' => '2.16.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../spatie/array-to-xml', - 'aliases' => array(), - 'reference' => 'db39308c5236b69b89cadc3f44f191704814eae2', - 'dev_requirement' => false, - ), - 'symfony/polyfill-intl-idn' => array( - 'pretty_version' => 'v1.24.0', - 'version' => '1.24.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/polyfill-intl-idn', - 'aliases' => array(), - 'reference' => '749045c69efb97c70d25d7463abba812e91f3a44', - 'dev_requirement' => false, - ), - 'symfony/polyfill-intl-normalizer' => array( - 'pretty_version' => 'v1.24.0', - 'version' => '1.24.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/polyfill-intl-normalizer', - 'aliases' => array(), - 'reference' => '8590a5f561694770bdcd3f9b5c69dde6945028e8', - 'dev_requirement' => false, - ), - 'symfony/polyfill-mbstring' => array( - 'pretty_version' => 'v1.24.0', - 'version' => '1.24.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/polyfill-mbstring', - 'aliases' => array(), - 'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825', - 'dev_requirement' => false, - ), - 'symfony/polyfill-php72' => array( - 'pretty_version' => 'v1.24.0', - 'version' => '1.24.0.0', - 'type' => 'library', - 'install_path' => __DIR__ . '/../symfony/polyfill-php72', - 'aliases' => array(), - 'reference' => '9a142215a36a3888e30d0a9eeea9766764e96976', - 'dev_requirement' => false, - ), - 'yourls/yourls' => array( - 'pretty_version' => 'dev-master', - 'version' => 'dev-master', - 'type' => 'project', - 'install_path' => __DIR__ . '/../../../', - 'aliases' => array(), - 'reference' => 'e6179ac229ba18e77daaeb73d0379acc59aa2506', - 'dev_requirement' => false, - ), +<?php return array ( + 'root' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( ), + 'reference' => '03df13ac34d2f5a148146aa4ebe6bce177c6ac4d', + 'name' => 'yourls/yourls', + ), + 'versions' => + array ( + 'aura/sql' => + array ( + 'pretty_version' => '3.0.0', + 'version' => '3.0.0.0', + 'aliases' => + array ( + ), + 'reference' => '2be02d5dfd9fdee6df199de1a19572aa490bb744', + ), + 'composer/ca-bundle' => + array ( + 'pretty_version' => '1.3.1', + 'version' => '1.3.1.0', + 'aliases' => + array ( + ), + 'reference' => '4c679186f2aca4ab6a0f1b0b9cf9252decb44d0b', + ), + 'geoip2/geoip2' => + array ( + 'pretty_version' => 'v2.12.2', + 'version' => '2.12.2.0', + 'aliases' => + array ( + ), + 'reference' => '83adb44ac4b9553d36b579a14673ed124583082f', + ), + 'jakeasmith/http_build_url' => + array ( + 'pretty_version' => '1.0.1', + 'version' => '1.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '93c273e77cb1edead0cf8bcf8cd2003428e74e37', + ), + 'maxmind-db/reader' => + array ( + 'pretty_version' => 'v1.11.0', + 'version' => '1.11.0.0', + 'aliases' => + array ( + ), + 'reference' => 'b1f3c0699525336d09cc5161a2861268d9f2ae5b', + ), + 'maxmind/web-service-common' => + array ( + 'pretty_version' => 'v0.8.1', + 'version' => '0.8.1.0', + 'aliases' => + array ( + ), + 'reference' => '32f274051c543fc865e5a84d3a2c703913641ea8', + ), + 'ozh/bookmarkletgen' => + array ( + 'pretty_version' => '1.2', + 'version' => '1.2.0.0', + 'aliases' => + array ( + ), + 'reference' => '3319b53c493a1474a03d1cc4e087617652284c20', + ), + 'pomo/pomo' => + array ( + 'pretty_version' => 'v1.4.1', + 'version' => '1.4.1.0', + 'aliases' => + array ( + ), + 'reference' => '1594bd1f90c89a45ffc3da2ee6d5d582bfac7542', + ), + 'psr/log' => + array ( + 'pretty_version' => '1.1.4', + 'version' => '1.1.4.0', + 'aliases' => + array ( + ), + 'reference' => 'd49695b909c3b7628b6289db5479a1c204601f11', + ), + 'rmccue/requests' => + array ( + 'pretty_version' => 'v2.0.1', + 'version' => '2.0.1.0', + 'aliases' => + array ( + ), + 'reference' => '294ec523096241433ffea3fcf3127d16b1b7af4c', + ), + 'spatie/array-to-xml' => + array ( + 'pretty_version' => '2.16.0', + 'version' => '2.16.0.0', + 'aliases' => + array ( + ), + 'reference' => 'db39308c5236b69b89cadc3f44f191704814eae2', + ), + 'symfony/polyfill-intl-idn' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '749045c69efb97c70d25d7463abba812e91f3a44', + ), + 'symfony/polyfill-intl-normalizer' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '8590a5f561694770bdcd3f9b5c69dde6945028e8', + ), + 'symfony/polyfill-mbstring' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '0abb51d2f102e00a4eefcf46ba7fec406d245825', + ), + 'symfony/polyfill-php72' => + array ( + 'pretty_version' => 'v1.24.0', + 'version' => '1.24.0.0', + 'aliases' => + array ( + ), + 'reference' => '9a142215a36a3888e30d0a9eeea9766764e96976', + ), + 'yourls/yourls' => + array ( + 'pretty_version' => 'dev-master', + 'version' => 'dev-master', + 'aliases' => + array ( + ), + 'reference' => '03df13ac34d2f5a148146aa4ebe6bce177c6ac4d', + ), + ), ); diff --git a/includes/vendor/ozh/phpass/README.md b/includes/vendor/ozh/phpass/README.md deleted file mode 100644 index 89603713..00000000 --- a/includes/vendor/ozh/phpass/README.md +++ /dev/null @@ -1,55 +0,0 @@ -Openwall Phpass, modernized -=========================== - -[![Build Status](https://secure.travis-ci.org/ozh/phpass.png?branch=master)](http://travis-ci.org/ozh/phpass) - -This is Openwall's [Phpass](http://openwall.com/phpass/), based on the 0.5 release, but modernized slightly: - -- Namespaced -- Composer support (Autoloading) -- Unit Tested - -The modernization has been done by Hautelook, from whom I stole this library to originally repackage it for PHP 5.3 to 7.0 compatibility in a single file and branch (Hautelook's port consisting of two branches, one for PHP 5.3 to 5.5, and another one for 5.6+). - -Current version requires PHP 5.6+ - -## Installation ## - -Add this requirement to your `composer.json` file and run `composer install`: - - { - "require": { - "ozh/phpass": "1.3.0" - } - } - -## Usage ## - -The following example shows how to hash a password (to then store the hash in the database), and how to check whether a provided password is correct (hashes to the same value): - -``` php -<?php - -namespace Your\Namespace; - -use Ozh\Phpass\PasswordHash; - -require_once(__DIR__ . "/vendor/autoload.php"); // or require_once('path/to/src/Ozh/Phpass/PasswordHash.php'); - -$passwordHasher = new PasswordHash(8,false); - -// Encrypt -$password = $passwordHasher->HashPassword('secret'); -var_dump($password); - // Will output something like: - // '$2a$08$a6XFLs8SrjClF1szoDDkI.6gtWVb4//QnzUjkxlus83AKCNjuD8Ha' (length=60) - // '$2a$08$Qze1smZ//VAwHJ1t52zklOY/yLwlbKR6Ighf6B7uqGXdYVozTPEdG' (length=60) - // '$2a$08$u2uKfE9igO.Cz0SptWxlXeVi0CQglfl3FdRK3YpbGm1NfF1d.CFPm' (length=60) - -// Decrypt -var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$0RK6Yw6j9kSIXrrEOc3dwuDPQuT78HgR0S3/ghOFDEpOGpOkARoSu') ); - // true -var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$Qze1smZ//VAwHJ1t52zklOY/yLwlbKR6Ighf6B7uqGXdYVozTPEdG') ); - // true -var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$u2uKfE9igO.Cz0SptWxlXeVi0CQglfl3FdRK3YpbGm1NfF1d.CFPm') ); - // true diff --git a/includes/vendor/ozh/phpass/src/Ozh/Phpass/PasswordHash.php b/includes/vendor/ozh/phpass/src/Ozh/Phpass/PasswordHash.php deleted file mode 100644 index 16b03772..00000000 --- a/includes/vendor/ozh/phpass/src/Ozh/Phpass/PasswordHash.php +++ /dev/null @@ -1,333 +0,0 @@ -<?php - -namespace Ozh\Phpass; - -/** - * - * Portable PHP password hashing framework. - * - * Originally written by Solar Designer <solar at openwall.com> in 2004-2006 - * - * Modernized by Hautelook at https://github.com/hautelook/phpass - * - * Slightly repacked by Ozh to extend compatibility from PHP 5.3 to 7+ in a single file - * - * There's absolutely no warranty. - * - * The homepage URL for this framework is: - * - * http://www.openwall.com/phpass/ - * - * Please be sure to update the Version line if you edit this file in any way. - * It is suggested that you leave the main version number intact, but indicate - * your project name (after the slash) and add your own revision information. - * - * Please do not change the "private" password hashing method implemented in - * here, thereby making your hashes incompatible. However, if you must, please - * change the hash type identifier (the "$P$") to something different. - * - * Obviously, since this code is in the public domain, the above are not - * requirements (there can be none), but merely suggestions. - * - * @author Solar Designer <solar@openwall.com> - */ -class PasswordHash -{ - private $itoa64; - private $iteration_count_log2; - private $portable_hashes; - private $random_state; - - /** - * Constructor - * - * @param int $iteration_count_log2 - * @param boolean $portable_hashes - */ - public function __construct($iteration_count_log2, $portable_hashes) - { - $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - - if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) { - $iteration_count_log2 = 8; - } - $this->iteration_count_log2 = $iteration_count_log2; - - $this->portable_hashes = $portable_hashes; - - $this->random_state = microtime(); - if (function_exists('getmypid')) { - $this->random_state .= getmypid(); - } - } - - /** - * @param int $count - * @return String - */ - public function get_random_bytes($count) - { - $output = ''; - - // PHP 7+ - if (is_callable('random_bytes')) { - return random_bytes($count); - } - - if (@is_readable('/dev/urandom') && - ($fh = @fopen('/dev/urandom', 'rb'))) { - $output = fread($fh, $count); - fclose($fh); - } - - if (strlen($output) < $count) { - $output = ''; - for ($i = 0; $i < $count; $i += 16) { - $this->random_state = - md5(microtime() . $this->random_state); - $output .= md5($this->random_state, TRUE); - } - $output = substr($output, 0, $count); - } - - return $output; - } - - /** - * @param String $input - * @param int $count - * @return String - */ - public function encode64($input, $count) - { - $output = ''; - $i = 0; - do { - $value = ord($input[$i++]); - $output .= $this->itoa64[$value & 0x3f]; - if ($i < $count) { - $value |= ord($input[$i]) << 8; - } - $output .= $this->itoa64[($value >> 6) & 0x3f]; - if ($i++ >= $count) { - break; - } - if ($i < $count) { - $value |= ord($input[$i]) << 16; - } - $output .= $this->itoa64[($value >> 12) & 0x3f]; - if ($i++ >= $count) { - break; - } - $output .= $this->itoa64[($value >> 18) & 0x3f]; - } while ($i < $count); - - return $output; - } - - /** - * @param String $input - * @return String - */ - public function gensalt_private($input) - { - $output = '$P$'; - $output .= $this->itoa64[min($this->iteration_count_log2 + - ((PHP_VERSION >= '5') ? 5 : 3), 30)]; - $output .= $this->encode64($input, 6); - - return $output; - } - - /** - * @param String $password - * @param String $setting - * @return String - */ - public function crypt_private($password, $setting) - { - $output = '*0'; - if (substr($setting, 0, 2) === $output) { - $output = '*1'; - } - - $id = substr($setting, 0, 3); - # We use "$P$", phpBB3 uses "$H$" for the same thing - if ($id !== '$P$' && $id !== '$H$') { - return $output; - } - - $count_log2 = strpos($this->itoa64, $setting[3]); - if ($count_log2 < 7 || $count_log2 > 30) { - return $output; - } - - $count = 1 << $count_log2; - - $salt = substr($setting, 4, 8); - if (strlen($salt) != 8) { - return $output; - } - - // We're kind of forced to use MD5 here since it's the only - // cryptographic primitive available in all versions of PHP - // currently in use. To implement our own low-level crypto - // in PHP would result in much worse performance and - // consequently in lower iteration counts and hashes that are - // quicker to crack (by non-PHP code). - $hash = md5($salt . $password, TRUE); - do { - $hash = md5($hash . $password, TRUE); - } while (--$count); - - $output = substr($setting, 0, 12); - $output .= $this->encode64($hash, 16); - - return $output; - } - - /** - * @param String $input - * @return String - */ - public function gensalt_blowfish($input) - { - // This one needs to use a different order of characters and a - // different encoding scheme from the one in encode64() above. - // We care because the last character in our encoded string will - // only represent 2 bits. While two known implementations of - // bcrypt will happily accept and correct a salt string which - // has the 4 unused bits set to non-zero, we do not want to take - // chances and we also do not want to waste an additional byte - // of entropy. - $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; - - $output = '$2a$'; - $output .= chr(ord('0') + $this->iteration_count_log2 / 10); - $output .= chr(ord('0') + $this->iteration_count_log2 % 10); - $output .= '$'; - - $i = 0; - do { - $c1 = ord($input[$i++]); - $output .= $itoa64[$c1 >> 2]; - $c1 = ($c1 & 0x03) << 4; - if ($i >= 16) { - $output .= $itoa64[$c1]; - break; - } - - $c2 = ord($input[$i++]); - $c1 |= $c2 >> 4; - $output .= $itoa64[$c1]; - $c1 = ($c2 & 0x0f) << 2; - - $c2 = ord($input[$i++]); - $c1 |= $c2 >> 6; - $output .= $itoa64[$c1]; - $output .= $itoa64[$c2 & 0x3f]; - } while (1); - - return $output; - } - - /** - * @param String $password - */ - public function HashPassword($password) - { - $random = ''; - - if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { - $random = $this->get_random_bytes(16); - $hash = - crypt($password, $this->gensalt_blowfish($random)); - if (strlen($hash) == 60) { - return $hash; - } - } - - if (strlen($random) < 6) { - $random = $this->get_random_bytes(6); - } - - $hash = - $this->crypt_private($password, - $this->gensalt_private($random)); - if (strlen($hash) == 34) { - return $hash; - } - - // Returning '*' on error is safe here, but would _not_ be safe - // in a crypt(3)-like function used _both_ for generating new - // hashes and for validating passwords against existing hashes. - return '*'; - } - - /** - * @param String $password - * @param String $stored_hash - * @return boolean - */ - public function CheckPassword($password, $stored_hash) - { - $hash = $this->crypt_private($password, $stored_hash); - if ($hash[0] == '*') { - $hash = crypt($password, $stored_hash); - } - - return hash_equals($stored_hash, $hash); - } -} - - -/** - * hash_equals compatibility function - * - * @package CodeIgniter - * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) - * @license http://opensource.org/licenses/MIT MIT License - * @link https://codeigniter.com - * - * Source: https://github.com/bcit-ci/CodeIgniter/blob/3.1.4/system/core/compat/hash.php - * For PHP < 5.6 - */ -// @codeCoverageIgnoreStart -if ( ! function_exists('hash_equals')) -{ - /** - * hash_equals() - * - * @link http://php.net/hash_equals - * @param string $known_string - * @param string $user_string - * @return bool - */ - function hash_equals($known_string, $user_string) - { - if ( ! is_string($known_string)) - { - trigger_error('hash_equals(): Expected known_string to be a string, '.strtolower(gettype($known_string)).' given', E_USER_WARNING); - return FALSE; - } - elseif ( ! is_string($user_string)) - { - trigger_error('hash_equals(): Expected user_string to be a string, '.strtolower(gettype($user_string)).' given', E_USER_WARNING); - return FALSE; - } - elseif (($length = strlen($known_string)) !== strlen($user_string)) - { - return FALSE; - } - $diff = 0; - for ($i = 0; $i < $length; $i++) - { - $diff |= ord($known_string[$i]) ^ ord($user_string[$i]); - } - return ($diff === 0); - } -} -// @codeCoverageIgnoreEnd - diff --git a/tests/data/config/yourls-tests-config-ci.php b/tests/data/config/yourls-tests-config-ci.php index ef7ad7d7..30810f66 100644 --- a/tests/data/config/yourls-tests-config-ci.php +++ b/tests/data/config/yourls-tests-config-ci.php @@ -37,8 +37,10 @@ $yourls_user_passwords = array( 'yourls' => 'secret-ci-test', 'clear' => 'somepassword', 'md5' => 'md5:12373:e52e4488f79a740bd341f229e3c163c8', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with md5 and salt - 'phpass' => 'phpass:!2a!08!T1ptMlBSxu7g3odpbUXgd.9wbKvg8k7cJt.HbwSqUNrlLPudWnf/6', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with PHPass - 'phpass2' => 'phpass:$2a$08$gt2bnpfUyuCX3hrp0RPOieFR1RwBnLsMzpq/NvPXwCdV3LqI3RGYi', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' but without YOURLS internal char substitution + 'phpass' => 'phpass:!2a!08!T1ptMlBSxu7g3odpbUXgd.9wbKvg8k7cJt.HbwSqUNrlLPudWnf/6', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with old PHPass library + 'phpass2' => 'phpass:$2a$08$gt2bnpfUyuCX3hrp0RPOieFR1RwBnLsMzpq/NvPXwCdV3LqI3RGYi', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' with old PHPass lib but without YOURLS internal char substitution + 'phpass3' => 'phpass:!2y!10!.FjK.vQR0JVivkMwckiiIesFUFhtMxX/f9pes.i/ccp/W0IuUSxPW', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' hashed with password_hash + 'phpass4' => 'phpass:$2y$10$KPP/sv7pv0JL2GwcixNBfuXRPElC4KxQUgetqBfCboB.q30yKwKG6', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' hashed with password_hash but without YOURLS internal char substitution '1994' => '@$*', 'special' => 'lol .\+*?[^]$(){}=!<>|:-/', 'quote1' => '"ahah"', diff --git a/tests/data/config/yourls-tests-config-sample.php b/tests/data/config/yourls-tests-config-sample.php index b1eb7563..3d391a3a 100644 --- a/tests/data/config/yourls-tests-config-sample.php +++ b/tests/data/config/yourls-tests-config-sample.php @@ -39,8 +39,10 @@ $yourls_user_passwords = array( 'yourls' => 'secret-ci-test', 'clear' => 'somepassword', 'md5' => 'md5:12373:e52e4488f79a740bd341f229e3c163c8', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with md5 and salt - 'phpass' => 'phpass:!2a!08!T1ptMlBSxu7g3odpbUXgd.9wbKvg8k7cJt.HbwSqUNrlLPudWnf/6', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with PHPass - 'phpass2' => 'phpass:$2a$08$gt2bnpfUyuCX3hrp0RPOieFR1RwBnLsMzpq/NvPXwCdV3LqI3RGYi', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' but without YOURLS internal char substitution + 'phpass' => 'phpass:!2a!08!T1ptMlBSxu7g3odpbUXgd.9wbKvg8k7cJt.HbwSqUNrlLPudWnf/6', // password: '3cd6944201fa7bbc5e0fe852e36b1096' with old PHPass library + 'phpass2' => 'phpass:$2a$08$gt2bnpfUyuCX3hrp0RPOieFR1RwBnLsMzpq/NvPXwCdV3LqI3RGYi', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' with old PHPass lib but without YOURLS internal char substitution + 'phpass3' => 'phpass:!2y!10!.FjK.vQR0JVivkMwckiiIesFUFhtMxX/f9pes.i/ccp/W0IuUSxPW', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' hashed with password_hash + 'phpass4' => 'phpass:$2y$10$KPP/sv7pv0JL2GwcixNBfuXRPElC4KxQUgetqBfCboB.q30yKwKG6', // password: also '3cd6944201fa7bbc5e0fe852e36b1096' hashed with password_hash but without YOURLS internal char substitution '1994' => '@$*', 'special' => 'lol .\+*?[^]$(){}=!<>|:-/', 'quote1' => '"ahah"', |