diff options
author | Carl Schwan <carl@carlschwan.eu> | 2022-06-21 17:28:17 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-21 17:28:17 +0300 |
commit | 51389d254ec836d59e19681394e00027772616f9 (patch) | |
tree | ee64ec6186d141fc5a2024d09087136d09d94d86 | |
parent | eda7f53c14e153a31a8b70d752f43325025db098 (diff) | |
parent | 748e26a936c163a5195929147b9fa35da408ede3 (diff) |
Merge pull request #1072 from nextcloud/dependabot/composer/guzzlehttp/guzzle-7.4.4dependabot/composer/egulias/email-validator/guzzlehttp/guzzle-7.4.5
Bump guzzlehttp/guzzle from 7.4.0 to 7.4.4
-rw-r--r-- | README.md | 7 | ||||
-rw-r--r-- | composer.lock | 42 | ||||
-rw-r--r-- | composer/installed.json | 46 | ||||
-rw-r--r-- | composer/installed.php | 24 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/Cookie/CookieJar.php | 5 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/Cookie/SetCookie.php | 6 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/Exception/RequestException.php | 2 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php | 8 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/Handler/StreamHandler.php | 9 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/MessageFormatter.php | 2 | ||||
-rw-r--r-- | guzzlehttp/guzzle/src/RedirectMiddleware.php | 51 | ||||
-rw-r--r-- | guzzlehttp/guzzle/vendor-bin/php-cs-fixer/composer.json | 9 | ||||
-rw-r--r-- | guzzlehttp/guzzle/vendor-bin/phpstan/composer.json | 10 | ||||
-rw-r--r-- | guzzlehttp/guzzle/vendor-bin/psalm/composer.json | 9 | ||||
-rw-r--r-- | symfony/deprecation-contracts/LICENSE | 2 |
15 files changed, 130 insertions, 102 deletions
@@ -11,6 +11,7 @@ Some 3rd party libraries that are necessary to run Nextcloud. 3. Run `composer update thevendor/thelib` (replace accordingly) 4. Delete all installed dependencies with `rm -rf ./*/` 5. Run `composer install --no-dev` -6. Run `dump-autoload` -7. Commit all changes onto a new branch -8. You might need the following command for pushing if used as submodule: `git push git@github.com:nextcloud/3rdparty.git branchname` +5. Run `git clean -X -d -f` +7. Run `dump-autoload` +8. Commit all changes onto a new branch +9. You might need the following command for pushing if used as submodule: `git push git@github.com:nextcloud/3rdparty.git branchname` diff --git a/composer.lock b/composer.lock index 0e643768..28a6b4bd 100644 --- a/composer.lock +++ b/composer.lock @@ -1218,16 +1218,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.4.0", + "version": "7.4.4", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "868b3571a039f0ebc11ac8f344f4080babe2cb94" + "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/868b3571a039f0ebc11ac8f344f4080babe2cb94", - "reference": "868b3571a039f0ebc11ac8f344f4080babe2cb94", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", + "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "shasum": "" }, "require": { @@ -1236,7 +1236,7 @@ "guzzlehttp/psr7": "^1.8.3 || ^2.1", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", - "symfony/deprecation-contracts": "^2.2" + "symfony/deprecation-contracts": "^2.2 || ^3.0" }, "provide": { "psr/http-client-implementation": "1.0" @@ -1260,12 +1260,12 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -1322,7 +1322,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.0" + "source": "https://github.com/guzzle/guzzle/tree/7.4.4" }, "funding": [ { @@ -1338,7 +1338,7 @@ "type": "tidelift" } ], - "time": "2021-10-18T09:52:00+00:00" + "time": "2022-06-09T21:39:15+00:00" }, { "name": "guzzlehttp/promises", @@ -1367,12 +1367,12 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\Promise\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -4521,16 +4521,16 @@ }, { "name": "symfony/deprecation-contracts", - "version": "v2.5.0", + "version": "v2.5.1", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "6f981ee24cf69ee7ce9736146d1c57c2780598a8" + "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/6f981ee24cf69ee7ce9736146d1c57c2780598a8", - "reference": "6f981ee24cf69ee7ce9736146d1c57c2780598a8", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e8b495ea28c1d97b5e0c121748d6f9b53d075c66", + "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66", "shasum": "" }, "require": { @@ -4568,7 +4568,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.0" + "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.1" }, "funding": [ { @@ -4584,7 +4584,7 @@ "type": "tidelift" } ], - "time": "2021-07-12T14:48:14+00:00" + "time": "2022-01-02T09:53:40+00:00" }, { "name": "symfony/event-dispatcher", diff --git a/composer/installed.json b/composer/installed.json index dd513ba3..767f9379 100644 --- a/composer/installed.json +++ b/composer/installed.json @@ -1266,17 +1266,17 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.4.0", - "version_normalized": "7.4.0.0", + "version": "7.4.4", + "version_normalized": "7.4.4.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "868b3571a039f0ebc11ac8f344f4080babe2cb94" + "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/868b3571a039f0ebc11ac8f344f4080babe2cb94", - "reference": "868b3571a039f0ebc11ac8f344f4080babe2cb94", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", + "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "shasum": "" }, "require": { @@ -1285,7 +1285,7 @@ "guzzlehttp/psr7": "^1.8.3 || ^2.1", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", - "symfony/deprecation-contracts": "^2.2" + "symfony/deprecation-contracts": "^2.2 || ^3.0" }, "provide": { "psr/http-client-implementation": "1.0" @@ -1302,7 +1302,7 @@ "ext-intl": "Required for Internationalized Domain Name (IDN) support", "psr/log": "Required for using the Log middleware" }, - "time": "2021-10-18T09:52:00+00:00", + "time": "2022-06-09T21:39:15+00:00", "type": "library", "extra": { "branch-alias": { @@ -1311,12 +1311,12 @@ }, "installation-source": "dist", "autoload": { - "psr-4": { - "GuzzleHttp\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -1373,7 +1373,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.0" + "source": "https://github.com/guzzle/guzzle/tree/7.4.4" }, "funding": [ { @@ -1421,12 +1421,12 @@ }, "installation-source": "dist", "autoload": { - "psr-4": { - "GuzzleHttp\\Promise\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -4719,23 +4719,23 @@ }, { "name": "symfony/deprecation-contracts", - "version": "v2.5.0", - "version_normalized": "2.5.0.0", + "version": "v2.5.1", + "version_normalized": "2.5.1.0", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "6f981ee24cf69ee7ce9736146d1c57c2780598a8" + "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/6f981ee24cf69ee7ce9736146d1c57c2780598a8", - "reference": "6f981ee24cf69ee7ce9736146d1c57c2780598a8", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e8b495ea28c1d97b5e0c121748d6f9b53d075c66", + "reference": "e8b495ea28c1d97b5e0c121748d6f9b53d075c66", "shasum": "" }, "require": { "php": ">=7.1" }, - "time": "2021-07-12T14:48:14+00:00", + "time": "2022-01-02T09:53:40+00:00", "type": "library", "extra": { "branch-alias": { @@ -4769,7 +4769,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.0" + "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.1" }, "funding": [ { diff --git a/composer/installed.php b/composer/installed.php index 71d8bbf2..3de8328c 100644 --- a/composer/installed.php +++ b/composer/installed.php @@ -1,9 +1,9 @@ <?php return array( 'root' => array( 'name' => 'nextcloud/3rdparty', - 'pretty_version' => 'dev-master', - 'version' => 'dev-master', - 'reference' => '02403021310540a848eb2385e979fcc0563ee730', + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => NULL, 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -173,9 +173,9 @@ 'dev_requirement' => false, ), 'guzzlehttp/guzzle' => array( - 'pretty_version' => '7.4.0', - 'version' => '7.4.0.0', - 'reference' => '868b3571a039f0ebc11ac8f344f4080babe2cb94', + 'pretty_version' => '7.4.4', + 'version' => '7.4.4.0', + 'reference' => 'e3ff079b22820c2029d4c2a87796b6a0b8716ad8', 'type' => 'library', 'install_path' => __DIR__ . '/../guzzlehttp/guzzle', 'aliases' => array(), @@ -299,9 +299,9 @@ 'dev_requirement' => false, ), 'nextcloud/3rdparty' => array( - 'pretty_version' => 'dev-master', - 'version' => 'dev-master', - 'reference' => '02403021310540a848eb2385e979fcc0563ee730', + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => NULL, 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -698,9 +698,9 @@ 'dev_requirement' => false, ), 'symfony/deprecation-contracts' => array( - 'pretty_version' => 'v2.5.0', - 'version' => '2.5.0.0', - 'reference' => '6f981ee24cf69ee7ce9736146d1c57c2780598a8', + 'pretty_version' => 'v2.5.1', + 'version' => '2.5.1.0', + 'reference' => 'e8b495ea28c1d97b5e0c121748d6f9b53d075c66', 'type' => 'library', 'install_path' => __DIR__ . '/../symfony/deprecation-contracts', 'aliases' => array(), diff --git a/guzzlehttp/guzzle/src/Cookie/CookieJar.php b/guzzlehttp/guzzle/src/Cookie/CookieJar.php index d6757c65..6ef8e8c1 100644 --- a/guzzlehttp/guzzle/src/Cookie/CookieJar.php +++ b/guzzlehttp/guzzle/src/Cookie/CookieJar.php @@ -241,6 +241,11 @@ class CookieJar implements CookieJarInterface if (0 !== \strpos($sc->getPath(), '/')) { $sc->setPath($this->getCookiePathFromRequest($request)); } + if (!$sc->matchesDomain($request->getUri()->getHost())) { + continue; + } + // Note: At this point `$sc->getDomain()` being a public suffix should + // be rejected, but we don't want to pull in the full PSL dependency. $this->setCookie($sc); } } diff --git a/guzzlehttp/guzzle/src/Cookie/SetCookie.php b/guzzlehttp/guzzle/src/Cookie/SetCookie.php index 7c04034d..a613c77b 100644 --- a/guzzlehttp/guzzle/src/Cookie/SetCookie.php +++ b/guzzlehttp/guzzle/src/Cookie/SetCookie.php @@ -379,10 +379,12 @@ class SetCookie // Remove the leading '.' as per spec in RFC 6265. // https://tools.ietf.org/html/rfc6265#section-5.2.3 - $cookieDomain = \ltrim($cookieDomain, '.'); + $cookieDomain = \ltrim(\strtolower($cookieDomain), '.'); + + $domain = \strtolower($domain); // Domain not set or exact match. - if (!$cookieDomain || !\strcasecmp($domain, $cookieDomain)) { + if ('' === $cookieDomain || $domain === $cookieDomain) { return true; } diff --git a/guzzlehttp/guzzle/src/Exception/RequestException.php b/guzzlehttp/guzzle/src/Exception/RequestException.php index 54623cff..c2d0a9cc 100644 --- a/guzzlehttp/guzzle/src/Exception/RequestException.php +++ b/guzzlehttp/guzzle/src/Exception/RequestException.php @@ -99,7 +99,7 @@ class RequestException extends TransferException implements RequestExceptionInte '%s: `%s %s` resulted in a `%s %s` response', $label, $request->getMethod(), - $uri, + $uri->__toString(), $response->getStatusCode(), $response->getReasonPhrase() ); diff --git a/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php b/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php index ace0d840..2f5b3f69 100644 --- a/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php +++ b/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php @@ -32,9 +32,9 @@ class CurlMultiHandler private $selectTimeout; /** - * @var resource|\CurlMultiHandle|null the currently executing resource in `curl_multi_exec`. + * @var int Will be higher than 0 when `curl_multi_exec` is still running. */ - private $active; + private $active = 0; /** * @var array Request entry handles, indexed by handle id in `addRequest`. @@ -225,6 +225,10 @@ class CurlMultiHandler private function processMessages(): void { while ($done = \curl_multi_info_read($this->_mh)) { + if ($done['msg'] !== \CURLMSG_DONE) { + // if it's not done, then it would be premature to remove the handle. ref https://github.com/guzzle/guzzle/pull/2892#issuecomment-945150216 + continue; + } $id = (int) $done['handle']; \curl_multi_remove_handle($this->_mh, $done['handle']); diff --git a/guzzlehttp/guzzle/src/Handler/StreamHandler.php b/guzzlehttp/guzzle/src/Handler/StreamHandler.php index 70c646be..543f825a 100644 --- a/guzzlehttp/guzzle/src/Handler/StreamHandler.php +++ b/guzzlehttp/guzzle/src/Handler/StreamHandler.php @@ -266,6 +266,10 @@ class StreamHandler $methods = \array_flip(\get_class_methods(__CLASS__)); } + if (!\in_array($request->getUri()->getScheme(), ['http', 'https'])) { + throw new RequestException(\sprintf("The scheme '%s' is not supported.", $request->getUri()->getScheme()), $request); + } + // HTTP/1.1 streams using the PHP stream wrapper require a // Connection: close header if ($request->getProtocolVersion() == '1.1' @@ -318,7 +322,7 @@ class StreamHandler return $this->createResource( function () use ($uri, &$http_response_header, $contextResource, $context, $options, $request) { $resource = @\fopen((string) $uri, 'r', false, $contextResource); - $this->lastHeaders = $http_response_header; + $this->lastHeaders = $http_response_header ?? []; if (false === $resource) { throw new ConnectException(sprintf('Connection refused for URI %s', $uri), $request, null, $context); @@ -377,6 +381,9 @@ class StreamHandler 'ignore_errors' => true, 'follow_location' => 0, ], + 'ssl' => [ + 'peer_name' => $request->getUri()->getHost(), + ], ]; $body = (string) $request->getBody(); diff --git a/guzzlehttp/guzzle/src/MessageFormatter.php b/guzzlehttp/guzzle/src/MessageFormatter.php index 238770f8..da499547 100644 --- a/guzzlehttp/guzzle/src/MessageFormatter.php +++ b/guzzlehttp/guzzle/src/MessageFormatter.php @@ -137,7 +137,7 @@ class MessageFormatter implements MessageFormatterInterface break; case 'uri': case 'url': - $result = $request->getUri(); + $result = $request->getUri()->__toString(); break; case 'target': $result = $request->getRequestTarget(); diff --git a/guzzlehttp/guzzle/src/RedirectMiddleware.php b/guzzlehttp/guzzle/src/RedirectMiddleware.php index 1dd38614..cedad4e7 100644 --- a/guzzlehttp/guzzle/src/RedirectMiddleware.php +++ b/guzzlehttp/guzzle/src/RedirectMiddleware.php @@ -88,6 +88,16 @@ class RedirectMiddleware $this->guardMax($request, $response, $options); $nextRequest = $this->modifyRequest($request, $options, $response); + // If authorization is handled by curl, unset it if host is different. + if ($request->getUri()->getHost() !== $nextRequest->getUri()->getHost() + && defined('\CURLOPT_HTTPAUTH') + ) { + unset( + $options['curl'][\CURLOPT_HTTPAUTH], + $options['curl'][\CURLOPT_USERPWD] + ); + } + if (isset($options['allow_redirects']['on_redirect'])) { ($options['allow_redirects']['on_redirect'])( $request, @@ -132,7 +142,7 @@ class RedirectMiddleware } /** - * Check for too many redirects + * Check for too many redirects. * * @throws TooManyRedirectsException Too many redirects. */ @@ -168,7 +178,7 @@ class RedirectMiddleware $modify['body'] = ''; } - $uri = $this->redirectUri($request, $response, $protocols); + $uri = self::redirectUri($request, $response, $protocols); if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) { $idnOptions = ($options['idn_conversion'] === true) ? \IDNA_DEFAULT : $options['idn_conversion']; $uri = Utils::idnUriConvert($uri, $idnOptions); @@ -188,19 +198,46 @@ class RedirectMiddleware $modify['remove_headers'][] = 'Referer'; } - // Remove Authorization header if host is different. - if ($request->getUri()->getHost() !== $modify['uri']->getHost()) { + // Remove Authorization and Cookie headers if required. + if (self::shouldStripSensitiveHeaders($request->getUri(), $modify['uri'])) { $modify['remove_headers'][] = 'Authorization'; + $modify['remove_headers'][] = 'Cookie'; } return Psr7\Utils::modifyRequest($request, $modify); } /** - * Set the appropriate URL on the request based on the location header + * Determine if we should strip sensitive headers from the request. + * + * We return true if either of the following conditions are true: + * + * 1. the host is different; + * 2. the scheme has changed, and now is non-https. */ - private function redirectUri(RequestInterface $request, ResponseInterface $response, array $protocols): UriInterface - { + private static function shouldStripSensitiveHeaders( + UriInterface $originalUri, + UriInterface $modifiedUri + ): bool { + if (\strcasecmp($originalUri->getHost(), $modifiedUri->getHost()) !== 0) { + return true; + } + + if ($originalUri->getScheme() !== $modifiedUri->getScheme() && 'https' !== $modifiedUri->getScheme()) { + return true; + } + + return false; + } + + /** + * Set the appropriate URL on the request based on the location header. + */ + private static function redirectUri( + RequestInterface $request, + ResponseInterface $response, + array $protocols + ): UriInterface { $location = Psr7\UriResolver::resolve( $request->getUri(), new Psr7\Uri($response->getHeaderLine('Location')) diff --git a/guzzlehttp/guzzle/vendor-bin/php-cs-fixer/composer.json b/guzzlehttp/guzzle/vendor-bin/php-cs-fixer/composer.json deleted file mode 100644 index d69a683b..00000000 --- a/guzzlehttp/guzzle/vendor-bin/php-cs-fixer/composer.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "require": { - "php": "^7.2.5 || ^8.0", - "friendsofphp/php-cs-fixer": "3.2.1" - }, - "config": { - "preferred-install": "dist" - } -} diff --git a/guzzlehttp/guzzle/vendor-bin/phpstan/composer.json b/guzzlehttp/guzzle/vendor-bin/phpstan/composer.json deleted file mode 100644 index b09c65dd..00000000 --- a/guzzlehttp/guzzle/vendor-bin/phpstan/composer.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "require": { - "php": "^7.2.5 || ^8.0", - "phpstan/phpstan": "0.12.99", - "phpstan/phpstan-deprecation-rules": "0.12.6" - }, - "config": { - "preferred-install": "dist" - } -} diff --git a/guzzlehttp/guzzle/vendor-bin/psalm/composer.json b/guzzlehttp/guzzle/vendor-bin/psalm/composer.json deleted file mode 100644 index 7794e6bb..00000000 --- a/guzzlehttp/guzzle/vendor-bin/psalm/composer.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "require": { - "php": "^7.2.5 || ^8.0", - "psalm/phar": "4.10.0" - }, - "config": { - "preferred-install": "dist" - } -} diff --git a/symfony/deprecation-contracts/LICENSE b/symfony/deprecation-contracts/LICENSE index ad85e173..406242ff 100644 --- a/symfony/deprecation-contracts/LICENSE +++ b/symfony/deprecation-contracts/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2020-2021 Fabien Potencier +Copyright (c) 2020-2022 Fabien Potencier Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal |