Skip to content

Commit

Permalink
3.7.2-Release
Browse files Browse the repository at this point in the history
  • Loading branch information
ikkez committed May 28, 2020
1 parent 495a97c commit b51905e
Show file tree
Hide file tree
Showing 8 changed files with 84 additions and 41 deletions.
17 changes: 16 additions & 1 deletion lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,21 @@
CHANGELOG

3.7.1 (30. Dezember 2019)
3.7.2 (28 May 2020)
* CHANGED, View->sandbox: disable escaping when rendering as text/plain, bcosca/fatfree#654
* update HTTP protocol checks, #bcosca/fatfree#1190
* Base->clear: close vulnerability on variable compilation, bcosca/fatfree#1191
* DB\SQL\Mapper: fix empty ID after insert, bcosca/fatfree#1175
* DB\SQL\Mapper: fix using correct key variable for grouped sql pagination sets
* Fix return type of 'count' in Cursor->paginate() (bcosca/fatfree#1187)
* Bug fix, Web->minify: fix minification of ES6 template literals, bcosca/fatfree#1178
* Bug fix, config: refactoring custom section parser regex, bcosca/fatfree#1149
* Bug fix: token resolve on non-alias reroute paths, ref. 221f0c930f8664565c9825faeb9ed9af0f7a01c8
* Websocket: Improved event handler usage
* optimized internal get calls
* only use cached lexicon when a $ttl was given
* only use money_format up until php7.4, fixes bcosca/fatfree#1174

3.7.1 (30. December 2019)
* Base->build: Add support for brace-enclosed route tokens
* Base->reroute, fix duplicate fragment issue on non-alias routes
* DB\SQL\Mapper: fix empty check for pkey when reloading after insert
Expand Down
63 changes: 45 additions & 18 deletions lib/base.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ final class Base extends Prefab implements ArrayAccess {
//@{ Framework details
const
PACKAGE='Fat-Free Framework',
VERSION='3.7.1-Release';
VERSION='3.7.2-Release';
//@}

//@{ HTTP status codes (RFC 2616)
Expand Down Expand Up @@ -235,9 +235,31 @@ function cast($val) {
* Convert JS-style token to PHP expression
* @return string
* @param $str string
**/
function compile($str) {
return preg_replace_callback(
* @param $evaluate bool compile expressions as well or only convert variable access
**/
function compile($str, $evaluate=TRUE) {
return (!$evaluate)
? preg_replace_callback(
'/^@(\w+)((?:\..+|\[(?:(?:[^\[\]]*|(?R))*)\])*)/',
function($expr) {
$str='$'.$expr[1];
if (isset($expr[2]))
$str.=preg_replace_callback(
'/\.([^.\[\]]+)|\[((?:[^\[\]\'"]*|(?R))*)\]/',
function($sub) {
$val=isset($sub[2]) ? $sub[2] : $sub[1];
if (ctype_digit($val))
$val=(int)$val;
$out='['.$this->export($val).']';
return $out;
},
$expr[2]
);
return $str;
},
$str
)
: preg_replace_callback(
'/(?<!\w)@(\w+(?:(?:\->|::)\w+)?)'.
'((?:\.\w+|\[(?:(?:[^\[\]]*|(?R))*)\]|(?:\->|::)\w+|\()*)/',
function($expr) {
Expand Down Expand Up @@ -503,7 +525,9 @@ function clear($key) {
// Reset global to default value
$this->hive[$parts[0]]=$this->init[$parts[0]];
else {
eval('unset('.$this->compile('@this->hive.'.$key).');');
$val=preg_replace('/^(\$hive)/','$this->hive',
$this->compile('@hive.'.$key, FALSE));
eval('unset('.$val.');');
if ($parts[0]=='SESSION') {
session_commit();
session_start();
Expand Down Expand Up @@ -970,7 +994,8 @@ function($expr) use($args,$conv) {
$cstm=!$int=($prop=='int'))
$currency_symbol=$prop;
if (!$cstm &&
function_exists('money_format'))
function_exists('money_format') &&
version_compare(PHP_VERSION,'7.4.0')<0)
return money_format(
'%'.($int?'i':'n'),$args[$pos]);
$fmt=[
Expand Down Expand Up @@ -1106,7 +1131,7 @@ function language($code) {
function lexicon($path,$ttl=0) {
$languages=$this->languages?:explode(',',$this->fallback);
$cache=Cache::instance();
if ($cache->exists(
if ($ttl && $cache->exists(
$hash=$this->hash(implode(',',$languages).$path).'.dic',$lex))
return $lex;
$lex=[];
Expand Down Expand Up @@ -1491,6 +1516,8 @@ function reroute($url=NULL,$permanent=FALSE,$die=TRUE) {
$url=$this->build($this->hive['ALIASES'][$parts[1]],
isset($parts[2])?$this->parse($parts[2]):[]).
(isset($parts[3])?$parts[3]:'').(isset($parts[4])?$parts[4]:'');
else
$url=$this->build($url);
if (($handler=$this->hive['ONREROUTE']) &&
$this->call($handler,[$url,$permanent,$die])!==FALSE)
return;
Expand Down Expand Up @@ -1856,7 +1883,8 @@ function grab($func,$args=NULL) {
if ($parts[2]=='->') {
if (is_subclass_of($parts[1],'Prefab'))
$parts[1]=call_user_func($parts[1].'::instance');
elseif ($container=$this->get('CONTAINER')) {
elseif (isset($this->hive['CONTAINER'])) {
$container=$this->hive['CONTAINER'];
if (is_object($container) && is_callable([$container,'has'])
&& $container->has($parts[1])) // PSR11
$parts[1]=call_user_func([$container,'get'],$parts[1]);
Expand Down Expand Up @@ -1991,11 +2019,11 @@ function config($source,$allow=FALSE) {
$sec=$match['section'];
if (preg_match(
'/^(?!(?:global|config|route|map|redirect)s\b)'.
'((?:[^:])+)/i',$sec,$msec) &&
!$this->exists($msec[0]))
$this->set($msec[0],NULL);
'(.*?)(?:\s*[:>])/i',$sec,$msec) &&
!$this->exists($msec[1]))
$this->set($msec[1],NULL);
preg_match('/^(config|route|map|redirect)s\b|'.
'^((?:[^:])+)\s*\>\s*(.*)/i',$sec,$cmd);
'^(.+?)\s*\>\s*(.*)/i',$sec,$cmd);
continue;
}
if ($allow)
Expand Down Expand Up @@ -2075,7 +2103,7 @@ function mutex($id,$func,$args=NULL) {
mkdir($tmp,self::MODE,TRUE);
// Use filesystem lock
if (is_file($lock=$tmp.
$this->get('SEED').'.'.$this->hash($id).'.lock') &&
$this->hive['SEED'].'.'.$this->hash($id).'.lock') &&
filemtime($lock)+ini_get('max_execution_time')<microtime(TRUE))
// Stale lock
@unlink($lock);
Expand Down Expand Up @@ -2860,7 +2888,8 @@ protected function sandbox(array $hive=NULL,$mime=NULL) {
!preg_grep ('/^Content-Type:/',headers_list()))
header('Content-Type: '.$mime.'; '.
'charset='.$fw->ENCODING);
if ($fw->ESCAPE)
if ($fw->ESCAPE && (!$mime ||
preg_match('/^(text\/html|(application|text)\/(.+\+)?xml)$/i',$mime)))
$hive=$this->esc($hive);
if (isset($hive['ALIASES']))
$hive['ALIASES']=$fw->build($hive['ALIASES']);
Expand Down Expand Up @@ -2963,13 +2992,11 @@ function c($val) {
* @param $str string
**/
function token($str) {
$fw=$this->fw;
$str=trim(preg_replace('/\{\{(.+?)\}\}/s',trim('\1'),
$fw->compile($str)));
$str=trim(preg_replace('/\{\{(.+?)\}\}/s','\1',$this->fw->compile($str)));
if (preg_match('/^(.+)(?<!\|)\|((?:\h*\w+(?:\h*[,;]?))+)$/s',
$str,$parts)) {
$str=trim($parts[1]);
foreach ($fw->split(trim($parts[2],"\xC2\xA0")) as $func)
foreach ($this->fw->split(trim($parts[2],"\xC2\xA0")) as $func)
$str=((empty($this->filter[$cmd=$func]) &&
function_exists($cmd)) ||
is_string($cmd=$this->filter($func)))?
Expand Down
22 changes: 10 additions & 12 deletions lib/cli/ws.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ function alloc($socket) {
$verb=NULL;
$uri=NULL;
foreach (explode($EOL,trim($buf)) as $line)
if (preg_match('/^(\w+)\s(.+)\sHTTP\/1\.\d$/',
if (preg_match('/^(\w+)\s(.+)\sHTTP\/[\d.]{1,3}$/',
trim($line),$match)) {
$verb=$match[1];
$uri=$match[2];
Expand Down Expand Up @@ -328,8 +328,7 @@ class Agent {
$flag,
$verb,
$uri,
$headers,
$events;
$headers;

/**
* Return server instance
Expand Down Expand Up @@ -400,8 +399,8 @@ function send($op,$data='') {
if (is_bool($server->write($this->socket,$buf)))
return FALSE;
if (!in_array($op,[WS::Pong,WS::Close]) &&
isset($this->events['send']) &&
is_callable($func=$this->events['send']))
isset($this->server->events['send']) &&
is_callable($func=$this->server->events['send']))
$func($this,$op,$data);
return $data;
}
Expand Down Expand Up @@ -447,8 +446,8 @@ function fetch() {
case WS::Text:
$data=trim($data);
case WS::Binary:
if (isset($this->events['receive']) &&
is_callable($func=$this->events['receive']))
if (isset($this->server->events['receive']) &&
is_callable($func=$this->server->events['receive']))
$func($this,$op,$data);
break;
}
Expand All @@ -460,8 +459,8 @@ function fetch() {
* Destroy object
**/
function __destruct() {
if (isset($this->events['disconnect']) &&
is_callable($func=$this->events['disconnect']))
if (isset($this->server->events['disconnect']) &&
is_callable($func=$this->server->events['disconnect']))
$func($this);
}

Expand All @@ -479,10 +478,9 @@ function __construct($server,$socket,$verb,$uri,array $hdrs) {
$this->verb=$verb;
$this->uri=$uri;
$this->headers=$hdrs;
$this->events=$server->events();

if (isset($this->events['connect']) &&
is_callable($func=$this->events['connect']))
if (isset($server->events['connect']) &&
is_callable($func=$server->events['connect']))
$func($this);
}

Expand Down
2 changes: 1 addition & 1 deletion lib/db/cursor.php
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ function findone($filter=NULL,array $options=NULL,$ttl=0) {
function paginate(
$pos=0,$size=10,$filter=NULL,array $options=NULL,$ttl=0,$bounce=TRUE) {
$total=$this->count($filter,$options,$ttl);
$count=ceil($total/$size);
$count=(int)ceil($total/$size);
if ($bounce)
$pos=max(0,min($pos,$count-1));
return [
Expand Down
2 changes: 1 addition & 1 deletion lib/db/jig.php
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ function write($file,array $data=NULL) {
$out=$fw->serialize($data);
break;
}
return $fw->write($this->dir.'/'.$file,$out);
return $fw->write($this->dir.$file,$out);
}

/**
Expand Down
5 changes: 3 additions & 2 deletions lib/db/sql/mapper.php
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ function count($filter=NULL,array $options=NULL,$ttl=0) {
$group_fields=array_flip(array_map('trim',explode(',',$group_string)));
foreach ($this->adhoc as $key=>$field)
// add adhoc fields that are used for grouping
if (isset($group_fields[$field]))
if (isset($group_fields[$key]))
$adhoc[]=$field['expr'].' AS '.$this->db->quotekey($key);
$fields=implode(',',$adhoc);
if (empty($fields))
Expand Down Expand Up @@ -447,7 +447,8 @@ function insert() {
if ($field['pkey']) {
$field['previous']=$field['value'];
if (!$inc && $field['pdo_type']==\PDO::PARAM_INT &&
is_null($field['value']) && !$field['nullable'])
empty($field['value']) && !$field['nullable'] &&
is_null($field['default']))
$inc=$key;
$filter.=($filter?' AND ':'').$this->db->quotekey($key).'=?';
$nkeys[$nctr+1]=[$field['value'],$field['pdo_type']];
Expand Down
4 changes: 3 additions & 1 deletion lib/test.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ class Test {
//! Test results
$data=[],
//! Success indicator
$passed=TRUE;
$passed=TRUE,
//! Reporting level
$level;

/**
* Return test results
Expand Down
10 changes: 5 additions & 5 deletions lib/web.php
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ function mime($file, $inspect=FALSE) {
fclose($fhandle);
}
elseif (($response=$this->request($file,['method' => 'HEAD']))
&& preg_grep('/HTTP\/\d\.\d 200/',$response['headers'])
&& preg_grep('/HTTP\/[\d.]{1,3} 200/',$response['headers'])
&& ($type = preg_grep('/^Content-Type:/i',$response['headers']))) {
// get mime type directly from response header
return preg_replace('/^Content-Type:\s*/i','',array_pop($type));
Expand Down Expand Up @@ -383,7 +383,7 @@ function($curl,$line) use(&$headers) {
$body=ob_get_clean();
if (!$err &&
$options['follow_location'] && $open_basedir &&
preg_grep('/HTTP\/1\.\d 3\d{2}/',$headers) &&
preg_grep('/HTTP\/[\d.]{1,3} 3\d{2}/',$headers) &&
preg_match('/^Location: (.+)$/m',implode(PHP_EOL,$headers),$loc)) {
$options['max_redirects']--;
if($loc[1][0] == '/') {
Expand Down Expand Up @@ -530,7 +530,7 @@ protected function _socket($url,$options) {
break;
}
if ($options['follow_location'] &&
preg_grep('/HTTP\/1\.\d 3\d{2}/',$headers) &&
preg_grep('/HTTP\/[\d.]{1,3} 3\d{2}/',$headers) &&
preg_match('/Location: (.+?)'.preg_quote($eol).'/',
$html[0],$loc)) {
$options['max_redirects']--;
Expand Down Expand Up @@ -658,7 +658,7 @@ function request($url,array $options=NULL) {
}
$result=$this->{'_'.$this->wrapper}($url,$options);
if ($result && isset($cache)) {
if (preg_match('/HTTP\/1\.\d 304/',
if (preg_match('/HTTP\/[\d.]{1,3} 304/',
implode($eol,$result['headers']))) {
$result=$cache->get($hash);
$result['cached']=TRUE;
Expand Down Expand Up @@ -778,7 +778,7 @@ function minify($files,$mime=NULL,$header=TRUE,$path=NULL) {
}
continue;
}
if (in_array($src[$ptr],['\'','"'])) {
if (in_array($src[$ptr],['\'','"','`'])) {
$match=$src[$ptr];
$data.=$match;
$ptr++;
Expand Down

0 comments on commit b51905e

Please sign in to comment.