update phpxmlrpc to v4.3.1

exponentcms · Feb 17, 2018 · 447bf19 · 447bf19
1 parent baedc73
commit 447bf19
Show file tree

Hide file tree

Showing 10 changed files with 98 additions and 30 deletions.
diff --git a/external/xmlrpc/NEWS b/external/xmlrpc/NEWS
@@ -1,10 +1,27 @@
+XML-RPC for PHP version 4.3.1 - 2018/1/20
+
+* fixed: error when using https in non-curl mode
+
+* fixed: compatibility of tests with php 7.2
+
+* fixed: html injection in sample code
+
+* fixed: warnings emitted by the *legacy* server in xmlrpcs.inc
+
+* fixed: encoding of php variables of type 'resource' when using xmlrpc_encode in php-compatibility mode
+
+* fixed: bad html tag in sample code
+
+* improved: text of error messages
+
+
 XML-RPC for PHP version 4.3.0 - 2017/11/6
 
-* fixed: compatibility with Basic/Digest/NTLM auth when using client in cURL mode (issue #55)
+* fixed: compatibility with Basic/Digest/NTLM auth when using client in cURL mode (issue #58)
 
 * improved: added unit tests for Basic and Digest http auth. Also improved tests suite
 
-* new: allow to force usage of curl for http &.0 calls, as well as plain socket for https calls, via the method
+* new: allow to force usage of curl for http 1.0 calls, as well as plain socket for https calls, via the method
     `Client::setUseCurl()`
 
 

diff --git a/external/xmlrpc/lib/xmlrpcs.inc b/external/xmlrpc/lib/xmlrpcs.inc
@@ -52,7 +52,7 @@ class xmlrpc_server extends PhpXmlRpc\Server
      */
     public function echoInput()
     {
-        $r = new Response(new PhpXmlRpc\Value("'Aha said I: '" . file_get_contents('php://input'), 'string'));
+        $r = new PhpXmlRpc\Response(new PhpXmlRpc\Value("'Aha said I: '" . file_get_contents('php://input'), 'string'));
         print $r->serialize();
     }
 }
@@ -73,15 +73,15 @@ function _xmlrpcs_getCapabilities($server, $m=null)
     return PhpXmlRpc\Server::_xmlrpcs_getCapabilities($server, $m);
 }
 
-$_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray']));
+$_xmlrpcs_listMethods_sig=array(array(\PhpXmlRpc\Value::$xmlrpcArray));
 $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch';
 $_xmlrpcs_listMethods_sdoc=array(array('list of method names'));
 function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing
 {
     return PhpXmlRpc\Server::_xmlrpcs_listMethods($server, $m);
 }
 
-$_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString']));
+$_xmlrpcs_methodSignature_sig=array(array(\PhpXmlRpc\Value::$xmlrpcArray, $GLOBALS['xmlrpcString']));
 $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)';
 $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described'));
 function _xmlrpcs_methodSignature($server, $m)
@@ -112,7 +112,7 @@ function _xmlrpcs_multicall_do_call_phpvals($server, $call)
     return PhpXmlRpc\Server::_xmlrpcs_multicall_do_call_phpvals($server, $call);
 }
 
-$_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray']));
+$_xmlrpcs_multicall_sig = array(array(\PhpXmlRpc\Value::$xmlrpcArray, \PhpXmlRpc\Value::$xmlrpcArray));
 $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details';
 $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"'));
 function _xmlrpcs_multicall($server, $m)

diff --git a/external/xmlrpc/src/Client.php b/external/xmlrpc/src/Client.php
@@ -537,7 +537,6 @@ public function send($req, $timeout = 0, $method = '')
                 $this->proxy_pass,
                 $this->proxy_authtype,
                 $method,
-                $this->keepalive,
                 $this->key,
                 $this->keypass,
                 $this->sslversion
@@ -569,7 +568,7 @@ protected function sendPayloadHTTP10($req, $server, $port, $timeout = 0, $userna
         $method='http')
     {
         return $this->sendPayloadSocket($req, $server, $port, $timeout, $username, $password, $authType, null, null,
-            null, null, $proxyHost, $proxyPort, $proxyUsername, $proxyPassword, $proxyAuthType);
+            null, null, $proxyHost, $proxyPort, $proxyUsername, $proxyPassword, $proxyAuthType, $method);
     }
 
     /**
@@ -645,6 +644,7 @@ protected function sendPayloadSocket($req, $server, $port, $timeout = 0, $userna
 
         $payload = $req->payload;
         // Deflate request body and set appropriate request headers
+        $encodingHdr = '';
         if (function_exists('gzdeflate') && ($this->request_compression == 'gzip' || $this->request_compression == 'deflate')) {
             if ($this->request_compression == 'gzip') {
                 $a = @gzencode($payload);
@@ -659,8 +659,6 @@ protected function sendPayloadSocket($req, $server, $port, $timeout = 0, $userna
                     $encodingHdr = "Content-Encoding: deflate\r\n";
                 }
             }
-        } else {
-            $encodingHdr = '';
         }
 
         // thanks to Grant Rauscher <grant7@firstworld.net> for this
@@ -1260,10 +1258,12 @@ private function _try_multicall($reqs, $timeout, $method)
                         break;
                     case 'struct':
                         $code = $val['faultCode'];
+                        /** @var Value $code */
                         if ($code->kindOf() != 'scalar' || $code->scalartyp() != 'int') {
                             return false;
                         }
                         $str = $val['faultString'];
+                        /** @var Value $str */
                         if ($str->kindOf() != 'scalar' || $str->scalartyp() != 'string') {
                             return false;
                         }

diff --git a/external/xmlrpc/src/Encoder.php b/external/xmlrpc/src/Encoder.php
@@ -6,6 +6,7 @@
 
 /**
  * A helper class to easily convert between Value objects and php native values
+ * @todo implement an interface
  */
 class Encoder
 {
@@ -156,7 +157,7 @@ public function encode($phpVal, $options = array())
             // </G_Giunta_2001-02-29>
             case 'array':
                 // PHP arrays can be encoded to either xmlrpc structs or arrays,
-                // depending on wheter they are hashes or plain 0..n integer indexed
+                // depending on whether they are hashes or plain 0..n integer indexed
                 // A shorter one-liner would be
                 // $tmp = array_diff(array_keys($phpVal), range(0, count($phpVal)-1));
                 // but execution time skyrockets!
@@ -209,6 +210,7 @@ public function encode($phpVal, $options = array())
                 } else {
                     $xmlrpcVal = new Value();
                 }
+                break;
             // catch "user function", "unknown type"
             default:
                 // giancarlo pinerolo <ping@alt.it>
@@ -291,7 +293,9 @@ public function decodeXml($xmlVal, $options = array())
             case 'methodresponse':
                 $v = &$xmlRpcParser->_xh['value'];
                 if ($xmlRpcParser->_xh['isf'] == 1) {
+                    /** @var Value $vc */
                     $vc = $v['faultCode'];
+                    /** @var Value $vs */
                     $vs = $v['faultString'];
                     $r = new Response(0, $vc->scalarval(), $vs->scalarval());
                 } else {

diff --git a/external/xmlrpc/src/Helper/Logger.php b/external/xmlrpc/src/Helper/Logger.php
@@ -36,7 +36,14 @@ public function debugMessage($message, $encoding=null)
         }
 
         if (PHP_SAPI != 'cli') {
-            $flags = ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE;
+            $flags = ENT_COMPAT;
+            // avoid warnings on php < 5.4...
+            if (defined('ENT_HTML401')) {
+                $flags =  $flags | ENT_HTML401;
+            }
+            if (defined('ENT_SUBSTITUTE')) {
+                $flags =  $flags | ENT_SUBSTITUTE;
+            }
             if ($encoding != null) {
                 print "<PRE>\n".htmlentities($message, $flags, $encoding)."\n</PRE>";
             } else {

diff --git a/external/xmlrpc/src/PhpXmlRpc.php b/external/xmlrpc/src/PhpXmlRpc.php
@@ -36,22 +36,22 @@ class PhpXmlRpc
 
     static public $xmlrpcstr = array(
         'unknown_method' => 'Unknown method',
-        'invalid_return' => 'Invalid return payload: enable debugging to examine incoming payload',
+        'invalid_return' => 'Invalid response payload (you can use the setDebug method to allow analysis of the response)',
         'incorrect_params' => 'Incorrect parameters passed to method',
         'introspect_unknown' => "Can't introspect: method unknown",
-        'http_error' => "Didn't receive 200 OK from remote server.",
-        'no_data' => 'No data received from server.',
-        'no_ssl' => 'No SSL support compiled in.',
+        'http_error' => "Didn't receive 200 OK from remote server",
+        'no_data' => 'No data received from server',
+        'no_ssl' => 'No SSL support compiled in',
         'curl_fail' => 'CURL error',
         'invalid_request' => 'Invalid request payload',
-        'no_curl' => 'No CURL support compiled in.',
+        'no_curl' => 'No CURL support compiled in',
         'server_error' => 'Internal server error',
         'multicall_error' => 'Received from server invalid multicall response',
         'multicall_notstruct' => 'system.multicall expected struct',
-        'multicall_nomethod' => 'missing methodName',
+        'multicall_nomethod' => 'Missing methodName',
         'multicall_notstring' => 'methodName is not a string',
-        'multicall_recursion' => 'recursive system.multicall forbidden',
-        'multicall_noparams' => 'missing params',
+        'multicall_recursion' => 'Recursive system.multicall forbidden',
+        'multicall_noparams' => 'Missing params',
         'multicall_notarray' => 'params is not an array',
 
         'cannot_decompress' => 'Received from server compressed HTTP and cannot decompress',
@@ -79,7 +79,7 @@ class PhpXmlRpc
     public static $xmlrpc_internalencoding = "UTF-8";
 
     public static $xmlrpcName = "XML-RPC for PHP";
-    public static $xmlrpcVersion = "4.3.0";
+    public static $xmlrpcVersion = "4.3.1";
 
     // let user errors start at 800
     public static $xmlrpcerruser = 800;

diff --git a/external/xmlrpc/src/Request.php b/external/xmlrpc/src/Request.php
@@ -298,7 +298,7 @@ public function parseResponse($data = '', $headersProcessed = false, $returnType
                     xml_get_current_line_number($parser), xml_get_current_column_number($parser));
             }
             error_log($errStr);
-            $r = new Response(0, PhpXmlRpc::$xmlrpcerr['invalid_return'], PhpXmlRpc::$xmlrpcstr['invalid_return'] . ' (' . $errStr . ')');
+            $r = new Response(0, PhpXmlRpc::$xmlrpcerr['invalid_return'], PhpXmlRpc::$xmlrpcstr['invalid_return'] . ' ' . $errStr);
             xml_parser_free($parser);
             if ($this->debug) {
                 print $errStr;
@@ -380,10 +380,10 @@ public function kindOf()
     /**
      * Enables/disables the echoing to screen of the xmlrpc responses received.
      *
-     * @param integer $in values 0, 1, 2 are supported
+     * @param integer $level values 0, 1, 2 are supported
      */
-    public function setDebug($in)
+    public function setDebug($level)
     {
-        $this->debug = $in;
+        $this->debug = $level;
     }
 }
diff --git a/external/xmlrpc/src/Server.php b/external/xmlrpc/src/Server.php
@@ -825,12 +825,22 @@ public function getCapabilities()
         return $outAr;
     }
 
+    /**
+     * @param Server $server
+     * @param Request $req
+     * @return Response
+     */
     public static function _xmlrpcs_getCapabilities($server, $req = null)
     {
         $encoder = new Encoder();
         return new Response($encoder->encode($server->getCapabilities()));
     }
 
+    /**
+     * @param Server $server
+     * @param Request $req
+     * @return Response
+     */
     public static function _xmlrpcs_listMethods($server, $req = null) // if called in plain php values mode, second param is missing
     {
         $outAr = array();
@@ -846,6 +856,11 @@ public static function _xmlrpcs_listMethods($server, $req = null) // if called i
         return new Response(new Value($outAr, 'array'));
     }
 
+    /**
+     * @param Server $server
+     * @param Request $req
+     * @return Response
+     */
     public static function _xmlrpcs_methodSignature($server, $req)
     {
         // let accept as parameter both an xmlrpc value or string
@@ -883,6 +898,11 @@ public static function _xmlrpcs_methodSignature($server, $req)
         return $r;
     }
 
+    /**
+     * @param Server $server
+     * @param Request $req
+     * @return Response
+     */
     public static function _xmlrpcs_methodHelp($server, $req)
     {
         // let accept as parameter both an xmlrpc value or string
@@ -926,6 +946,11 @@ public static function _xmlrpcs_multicall_error($err)
         return new Value($struct, 'struct');
     }
 
+    /**
+     * @param Server $server
+     * @param Value $call
+     * @return Value
+     */
     public static function _xmlrpcs_multicall_do_call($server, $call)
     {
         if ($call->kindOf() != 'struct') {
@@ -969,6 +994,11 @@ public static function _xmlrpcs_multicall_do_call($server, $call)
         return new Value(array($result->value()), 'array');
     }
 
+    /**
+     * @param Server $server
+     * @param Value $call
+     * @return Value
+     */
     public static function _xmlrpcs_multicall_do_call_phpvals($server, $call)
     {
         if (!is_array($call)) {
@@ -1008,6 +1038,11 @@ public static function _xmlrpcs_multicall_do_call_phpvals($server, $call)
         return new Value(array($result->value()), 'array');
     }
 
+    /**
+     * @param Server $server
+     * @param Request $req
+     * @return Response
+     */
     public static function _xmlrpcs_multicall($server, $req)
     {
         $result = array();

diff --git a/external/xmlrpc/src/Value.php b/external/xmlrpc/src/Value.php
@@ -296,6 +296,7 @@ protected function serializedata($typ, $val, $charsetEncoding = '')
                     $rs .= "<struct>\n";
                 }
                 $charsetEncoder = Charset::instance();
+                /** @var Value $val2 */
                 foreach ($val as $key2 => $val2) {
                     $rs .= '<member><name>' . $charsetEncoder->encodeEntities($key2, PhpXmlRpc::$xmlrpc_internalencoding, $charsetEncoding) . "</name>\n";
                     //$rs.=$this->serializeval($val2);
@@ -307,6 +308,7 @@ protected function serializedata($typ, $val, $charsetEncoding = '')
             case 2:
                 // array
                 $rs .= "<array>\n<data>\n";
+                /** @var Value $element */
                 foreach ($val as $element) {
                     //$rs.=$this->serializeval($val[$i]);
                     $rs .= $element->serialize($charsetEncoding);
@@ -480,7 +482,7 @@ public function count()
     /**
      * Implements the IteratorAggregate interface
      *
-     * @return ArrayIterator
+     * @return \ArrayIterator
      */
     public function getIterator() {
         switch ($this->mytype) {
@@ -493,7 +495,6 @@ public function getIterator() {
             default:
                 return new \ArrayIterator();
         }
-        return new \ArrayIterator();
     }
 
     public function offsetSet($offset, $value) {

diff --git a/external/xmlrpc/src/Wrapper.php b/external/xmlrpc/src/Wrapper.php
@@ -110,7 +110,7 @@ public function xmlrpc2PhpType($xmlrpcType)
      * Since php is a typeless language, to infer types of input and output parameters,
      * it relies on parsing the javadoc-style comment block associated with the given
      * function. Usage of xmlrpc native types (such as datetime.dateTime.iso8601 and base64)
-     * in the @param tag is also allowed, if you need the php function to receive/send
+     * in the '@param' tag is also allowed, if you need the php function to receive/send
      * data in that particular format (note that base64 encoding/decoding is transparently
      * carried out by the lib, while datetime vals are passed around as strings)
      *
@@ -396,11 +396,15 @@ protected function buildMethodSignatures($funcDesc)
      * @param $callable
      * @param array $extraOptions
      * @param string $plainFuncName
-     * @param string $funcDesc
+     * @param array $funcDesc
      * @return \Closure
      */
     protected function buildWrapFunctionClosure($callable, $extraOptions, $plainFuncName, $funcDesc)
     {
+        /**
+         * @param Request $req
+         * @return mixed
+         */
         $function = function($req) use($callable, $extraOptions, $funcDesc)
         {
             $nameSpace = '\\PhpXmlRpc\\';
@@ -785,7 +789,7 @@ protected function retrieveMethodHelp($client, $methodName, array $extraOptions
      * @param Client $client
      * @param string $methodName
      * @param array $extraOptions
-     * @param string $mSig
+     * @param array $mSig
      * @return \Closure
      *
      * @todo should we allow usage of parameter simple_client_copy to mean 'do not clone' in this case?