Update joomla/filter package

joomla · May 20, 2018 · cf4c5df · cf4c5df
1 parent c396b5c
commit cf4c5df
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 54 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/libraries/vendor/composer/autoload_classmap.php b/libraries/vendor/composer/autoload_classmap.php
@@ -76,6 +76,13 @@
     'Joomla\\Input\\Files' => $vendorDir . '/joomla/input/src/Files.php',
     'Joomla\\Input\\Input' => $vendorDir . '/joomla/input/src/Input.php',
     'Joomla\\Input\\Json' => $vendorDir . '/joomla/input/src/Json.php',
+    'Joomla\\Input\\Tests\\CliTest' => $vendorDir . '/joomla/input/Tests/CliTest.php',
+    'Joomla\\Input\\Tests\\CookieTest' => $vendorDir . '/joomla/input/Tests/CookieTest.php',
+    'Joomla\\Input\\Tests\\FilesTest' => $vendorDir . '/joomla/input/Tests/FilesTest.php',
+    'Joomla\\Input\\Tests\\FilterInputMock' => $vendorDir . '/joomla/input/Tests/Stubs/FilterInputMock.php',
+    'Joomla\\Input\\Tests\\InputMocker' => $vendorDir . '/joomla/input/Tests/InputMocker.php',
+    'Joomla\\Input\\Tests\\InputTest' => $vendorDir . '/joomla/input/Tests/InputTest.php',
+    'Joomla\\Input\\Tests\\JsonTest' => $vendorDir . '/joomla/input/Tests/JsonTest.php',
     'Joomla\\Ldap\\LdapClient' => $vendorDir . '/joomla/ldap/src/LdapClient.php',
     'Joomla\\Registry\\AbstractRegistryFormat' => $vendorDir . '/joomla/registry/src/AbstractRegistryFormat.php',
     'Joomla\\Registry\\Factory' => $vendorDir . '/joomla/registry/src/Factory.php',
@@ -95,6 +102,14 @@
     'Joomla\\Session\\Storage\\None' => $vendorDir . '/joomla/session/Joomla/Session/Storage/None.php',
     'Joomla\\Session\\Storage\\Wincache' => $vendorDir . '/joomla/session/Joomla/Session/Storage/Wincache.php',
     'Joomla\\Session\\Storage\\Xcache' => $vendorDir . '/joomla/session/Joomla/Session/Storage/Xcache.php',
+    'Joomla\\Session\\Tests\\Handler\\ApcuHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/ApcuHandlerTest.php',
+    'Joomla\\Session\\Tests\\Handler\\DatabaseHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/DatabaseHandlerTest.php',
+    'Joomla\\Session\\Tests\\Handler\\FilesystemHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/FilesystemHandlerTest.php',
+    'Joomla\\Session\\Tests\\Handler\\MemcachedHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/MemcachedHandlerTest.php',
+    'Joomla\\Session\\Tests\\Handler\\NativeStorageTest' => $vendorDir . '/joomla/session/tests/Storage/NativeStorageTest.php',
+    'Joomla\\Session\\Tests\\Handler\\RedisHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/RedisHandlerTest.php',
+    'Joomla\\Session\\Tests\\Handler\\WincacheHandlerTest' => $vendorDir . '/joomla/session/tests/Handler/WincacheHandlerTest.php',
+    'Joomla\\Session\\Tests\\SessionTest' => $vendorDir . '/joomla/session/tests/SessionTest.php',
     'Joomla\\String\\Inflector' => $vendorDir . '/joomla/string/src/Inflector.php',
     'Joomla\\String\\Normalise' => $vendorDir . '/joomla/string/src/Normalise.php',
     'Joomla\\String\\String' => $vendorDir . '/joomla/string/src/String.php',

diff --git a/libraries/vendor/composer/autoload_static.php b/libraries/vendor/composer/autoload_static.php
@@ -253,6 +253,13 @@ class ComposerStaticInit205c915b9c7d3e718e7c95793ee67ffe
         'Joomla\\Input\\Files' => __DIR__ . '/..' . '/joomla/input/src/Files.php',
         'Joomla\\Input\\Input' => __DIR__ . '/..' . '/joomla/input/src/Input.php',
         'Joomla\\Input\\Json' => __DIR__ . '/..' . '/joomla/input/src/Json.php',
+        'Joomla\\Input\\Tests\\CliTest' => __DIR__ . '/..' . '/joomla/input/Tests/CliTest.php',
+        'Joomla\\Input\\Tests\\CookieTest' => __DIR__ . '/..' . '/joomla/input/Tests/CookieTest.php',
+        'Joomla\\Input\\Tests\\FilesTest' => __DIR__ . '/..' . '/joomla/input/Tests/FilesTest.php',
+        'Joomla\\Input\\Tests\\FilterInputMock' => __DIR__ . '/..' . '/joomla/input/Tests/Stubs/FilterInputMock.php',
+        'Joomla\\Input\\Tests\\InputMocker' => __DIR__ . '/..' . '/joomla/input/Tests/InputMocker.php',
+        'Joomla\\Input\\Tests\\InputTest' => __DIR__ . '/..' . '/joomla/input/Tests/InputTest.php',
+        'Joomla\\Input\\Tests\\JsonTest' => __DIR__ . '/..' . '/joomla/input/Tests/JsonTest.php',
         'Joomla\\Ldap\\LdapClient' => __DIR__ . '/..' . '/joomla/ldap/src/LdapClient.php',
         'Joomla\\Registry\\AbstractRegistryFormat' => __DIR__ . '/..' . '/joomla/registry/src/AbstractRegistryFormat.php',
         'Joomla\\Registry\\Factory' => __DIR__ . '/..' . '/joomla/registry/src/Factory.php',
@@ -272,6 +279,14 @@ class ComposerStaticInit205c915b9c7d3e718e7c95793ee67ffe
         'Joomla\\Session\\Storage\\None' => __DIR__ . '/..' . '/joomla/session/Joomla/Session/Storage/None.php',
         'Joomla\\Session\\Storage\\Wincache' => __DIR__ . '/..' . '/joomla/session/Joomla/Session/Storage/Wincache.php',
         'Joomla\\Session\\Storage\\Xcache' => __DIR__ . '/..' . '/joomla/session/Joomla/Session/Storage/Xcache.php',
+        'Joomla\\Session\\Tests\\Handler\\ApcuHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/ApcuHandlerTest.php',
+        'Joomla\\Session\\Tests\\Handler\\DatabaseHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/DatabaseHandlerTest.php',
+        'Joomla\\Session\\Tests\\Handler\\FilesystemHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/FilesystemHandlerTest.php',
+        'Joomla\\Session\\Tests\\Handler\\MemcachedHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/MemcachedHandlerTest.php',
+        'Joomla\\Session\\Tests\\Handler\\NativeStorageTest' => __DIR__ . '/..' . '/joomla/session/tests/Storage/NativeStorageTest.php',
+        'Joomla\\Session\\Tests\\Handler\\RedisHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/RedisHandlerTest.php',
+        'Joomla\\Session\\Tests\\Handler\\WincacheHandlerTest' => __DIR__ . '/..' . '/joomla/session/tests/Handler/WincacheHandlerTest.php',
+        'Joomla\\Session\\Tests\\SessionTest' => __DIR__ . '/..' . '/joomla/session/tests/SessionTest.php',
         'Joomla\\String\\Inflector' => __DIR__ . '/..' . '/joomla/string/src/Inflector.php',
         'Joomla\\String\\Normalise' => __DIR__ . '/..' . '/joomla/string/src/Normalise.php',
         'Joomla\\String\\String' => __DIR__ . '/..' . '/joomla/string/src/String.php',

diff --git a/libraries/vendor/composer/installed.json b/libraries/vendor/composer/installed.json
@@ -396,32 +396,32 @@
     },
     {
         "name": "joomla/filter",
-        "version": "1.3.3",
-        "version_normalized": "1.3.3.0",
+        "version": "1.3.4",
+        "version_normalized": "1.3.4.0",
         "source": {
             "type": "git",
             "url": "https://github.com/joomla-framework/filter.git",
-            "reference": "1ee770b83790c02d0fbcef77ad0647153e1faf74"
+            "reference": "6ec4c6020f7ef12c57a015410bdd11031620d952"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/joomla-framework/filter/zipball/1ee770b83790c02d0fbcef77ad0647153e1faf74",
-            "reference": "1ee770b83790c02d0fbcef77ad0647153e1faf74",
+            "url": "https://api.github.com/repos/joomla-framework/filter/zipball/6ec4c6020f7ef12c57a015410bdd11031620d952",
+            "reference": "6ec4c6020f7ef12c57a015410bdd11031620d952",
             "shasum": ""
         },
         "require": {
             "joomla/string": "~1.3|~2.0",
             "php": "^5.3.10|~7.0"
         },
         "require-dev": {
+            "joomla/coding-standards": "~2.0@alpha",
             "joomla/language": "~1.3",
-            "phpunit/phpunit": "^4.8.35|^5.4.3|~6.0",
-            "squizlabs/php_codesniffer": "1.*"
+            "phpunit/phpunit": "^4.8.35|^5.4.3|~6.0"
         },
         "suggest": {
             "joomla/language": "Required only if you want to use `OutputFilter::stringURLSafe`."
         },
-        "time": "2017-07-04T15:07:30+00:00",
+        "time": "2018-05-20T15:17:26+00:00",
         "type": "joomla-package",
         "extra": {
             "branch-alias": {
@@ -436,7 +436,7 @@
         },
         "notification-url": "https://packagist.org/downloads/",
         "license": [
-            "GPL-2.0+"
+            "GPL-2.0-or-later"
         ],
         "description": "Joomla Filter Package",
         "homepage": "https://github.com/joomla-framework/filter",

diff --git a/libraries/vendor/joomla/filter/src/InputFilter.php b/libraries/vendor/joomla/filter/src/InputFilter.php
@@ -2,7 +2,7 @@
 /**
  * Part of the Joomla Framework Filter Package
  *
- * @copyright  Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved.
+ * @copyright  Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
  * @license    GNU General Public License version 2 or later; see LICENSE
  */
 
@@ -113,6 +113,7 @@ class InputFilter
 		'bgsound',
 		'base',
 		'basefont',
+		'canvas',
 		'embed',
 		'frame',
 		'frameset',
@@ -172,7 +173,8 @@ class InputFilter
 	 * @since   1.0
 	 */
 	public function __construct($tagsArray = array(), $attrArray = array(), $tagsMethod = self::TAGS_WHITELIST, $attrMethod = self::ATTR_WHITELIST,
-		$xssAuto = 1)
+		$xssAuto = 1
+	)
 	{
 		// Make sure user defined arrays are in lowercase
 		$tagsArray = array_map('strtolower', (array) $tagsArray);
@@ -598,49 +600,49 @@ protected function cleanTags($source)
 		$attr = '';
 
 		// Is there a tag? If so it will certainly start with a '<'.
-		$tagOpen_start = StringHelper::strpos($source, '<');
+		$tagOpenStart = StringHelper::strpos($source, '<');
 
-		while ($tagOpen_start !== false)
+		while ($tagOpenStart !== false)
 		{
 			// Get some information about the tag we are processing
-			$preTag .= StringHelper::substr($postTag, 0, $tagOpen_start);
-			$postTag = StringHelper::substr($postTag, $tagOpen_start);
+			$preTag .= StringHelper::substr($postTag, 0, $tagOpenStart);
+			$postTag = StringHelper::substr($postTag, $tagOpenStart);
 			$fromTagOpen = StringHelper::substr($postTag, 1);
-			$tagOpen_end = StringHelper::strpos($fromTagOpen, '>');
+			$tagOpenEnd = StringHelper::strpos($fromTagOpen, '>');
 
 			// Check for mal-formed tag where we have a second '<' before the first '>'
-			$nextOpenTag = (StringHelper::strlen($postTag) > $tagOpen_start) ? StringHelper::strpos($postTag, '<', $tagOpen_start + 1) : false;
+			$nextOpenTag = (StringHelper::strlen($postTag) > $tagOpenStart) ? StringHelper::strpos($postTag, '<', $tagOpenStart + 1) : false;
 
-			if (($nextOpenTag !== false) && ($nextOpenTag < $tagOpen_end))
+			if (($nextOpenTag !== false) && ($nextOpenTag < $tagOpenEnd))
 			{
 				// At this point we have a mal-formed tag -- remove the offending open
-				$postTag = StringHelper::substr($postTag, 0, $tagOpen_start) . StringHelper::substr($postTag, $tagOpen_start + 1);
-				$tagOpen_start = StringHelper::strpos($postTag, '<');
+				$postTag = StringHelper::substr($postTag, 0, $tagOpenStart) . StringHelper::substr($postTag, $tagOpenStart + 1);
+				$tagOpenStart = StringHelper::strpos($postTag, '<');
 				continue;
 			}
 
 			// Let's catch any non-terminated tags and skip over them
-			if ($tagOpen_end === false)
+			if ($tagOpenEnd === false)
 			{
-				$postTag = StringHelper::substr($postTag, $tagOpen_start + 1);
-				$tagOpen_start = StringHelper::strpos($postTag, '<');
+				$postTag = StringHelper::substr($postTag, $tagOpenStart + 1);
+				$tagOpenStart = StringHelper::strpos($postTag, '<');
 				continue;
 			}
 
 			// Do we have a nested tag?
-			$tagOpen_nested = StringHelper::strpos($fromTagOpen, '<');
+			$tagOpenNested = StringHelper::strpos($fromTagOpen, '<');
 
-			if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end))
+			if (($tagOpenNested !== false) && ($tagOpenNested < $tagOpenEnd))
 			{
-				$preTag .= StringHelper::substr($postTag, 0, ($tagOpen_nested + 1));
-				$postTag = StringHelper::substr($postTag, ($tagOpen_nested + 1));
-				$tagOpen_start = StringHelper::strpos($postTag, '<');
+				$preTag .= StringHelper::substr($postTag, 0, ($tagOpenNested + 1));
+				$postTag = StringHelper::substr($postTag, ($tagOpenNested + 1));
+				$tagOpenStart = StringHelper::strpos($postTag, '<');
 				continue;
 			}
 
 			// Let's get some information about our tag and setup attribute pairs
-			$tagOpen_nested = (StringHelper::strpos($fromTagOpen, '<') + $tagOpen_start + 1);
-			$currentTag = StringHelper::substr($fromTagOpen, 0, $tagOpen_end);
+			$tagOpenNested = (StringHelper::strpos($fromTagOpen, '<') + $tagOpenStart + 1);
+			$currentTag = StringHelper::substr($fromTagOpen, 0, $tagOpenEnd);
 			$tagLength = StringHelper::strlen($currentTag);
 			$tagLeft = $currentTag;
 			$attrSet = array();
@@ -671,7 +673,7 @@ protected function cleanTags($source)
 				|| ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto)))
 			{
 				$postTag = StringHelper::substr($postTag, ($tagLength + 2));
-				$tagOpen_start = StringHelper::strpos($postTag, '<');
+				$tagOpenStart = StringHelper::strpos($postTag, '<');
 
 				// Strip tag
 				continue;
@@ -804,7 +806,7 @@ protected function cleanTags($source)
 
 			// Find next tag's start and continue iteration
 			$postTag = StringHelper::substr($postTag, ($tagLength + 2));
-			$tagOpen_start = StringHelper::strpos($postTag, '<');
+			$tagOpenStart = StringHelper::strpos($postTag, '<');
 		}
 
 		// Append any code after the end of tags and return
@@ -844,8 +846,8 @@ protected function cleanAttributes($attrSet)
 			$attrSubSet = explode('=', trim($attrSet[$i]), 2);
 
 			// Take the last attribute in case there is an attribute with no value
-			$attrSubSet_0  = explode(' ', trim($attrSubSet[0]));
-			$attrSubSet[0] = array_pop($attrSubSet_0);
+			$attrSubSet0   = explode(' ', trim($attrSubSet[0]));
+			$attrSubSet[0] = array_pop($attrSubSet0);
 
 			$attrSubSet[0] = strtolower($attrSubSet[0]);
 			$quoteStyle = version_compare(PHP_VERSION, '5.4', '>=') ? ENT_QUOTES | ENT_HTML401 : ENT_QUOTES;
@@ -855,12 +857,15 @@ protected function cleanAttributes($attrSet)
 			$attrSubSet[0] = preg_replace('/^[\pZ\pC]+|[\pZ\pC]+$/u', '', $attrSubSet[0]);
 			$attrSubSet[0] = preg_replace('/\s+/u', '', $attrSubSet[0]);
 
-			// Replace special blacklisted chars here
+			// Remove blacklisted chars from the attribute name
 			foreach ($this->blacklistedChars as $blacklistedChar)
 			{
-				$attrSubSet[0] = str_replace($blacklistedChar, '', $attrSubSet[0]);
+				$attrSubSet[0] = str_ireplace($blacklistedChar, '', $attrSubSet[0]);
 			}
 
+			// Remove all symbols
+			$attrSubSet[0] = preg_replace('/[^\p{L}\p{N}\s]/u', '', $attrSubSet[0]);
+
 			// Remove all "non-regular" attribute names
 			// AND blacklisted attributes
 			if ((!preg_match('/[a-z]*$/i', $attrSubSet[0]))
@@ -876,6 +881,12 @@ protected function cleanAttributes($attrSet)
 				continue;
 			}
 
+			// Remove blacklisted chars from the attribute value
+			foreach ($this->blacklistedChars as $blacklistedChar)
+			{
+				$attrSubSet[1] = str_ireplace($blacklistedChar, '', $attrSubSet[1]);
+			}
+
 			// Trim leading and trailing spaces
 			$attrSubSet[1] = trim($attrSubSet[1]);
 

diff --git a/libraries/vendor/joomla/filter/src/OutputFilter.php b/libraries/vendor/joomla/filter/src/OutputFilter.php
@@ -2,7 +2,7 @@
 /**
  * Part of the Joomla Framework Filter Package
  *
- * @copyright  Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved.
+ * @copyright  Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
  * @license    GNU General Public License version 2 or later; see LICENSE
  */
 
@@ -24,15 +24,15 @@ class OutputFilter
 	 * Object parameters that are non-string, array, object or start with underscore
 	 * will be converted
 	 *
-	 * @param   object   &$mixed        An object to be parsed
-	 * @param   integer  $quote_style   The optional quote style for the htmlspecialchars function
-	 * @param   mixed    $exclude_keys  An optional string single field name or array of field names not to be parsed (eg, for a textarea)
+	 * @param   object   $mixed        An object to be parsed
+	 * @param   integer  $quoteStyle   The optional quote style for the htmlspecialchars function
+	 * @param   mixed    $excludeKeys  An optional string single field name or array of field names not to be parsed (eg, for a textarea)
 	 *
 	 * @return  void
 	 *
 	 * @since   1.0
 	 */
-	public static function objectHtmlSafe(&$mixed, $quote_style = ENT_QUOTES, $exclude_keys = '')
+	public static function objectHtmlSafe(&$mixed, $quoteStyle = ENT_QUOTES, $excludeKeys = '')
 	{
 		if (is_object($mixed))
 		{
@@ -43,16 +43,16 @@ public static function objectHtmlSafe(&$mixed, $quote_style = ENT_QUOTES, $exclu
 					continue;
 				}
 
-				if (is_string($exclude_keys) && $k == $exclude_keys)
+				if (is_string($excludeKeys) && $k == $excludeKeys)
 				{
 					continue;
 				}
-				elseif (is_array($exclude_keys) && in_array($k, $exclude_keys))
+				elseif (is_array($excludeKeys) && in_array($k, $excludeKeys))
 				{
 					continue;
 				}
 
-				$mixed->$k = htmlspecialchars($v, $quote_style, 'UTF-8');
+				$mixed->$k = htmlspecialchars($v, $quoteStyle, 'UTF-8');
 			}
 		}
 	}
@@ -72,7 +72,7 @@ public static function linkXhtmlSafe($input)
 
 		return preg_replace_callback(
 			"#$regex#i",
-			function($m)
+			function ($m)
 			{
 				return preg_replace('#&(?!amp;)#', '&amp;', $m[0]);
 			},
@@ -163,7 +163,7 @@ public static function ampReplace($text)
 	/**
 	 * Cleans text of all formatting and scripting code
 	 *
-	 * @param   string  &$text  Text to clean
+	 * @param   string  $text  Text to clean
 	 *
 	 * @return  string  Cleaned text.
 	 *