From 36d0c8861e46287ccbf2c8b22c05551000331b1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9nD?= Date: Sat, 18 Jun 2022 09:50:59 +0200 Subject: [PATCH] Fix/url regex (#1842) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: Tweak URL's regex to avoid XSS. Thanks to @rgavilan for the feedback! Closes #1840. Signed-off-by: Rubén D * chore: Update dependencies. Signed-off-by: Rubén D * chore: Use `ENT_QUOTES` flag for all `htmlspecialchars` calls. Signed-off-by: Rubén D --- .../views/account/account-editpass.inc | 23 +++ .../views/account/account-history.inc | 23 +++ .../views/account/account-link.inc | 23 +++ .../views/account/search-rows.inc | 14 +- .../views/config/general-site.inc | 27 +++- .../views/config/wiki-dokuwiki.inc | 29 +++- .../material-blue/views/config/wiki.inc | 29 +++- composer.json | 1 - composer.lock | 140 +++++++++--------- lib/SP/Html/Html.php | 16 +- lib/SP/Services/Install/Installer.php | 4 +- 11 files changed, 244 insertions(+), 85 deletions(-) diff --git a/app/modules/web/themes/material-blue/views/account/account-editpass.inc b/app/modules/web/themes/material-blue/views/account/account-editpass.inc index 2635e42f5..6d8003322 100644 --- a/app/modules/web/themes/material-blue/views/account/account-editpass.inc +++ b/app/modules/web/themes/material-blue/views/account/account-editpass.inc @@ -1,4 +1,27 @@ . + */ + /** * @var callable $_getvar * @var ThemeIcons $icons diff --git a/app/modules/web/themes/material-blue/views/account/account-history.inc b/app/modules/web/themes/material-blue/views/account/account-history.inc index 7082ca354..c54a64a01 100644 --- a/app/modules/web/themes/material-blue/views/account/account-history.inc +++ b/app/modules/web/themes/material-blue/views/account/account-history.inc @@ -1,4 +1,27 @@ . + */ + /** * @var callable $_getvar * @var ThemeIcons $icons diff --git a/app/modules/web/themes/material-blue/views/account/account-link.inc b/app/modules/web/themes/material-blue/views/account/account-link.inc index 45feabb53..c74342c49 100644 --- a/app/modules/web/themes/material-blue/views/account/account-link.inc +++ b/app/modules/web/themes/material-blue/views/account/account-link.inc @@ -1,4 +1,27 @@ . + */ + /** * @var callable $_getvar * @var ThemeIcons $icons diff --git a/app/modules/web/themes/material-blue/views/account/search-rows.inc b/app/modules/web/themes/material-blue/views/account/search-rows.inc index b3ccbc9ae..280d191f3 100644 --- a/app/modules/web/themes/material-blue/views/account/search-rows.inc +++ b/app/modules/web/themes/material-blue/views/account/search-rows.inc @@ -134,7 +134,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); getShortUrl(), ENT_QUOTES); ?> -
getShortUrl(), ENT_QUOTES); ?>
+
getShortUrl(), + ENT_QUOTES + ); ?>
@@ -280,7 +283,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); isWikiMatch($wikiFilter)): ?> - library_books @@ -288,7 +293,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff'); library_books . + */ + /** * @var ThemeIcons $icons * @var ConfigData $configData @@ -109,7 +132,9 @@ use SP\Mvc\View\Template; class="icon material-icons getIconHelp()->getClass(); ?>">getIconHelp()->getIcon(); ?>

- +

diff --git a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc index 538389899..0da38c527 100644 --- a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc +++ b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc @@ -1,4 +1,27 @@ . + */ + /** * @var ThemeIcons $icons * @var ConfigData $configData @@ -97,7 +120,8 @@ use SP\Mvc\View\Template;
getIconHelp()->getIcon(); ?>
+ class="icon material-icons getIconHelp()->getClass( + ); ?>">getIconHelp()->getIcon(); ?>

@@ -128,7 +152,8 @@ use SP\Mvc\View\Template;

getIconHelp()->getIcon(); ?>
+ class="icon material-icons getIconHelp()->getClass( + ); ?>">getIconHelp()->getIcon(); ?>

diff --git a/app/modules/web/themes/material-blue/views/config/wiki.inc b/app/modules/web/themes/material-blue/views/config/wiki.inc index 32bf93054..e82d64c85 100644 --- a/app/modules/web/themes/material-blue/views/config/wiki.inc +++ b/app/modules/web/themes/material-blue/views/config/wiki.inc @@ -1,4 +1,27 @@ . + */ + /** * @var ThemeIcons $icons * @var ConfigData $configData @@ -84,7 +107,8 @@ use SP\Mvc\View\Template;

getIconHelp()->getIcon(); ?>
+ class="icon material-icons getIconHelp()->getClass( + ); ?>">getIconHelp()->getIcon(); ?>

@@ -119,7 +143,8 @@ use SP\Mvc\View\Template;

getIconHelp()->getIcon(); ?>
+ class="icon material-icons getIconHelp()->getClass( + ); ?>">getIconHelp()->getIcon(); ?>

diff --git a/composer.json b/composer.json index b7a011e96..945e1d428 100644 --- a/composer.json +++ b/composer.json @@ -65,7 +65,6 @@ }, "config": { "classmap-authoritative": false, - "platform-check": false, "platform": { "php": "7.4" } diff --git a/composer.lock b/composer.lock index e72b7114c..5f8af9407 100644 --- a/composer.lock +++ b/composer.lock @@ -833,16 +833,16 @@ }, { "name": "doctrine/reflection", - "version": "1.2.2", + "version": "1.2.3", "source": { "type": "git", "url": "https://github.com/doctrine/reflection.git", - "reference": "fa587178be682efe90d005e3a322590d6ebb59a5" + "reference": "1034e5e71f89978b80f9c1570e7226f6c3b9b6fb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/reflection/zipball/fa587178be682efe90d005e3a322590d6ebb59a5", - "reference": "fa587178be682efe90d005e3a322590d6ebb59a5", + "url": "https://api.github.com/repos/doctrine/reflection/zipball/1034e5e71f89978b80f9c1570e7226f6c3b9b6fb", + "reference": "1034e5e71f89978b80f9c1570e7226f6c3b9b6fb", "shasum": "" }, "require": { @@ -854,18 +854,13 @@ "doctrine/common": "<2.9" }, "require-dev": { - "doctrine/coding-standard": "^6.0 || ^8.2.0", - "doctrine/common": "^2.10", - "phpstan/phpstan": "^0.11.0 || ^0.12.20", - "phpstan/phpstan-phpunit": "^0.11.0 || ^0.12.16", - "phpunit/phpunit": "^7.5 || ^9.1.5" + "doctrine/coding-standard": "^9", + "doctrine/common": "^3.3", + "phpstan/phpstan": "^1.4.10", + "phpstan/phpstan-phpunit": "^1", + "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.2.x-dev" - } - }, "autoload": { "psr-4": { "Doctrine\\Common\\": "lib/Doctrine/Common" @@ -909,10 +904,10 @@ ], "support": { "issues": "https://github.com/doctrine/reflection/issues", - "source": "https://github.com/doctrine/reflection/tree/1.2.2" + "source": "https://github.com/doctrine/reflection/tree/1.2.3" }, "abandoned": "roave/better-reflection", - "time": "2020-10-27T21:46:55+00:00" + "time": "2022-05-31T18:46:25+00:00" }, { "name": "guzzlehttp/guzzle", @@ -1344,16 +1339,16 @@ }, { "name": "monolog/monolog", - "version": "1.27.0", + "version": "1.27.1", "source": { "type": "git", "url": "https://github.com/Seldaek/monolog.git", - "reference": "52ebd235c1f7e0d5e1b16464b695a28335f8e44a" + "reference": "904713c5929655dc9b97288b69cfeedad610c9a1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/monolog/zipball/52ebd235c1f7e0d5e1b16464b695a28335f8e44a", - "reference": "52ebd235c1f7e0d5e1b16464b695a28335f8e44a", + "url": "https://api.github.com/repos/Seldaek/monolog/zipball/904713c5929655dc9b97288b69cfeedad610c9a1", + "reference": "904713c5929655dc9b97288b69cfeedad610c9a1", "shasum": "" }, "require": { @@ -1414,7 +1409,7 @@ ], "support": { "issues": "https://github.com/Seldaek/monolog/issues", - "source": "https://github.com/Seldaek/monolog/tree/1.27.0" + "source": "https://github.com/Seldaek/monolog/tree/1.27.1" }, "funding": [ { @@ -1426,7 +1421,7 @@ "type": "tidelift" } ], - "time": "2022-03-13T20:29:46+00:00" + "time": "2022-06-09T08:53:42+00:00" }, { "name": "paragonie/random_compat", @@ -1653,16 +1648,16 @@ }, { "name": "phpmailer/phpmailer", - "version": "v6.6.0", + "version": "v6.6.2", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "e43bac82edc26ca04b36143a48bde1c051cfd5b1" + "reference": "b52ed06864fdda81b82ec8bf564cf15d45ed4f95" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/e43bac82edc26ca04b36143a48bde1c051cfd5b1", - "reference": "e43bac82edc26ca04b36143a48bde1c051cfd5b1", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/b52ed06864fdda81b82ec8bf564cf15d45ed4f95", + "reference": "b52ed06864fdda81b82ec8bf564cf15d45ed4f95", "shasum": "" }, "require": { @@ -1674,8 +1669,8 @@ "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0", "doctrine/annotations": "^1.2", - "php-parallel-lint/php-console-highlighter": "^0.5.0", - "php-parallel-lint/php-parallel-lint": "^1.3.1", + "php-parallel-lint/php-console-highlighter": "^1.0.0", + "php-parallel-lint/php-parallel-lint": "^1.3.2", "phpcompatibility/php-compatibility": "^9.3.5", "roave/security-advisories": "dev-latest", "squizlabs/php_codesniffer": "^3.6.2", @@ -1719,7 +1714,7 @@ "description": "PHPMailer is a full-featured email creation and transfer class for PHP", "support": { "issues": "https://github.com/PHPMailer/PHPMailer/issues", - "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.0" + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.6.2" }, "funding": [ { @@ -1727,7 +1722,7 @@ "type": "github" } ], - "time": "2022-02-28T15:31:21+00:00" + "time": "2022-06-14T09:27:21+00:00" }, { "name": "phpseclib/phpseclib", @@ -2148,6 +2143,7 @@ "type": "tidelift" } ], + "abandoned": "symfony/error-handler", "time": "2020-10-24T10:57:07+00:00" }, { @@ -3711,12 +3707,12 @@ "source": { "type": "git", "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "e44f8ca7996a2573a10b7f1f8baff9c9caf7db09" + "reference": "0a2664d739af6996ce1a24a35cb59ed2bbd27f4b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/e44f8ca7996a2573a10b7f1f8baff9c9caf7db09", - "reference": "e44f8ca7996a2573a10b7f1f8baff9c9caf7db09", + "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/0a2664d739af6996ce1a24a35cb59ed2bbd27f4b", + "reference": "0a2664d739af6996ce1a24a35cb59ed2bbd27f4b", "shasum": "" }, "conflict": { @@ -3750,6 +3746,8 @@ "bottelet/flarepoint": "<2.2.1", "brightlocal/phpwhois": "<=4.2.5", "brotkrueml/codehighlight": "<2.7", + "brotkrueml/schema": "<1.13.1|>=2,<2.5.1", + "brotkrueml/typo3-matomo-integration": "<1.3.2", "buddypress/buddypress": "<7.2.1", "bugsnag/bugsnag-laravel": ">=2,<2.0.2", "bytefury/crater": "<6.0.2", @@ -3792,7 +3790,7 @@ "doctrine/mongodb-odm": ">=1,<1.0.2", "doctrine/mongodb-odm-bundle": ">=2,<3.0.1", "doctrine/orm": ">=2,<2.4.8|>=2.5,<2.5.1|>=2.8.3,<2.8.4", - "dolibarr/dolibarr": "<16|>= 3.3.beta1, < 13.0.2", + "dolibarr/dolibarr": "<16|= 12.0.5|>= 3.3.beta1, < 13.0.2", "dompdf/dompdf": "<1.2.1", "drupal/core": ">=7,<7.88|>=8,<9.2.13|>=9.3,<9.3.6", "drupal/drupal": ">=7,<7.80|>=8,<8.9.16|>=9,<9.1.12|>=9.2,<9.2.4", @@ -3821,7 +3819,7 @@ "ezsystems/repository-forms": ">=2.3,<2.3.2.1", "ezyang/htmlpurifier": "<4.1.1", "facade/ignition": "<1.16.15|>=2,<2.4.2|>=2.5,<2.5.2", - "facturascripts/facturascripts": "<2022.8", + "facturascripts/facturascripts": "<=2022.8", "feehi/cms": "<=2.1.1", "feehi/feehicms": "<=0.1.3", "fenom/fenom": "<=2.12.1", @@ -3835,7 +3833,7 @@ "fooman/tcpdf": "<6.2.22", "forkcms/forkcms": "<5.11.1", "fossar/tcpdf-parser": "<6.2.22", - "francoisjacquet/rosariosis": "<8.1.1", + "francoisjacquet/rosariosis": "<9.1", "friendsofsymfony/oauth2-php": "<1.3", "friendsofsymfony/rest-bundle": ">=1.2,<1.2.2", "friendsofsymfony/user-bundle": ">=1.2,<1.3.5", @@ -3855,7 +3853,7 @@ "gree/jose": "<=2.2", "gregwar/rst": "<1.0.3", "grumpydictator/firefly-iii": "<5.6.5", - "guzzlehttp/guzzle": "<6.5.6|>=7,<7.4.3", + "guzzlehttp/guzzle": "<6.5.7|>=7,<7.4.4", "guzzlehttp/psr7": "<1.8.4|>=2,<2.1.1", "helloxz/imgurl": "= 2.31|<=2.31", "hillelcoren/invoice-ninja": "<5.3.35", @@ -3893,7 +3891,7 @@ "laminas/laminas-http": "<2.14.2", "laravel/fortify": "<1.11.1", "laravel/framework": "<6.20.42|>=7,<7.30.6|>=8,<8.75", - "laravel/laravel": "<=5.8.38", + "laravel/laravel": "<=9.1.8", "laravel/socialite": ">=1,<1.0.99|>=2,<2.0.10", "latte/latte": "<2.10.8", "lavalite/cms": "<=5.8", @@ -3935,6 +3933,7 @@ "nette/application": ">=2,<2.0.19|>=2.1,<2.1.13|>=2.2,<2.2.10|>=2.3,<2.3.14|>=2.4,<2.4.16|>=3,<3.0.6", "nette/nette": ">=2,<2.0.19|>=2.1,<2.1.13", "nilsteampassnet/teampass": "<=2.1.27.36", + "noumo/easyii": "<=0.9", "nukeviet/nukeviet": "<4.3.4", "nystudio107/craft-seomatic": "<3.4.12", "nzo/url-encryptor-bundle": ">=4,<4.3.2|>=5,<5.0.1", @@ -3977,7 +3976,7 @@ "pimcore/data-hub": "<1.2.4", "pimcore/pimcore": "<10.4", "pocketmine/bedrock-protocol": "<8.0.2", - "pocketmine/pocketmine-mp": "<4.2.10", + "pocketmine/pocketmine-mp": ">= 4.0.0-BETA5, < 4.4.2|<4.2.10", "pressbooks/pressbooks": "<5.18", "prestashop/autoupgrade": ">=4,<4.10.1", "prestashop/contactform": ">1.0.1,<4.3", @@ -4022,6 +4021,7 @@ "silverstripe/graphql": "<3.5.2|>=4-alpha.1,<4-alpha.2|= 4.0.0-alpha1", "silverstripe/registry": ">=2.1,<2.1.2|>=2.2,<2.2.1", "silverstripe/restfulserver": ">=1,<1.0.9|>=2,<2.0.4", + "silverstripe/silverstripe-omnipay": "<2.5.2|>=3,<3.0.2|>=3.1,<3.1.4|>=3.2,<3.2.1", "silverstripe/subsites": ">=2,<2.1.1", "silverstripe/taxonomy": ">=1.3,<1.3.1|>=2,<2.0.1", "silverstripe/userforms": "<3", @@ -4099,9 +4099,9 @@ "tribalsystems/zenario": "<9.2.55826", "truckersmp/phpwhois": "<=4.3.1", "twig/twig": "<1.38|>=2,<2.14.11|>=3,<3.3.8", - "typo3/cms": ">=6.2,<6.2.30|>=7,<7.6.32|>=8,<8.7.38|>=9,<9.5.29|>=10,<10.4.19|>=11,<11.5", + "typo3/cms": ">=6.2,<6.2.30|>=7,<7.6.32|>=8,<8.7.38|>=9,<9.5.29|>=10,<10.4.29|>=11,<11.5.11", "typo3/cms-backend": ">=7,<=7.6.50|>=8,<=8.7.39|>=9,<=9.5.24|>=10,<=10.4.13|>=11,<=11.1", - "typo3/cms-core": ">=6.2,<=6.2.56|>=7,<=7.6.52|>=8,<=8.7.41|>=9,<9.5.29|>=10,<10.4.19|>=11,<11.5", + "typo3/cms-core": ">=6.2,<=6.2.56|>=7,<7.6.57|>=8,<8.7.47|>=9,<9.5.35|>=10,<10.4.29|>=11,<11.5.11", "typo3/cms-form": ">=8,<=8.7.39|>=9,<=9.5.24|>=10,<=10.4.13|>=11,<=11.1", "typo3/flow": ">=1,<1.0.4|>=1.1,<1.1.1|>=2,<2.0.1|>=2.3,<2.3.16|>=3,<3.0.12|>=3.1,<3.1.10|>=3.2,<3.2.13|>=3.3,<3.3.13|>=4,<4.0.6", "typo3/neos": ">=1.1,<1.1.3|>=1.2,<1.2.13|>=2,<2.0.4|>=2.3,<2.3.99|>=3,<3.0.20|>=3.1,<3.1.18|>=3.2,<3.2.14|>=3.3,<3.3.23|>=4,<4.0.17|>=4.1,<4.1.16|>=4.2,<4.2.12|>=4.3,<4.3.3", @@ -4200,7 +4200,7 @@ "type": "tidelift" } ], - "time": "2022-06-03T23:04:18+00:00" + "time": "2022-06-17T21:04:24+00:00" }, { "name": "sebastian/code-unit-reverse-lookup", @@ -5042,16 +5042,16 @@ }, { "name": "symfony/dom-crawler", - "version": "v5.4.6", + "version": "v5.4.9", "source": { "type": "git", "url": "https://github.com/symfony/dom-crawler.git", - "reference": "c0bda97480d96337bd3866026159a8b358665457" + "reference": "a213cbc80382320b0efdccdcdce232f191fafe3a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/c0bda97480d96337bd3866026159a8b358665457", - "reference": "c0bda97480d96337bd3866026159a8b358665457", + "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/a213cbc80382320b0efdccdcdce232f191fafe3a", + "reference": "a213cbc80382320b0efdccdcdce232f191fafe3a", "shasum": "" }, "require": { @@ -5097,7 +5097,7 @@ "description": "Eases DOM navigation for HTML and XML documents", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/dom-crawler/tree/v5.4.6" + "source": "https://github.com/symfony/dom-crawler/tree/v5.4.9" }, "funding": [ { @@ -5113,20 +5113,20 @@ "type": "tidelift" } ], - "time": "2022-03-02T12:42:23+00:00" + "time": "2022-05-04T14:46:32+00:00" }, { "name": "symfony/polyfill-ctype", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "30885182c981ab175d4d034db0f6f469898070ab" + "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab", - "reference": "30885182c981ab175d4d034db0f6f469898070ab", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4", + "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4", "shasum": "" }, "require": { @@ -5141,7 +5141,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -5179,7 +5179,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0" }, "funding": [ { @@ -5195,7 +5195,7 @@ "type": "tidelift" } ], - "time": "2021-10-20T20:35:02+00:00" + "time": "2022-05-24T11:49:31+00:00" }, { "name": "symfony/polyfill-mbstring", @@ -5282,16 +5282,16 @@ }, { "name": "symfony/polyfill-php80", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "4407588e0d3f1f52efb65fbe92babe41f37fe50c" + "reference": "cfa0ae98841b9e461207c13ab093d76b0fa7bace" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/4407588e0d3f1f52efb65fbe92babe41f37fe50c", - "reference": "4407588e0d3f1f52efb65fbe92babe41f37fe50c", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/cfa0ae98841b9e461207c13ab093d76b0fa7bace", + "reference": "cfa0ae98841b9e461207c13ab093d76b0fa7bace", "shasum": "" }, "require": { @@ -5300,7 +5300,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -5345,7 +5345,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.26.0" }, "funding": [ { @@ -5361,7 +5361,7 @@ "type": "tidelift" } ], - "time": "2022-03-04T08:16:47+00:00" + "time": "2022-05-10T07:21:04+00:00" }, { "name": "symfony/yaml", @@ -5525,21 +5525,21 @@ }, { "name": "webmozart/assert", - "version": "1.10.0", + "version": "1.11.0", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "6964c76c7804814a842473e0c8fd15bab0f18e25" + "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/6964c76c7804814a842473e0c8fd15bab0f18e25", - "reference": "6964c76c7804814a842473e0c8fd15bab0f18e25", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991", + "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991", "shasum": "" }, "require": { - "php": "^7.2 || ^8.0", - "symfony/polyfill-ctype": "^1.8" + "ext-ctype": "*", + "php": "^7.2 || ^8.0" }, "conflict": { "phpstan/phpstan": "<0.12.20", @@ -5577,9 +5577,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/1.10.0" + "source": "https://github.com/webmozarts/assert/tree/1.11.0" }, - "time": "2021-03-09T10:59:23+00:00" + "time": "2022-06-03T18:03:27+00:00" } ], "aliases": [], diff --git a/lib/SP/Html/Html.php b/lib/SP/Html/Html.php index 6684bf80f..eeb4072e5 100644 --- a/lib/SP/Html/Html.php +++ b/lib/SP/Html/Html.php @@ -184,11 +184,19 @@ public static function stripTags(string $text): string */ public static function getSafeUrl(string $url): string { - if (preg_match('#^((?:https?|ftp|ssh|rdp)://[\w._-]+/)(.*)#', $url, $urlParts) - && count($urlParts) === 3) { - return $urlParts[1].urlencode($urlParts[2]); + $match = preg_match('#^(([a-z]+)://[\w._-]+)(?:/(.*))?#i', $url, $urlParts); + + if ($match !== 1) { + return htmlspecialchars($url, ENT_QUOTES); } - return urlencode($url); + switch (count($urlParts)) { + case 3: + return htmlspecialchars($urlParts[1], ENT_QUOTES).'/'.urlencode($urlParts[2]); + case 2: + return htmlspecialchars($urlParts[1], ENT_QUOTES); + default: + return htmlspecialchars($url, ENT_QUOTES); + } } } diff --git a/lib/SP/Services/Install/Installer.php b/lib/SP/Services/Install/Installer.php index bf3ab4e2d..b9b8d70d1 100644 --- a/lib/SP/Services/Install/Installer.php +++ b/lib/SP/Services/Install/Installer.php @@ -60,9 +60,9 @@ final class Installer extends Service /** * sysPass' version and build number */ - const VERSION = [3, 2, 6]; + const VERSION = [3, 2, 7]; const VERSION_TEXT = '3.2'; - const BUILD = 22061601; + const BUILD = 22061801; /** * @var DatabaseSetupInterface