From f2ecbd9de26371765a94dd9ad2b865eacdbafb4f Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Mon, 8 Mar 2021 17:12:52 +0100
Subject: [PATCH] Mise a jour de SVG Sanitizer, on ajoute la version dans les
credits fix https://core.spip.net/issues/4682
---
lib/svg-sanitizer/LICENSE | 0
lib/svg-sanitizer/README.md | 16 +-
lib/svg-sanitizer/composer.json | 12 +-
lib/svg-sanitizer/composer.lock | 2259 -----------------
lib/svg-sanitizer/phpunit.xml.dist | 23 -
.../src/ElementReference/Resolver.php | 169 ++
.../src/ElementReference/Subject.php | 153 ++
.../src/ElementReference/Usage.php | 49 +
.../src/Exceptions/NestingException.php | 39 +
lib/svg-sanitizer/src/Helper.php | 53 +
lib/svg-sanitizer/src/Sanitizer.php | 266 +-
.../src/data/AllowedAttributes.php | 8 +-
lib/svg-sanitizer/src/data/AllowedTags.php | 15 +-
.../src/data/AttributeInterface.php | 2 -
lib/svg-sanitizer/src/data/TagInterface.php | 3 -
lib/svg-sanitizer/src/data/XPath.php | 64 +
lib/svg-sanitizer/src/svg-scanner.php | 0
paquet.xml | 3 +-
18 files changed, 763 insertions(+), 2371 deletions(-)
mode change 100644 => 100755 lib/svg-sanitizer/LICENSE
mode change 100644 => 100755 lib/svg-sanitizer/README.md
mode change 100644 => 100755 lib/svg-sanitizer/composer.json
delete mode 100644 lib/svg-sanitizer/composer.lock
delete mode 100644 lib/svg-sanitizer/phpunit.xml.dist
create mode 100755 lib/svg-sanitizer/src/ElementReference/Resolver.php
create mode 100755 lib/svg-sanitizer/src/ElementReference/Subject.php
create mode 100755 lib/svg-sanitizer/src/ElementReference/Usage.php
create mode 100755 lib/svg-sanitizer/src/Exceptions/NestingException.php
create mode 100755 lib/svg-sanitizer/src/Helper.php
mode change 100644 => 100755 lib/svg-sanitizer/src/Sanitizer.php
mode change 100644 => 100755 lib/svg-sanitizer/src/data/AllowedAttributes.php
mode change 100644 => 100755 lib/svg-sanitizer/src/data/AllowedTags.php
mode change 100644 => 100755 lib/svg-sanitizer/src/data/AttributeInterface.php
mode change 100644 => 100755 lib/svg-sanitizer/src/data/TagInterface.php
create mode 100755 lib/svg-sanitizer/src/data/XPath.php
mode change 100644 => 100755 lib/svg-sanitizer/src/svg-scanner.php
diff --git a/lib/svg-sanitizer/LICENSE b/lib/svg-sanitizer/LICENSE
old mode 100644
new mode 100755
diff --git a/lib/svg-sanitizer/README.md b/lib/svg-sanitizer/README.md
old mode 100644
new mode 100755
index aef40e60..c91a5cbf
--- a/lib/svg-sanitizer/README.md
+++ b/lib/svg-sanitizer/README.md
@@ -42,15 +42,15 @@ These methods require that you implement the `enshrined\svgSanitize\data\TagInte
## Remove remote references
-You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitiser.
+You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitizer.
This defaults to false, set to true to remove references.
`$sanitizer->removeRemoteReferences(true);`
-## Viewing Sanitisation Issues
+## Viewing Sanitization Issues
-You may use the `getXmlIssues()` method to return an array of issues that occurred during sanitisation.
+You may use the `getXmlIssues()` method to return an array of issues that occurred during sanitization.
This may be useful for logging or providing feedback to the user on why an SVG was refused.
@@ -58,7 +58,7 @@ This may be useful for logging or providing feedback to the user on why an SVG w
## Minification
-You can minify the XML output by calling `$sanitiser->minify(true);`.
+You can minify the XML output by calling `$sanitizer->minify(true);`.
## Demo
There is a demo available at: [http://svg.enshrined.co.uk/](http://svg.enshrined.co.uk/)
@@ -71,9 +71,13 @@ I've just released a WordPress plugin containing this code so you can sanitize y
[Michael Potter](https://github.com/heyMP) has kindly created a Drupal module for this library which is available at: [https://www.drupal.org/project/svg_sanitizer](https://www.drupal.org/project/svg_sanitizer)
+## TYPO3
+
+An integration for TYPO3 CMS of this library is available as composer package `t3g/svg-sanitizer` at [https://github.com/TYPO3GmbH/svg_sanitizer](https://github.com/TYPO3GmbH/svg_sanitizer)
+
## Tests
-You can run these by running `phpunit`
+You can run these by running `vendor/bin/phpunit` from the base directory of this package.
## Standalone scanning of files via CLI
@@ -85,4 +89,4 @@ Use it as follows: `php svg-scanner.php ~/svgs/myfile.svg`
## To-Do
-More extensive testing for the SVGs/XML would be lovely, I'll try and add these soon. If you feel like doing it for me, please do and make a PR!
\ No newline at end of file
+More extensive testing for the SVGs/XML would be lovely, I'll try and add these soon. If you feel like doing it for me, please do and make a PR!
diff --git a/lib/svg-sanitizer/composer.json b/lib/svg-sanitizer/composer.json
old mode 100644
new mode 100755
index 910cd736..ed475560
--- a/lib/svg-sanitizer/composer.json
+++ b/lib/svg-sanitizer/composer.json
@@ -1,7 +1,7 @@
{
"name": "enshrined/svg-sanitize",
"description": "An SVG sanitizer for PHP",
- "license": "GPL-2.0+",
+ "license": "GPL-2.0-or-later",
"authors": [
{
"name": "Daryll Doyle",
@@ -13,8 +13,16 @@
"enshrined\\svgSanitize\\": "src"
}
},
+ "autoload-dev": {
+ "psr-4": {
+ "enshrined\\svgSanitize\\Tests\\": "tests"
+ }
+ },
"minimum-stability": "stable",
- "require": {},
+ "require": {
+ "ext-dom": "*",
+ "ext-libxml": "*"
+ },
"require-dev": {
"phpunit/phpunit": "^6",
"codeclimate/php-test-reporter": "^0.1.2"
diff --git a/lib/svg-sanitizer/composer.lock b/lib/svg-sanitizer/composer.lock
deleted file mode 100644
index 02a0382a..00000000
--- a/lib/svg-sanitizer/composer.lock
+++ /dev/null
@@ -1,2259 +0,0 @@
-{
- "_readme": [
- "This file locks the dependencies of your project to a known state",
- "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
- "This file is @generated automatically"
- ],
- "content-hash": "cf1f0e14b588378abe1857f6f62083e9",
- "packages": [],
- "packages-dev": [
- {
- "name": "codeclimate/php-test-reporter",
- "version": "v0.1.2",
- "source": {
- "type": "git",
- "url": "https://github.com/codeclimate/php-test-reporter.git",
- "reference": "8ed24ff30f3663ecf40f1c12d6c97eb56c69e646"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/codeclimate/php-test-reporter/zipball/8ed24ff30f3663ecf40f1c12d6c97eb56c69e646",
- "reference": "8ed24ff30f3663ecf40f1c12d6c97eb56c69e646",
- "shasum": ""
- },
- "require": {
- "ext-curl": "*",
- "php": ">=5.3",
- "satooshi/php-coveralls": "0.6.*",
- "symfony/console": ">=2.0"
- },
- "require-dev": {
- "phpunit/phpunit": "3.7.*@stable"
- },
- "bin": [
- "composer/bin/test-reporter"
- ],
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "0.1.x-dev"
- }
- },
- "autoload": {
- "psr-0": {
- "CodeClimate\\Component": "src/",
- "CodeClimate\\Bundle": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Code Climate",
- "email": "hello@codeclimate.com",
- "homepage": "https://codeclimate.com"
- }
- ],
- "description": "PHP client for reporting test coverage to Code Climate",
- "homepage": "https://github.com/codeclimate/php-test-reporter",
- "keywords": [
- "codeclimate",
- "coverage"
- ],
- "time": "2014-07-23T13:42:41+00:00"
- },
- {
- "name": "doctrine/instantiator",
- "version": "1.0.5",
- "source": {
- "type": "git",
- "url": "https://github.com/doctrine/instantiator.git",
- "reference": "8e884e78f9f0eb1329e445619e04456e64d8051d"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/doctrine/instantiator/zipball/8e884e78f9f0eb1329e445619e04456e64d8051d",
- "reference": "8e884e78f9f0eb1329e445619e04456e64d8051d",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3,<8.0-DEV"
- },
- "require-dev": {
- "athletic/athletic": "~0.1.8",
- "ext-pdo": "*",
- "ext-phar": "*",
- "phpunit/phpunit": "~4.0",
- "squizlabs/php_codesniffer": "~2.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Doctrine\\Instantiator\\": "src/Doctrine/Instantiator/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Marco Pivetta",
- "email": "ocramius@gmail.com",
- "homepage": "http://ocramius.github.com/"
- }
- ],
- "description": "A small, lightweight utility to instantiate objects in PHP without invoking their constructors",
- "homepage": "https://github.com/doctrine/instantiator",
- "keywords": [
- "constructor",
- "instantiate"
- ],
- "time": "2015-06-14T21:17:01+00:00"
- },
- {
- "name": "guzzle/guzzle",
- "version": "v3.9.3",
- "source": {
- "type": "git",
- "url": "https://github.com/guzzle/guzzle3.git",
- "reference": "0645b70d953bc1c067bbc8d5bc53194706b628d9"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/guzzle/guzzle3/zipball/0645b70d953bc1c067bbc8d5bc53194706b628d9",
- "reference": "0645b70d953bc1c067bbc8d5bc53194706b628d9",
- "shasum": ""
- },
- "require": {
- "ext-curl": "*",
- "php": ">=5.3.3",
- "symfony/event-dispatcher": "~2.1"
- },
- "replace": {
- "guzzle/batch": "self.version",
- "guzzle/cache": "self.version",
- "guzzle/common": "self.version",
- "guzzle/http": "self.version",
- "guzzle/inflection": "self.version",
- "guzzle/iterator": "self.version",
- "guzzle/log": "self.version",
- "guzzle/parser": "self.version",
- "guzzle/plugin": "self.version",
- "guzzle/plugin-async": "self.version",
- "guzzle/plugin-backoff": "self.version",
- "guzzle/plugin-cache": "self.version",
- "guzzle/plugin-cookie": "self.version",
- "guzzle/plugin-curlauth": "self.version",
- "guzzle/plugin-error-response": "self.version",
- "guzzle/plugin-history": "self.version",
- "guzzle/plugin-log": "self.version",
- "guzzle/plugin-md5": "self.version",
- "guzzle/plugin-mock": "self.version",
- "guzzle/plugin-oauth": "self.version",
- "guzzle/service": "self.version",
- "guzzle/stream": "self.version"
- },
- "require-dev": {
- "doctrine/cache": "~1.3",
- "monolog/monolog": "~1.0",
- "phpunit/phpunit": "3.7.*",
- "psr/log": "~1.0",
- "symfony/class-loader": "~2.1",
- "zendframework/zend-cache": "2.*,<2.3",
- "zendframework/zend-log": "2.*,<2.3"
- },
- "suggest": {
- "guzzlehttp/guzzle": "Guzzle 5 has moved to a new package name. The package you have installed, Guzzle 3, is deprecated."
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.9-dev"
- }
- },
- "autoload": {
- "psr-0": {
- "Guzzle": "src/",
- "Guzzle\\Tests": "tests/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Michael Dowling",
- "email": "mtdowling@gmail.com",
- "homepage": "https://github.com/mtdowling"
- },
- {
- "name": "Guzzle Community",
- "homepage": "https://github.com/guzzle/guzzle/contributors"
- }
- ],
- "description": "PHP HTTP client. This library is deprecated in favor of https://packagist.org/packages/guzzlehttp/guzzle",
- "homepage": "http://guzzlephp.org/",
- "keywords": [
- "client",
- "curl",
- "framework",
- "http",
- "http client",
- "rest",
- "web service"
- ],
- "abandoned": "guzzlehttp/guzzle",
- "time": "2015-03-18T18:23:50+00:00"
- },
- {
- "name": "myclabs/deep-copy",
- "version": "1.7.0",
- "source": {
- "type": "git",
- "url": "https://github.com/myclabs/DeepCopy.git",
- "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
- "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
- "shasum": ""
- },
- "require": {
- "php": "^5.6 || ^7.0"
- },
- "require-dev": {
- "doctrine/collections": "^1.0",
- "doctrine/common": "^2.6",
- "phpunit/phpunit": "^4.1"
- },
- "type": "library",
- "autoload": {
- "psr-4": {
- "DeepCopy\\": "src/DeepCopy/"
- },
- "files": [
- "src/DeepCopy/deep_copy.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "description": "Create deep copies (clones) of your objects",
- "keywords": [
- "clone",
- "copy",
- "duplicate",
- "object",
- "object graph"
- ],
- "time": "2017-10-19T19:58:43+00:00"
- },
- {
- "name": "phar-io/manifest",
- "version": "1.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/phar-io/manifest.git",
- "reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phar-io/manifest/zipball/2df402786ab5368a0169091f61a7c1e0eb6852d0",
- "reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0",
- "shasum": ""
- },
- "require": {
- "ext-dom": "*",
- "ext-phar": "*",
- "phar-io/version": "^1.0.1",
- "php": "^5.6 || ^7.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Arne Blankerts",
- "email": "arne@blankerts.de",
- "role": "Developer"
- },
- {
- "name": "Sebastian Heuer",
- "email": "sebastian@phpeople.de",
- "role": "Developer"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "Developer"
- }
- ],
- "description": "Component for reading phar.io manifest information from a PHP Archive (PHAR)",
- "time": "2017-03-05T18:14:27+00:00"
- },
- {
- "name": "phar-io/version",
- "version": "1.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/phar-io/version.git",
- "reference": "a70c0ced4be299a63d32fa96d9281d03e94041df"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phar-io/version/zipball/a70c0ced4be299a63d32fa96d9281d03e94041df",
- "reference": "a70c0ced4be299a63d32fa96d9281d03e94041df",
- "shasum": ""
- },
- "require": {
- "php": "^5.6 || ^7.0"
- },
- "type": "library",
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Arne Blankerts",
- "email": "arne@blankerts.de",
- "role": "Developer"
- },
- {
- "name": "Sebastian Heuer",
- "email": "sebastian@phpeople.de",
- "role": "Developer"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "Developer"
- }
- ],
- "description": "Library for handling version information and constraints",
- "time": "2017-03-05T17:38:23+00:00"
- },
- {
- "name": "phpdocumentor/reflection-common",
- "version": "1.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/phpDocumentor/ReflectionCommon.git",
- "reference": "21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6",
- "reference": "21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6",
- "shasum": ""
- },
- "require": {
- "php": ">=5.5"
- },
- "require-dev": {
- "phpunit/phpunit": "^4.6"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "phpDocumentor\\Reflection\\": [
- "src"
- ]
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Jaap van Otterdijk",
- "email": "opensource@ijaap.nl"
- }
- ],
- "description": "Common reflection classes used by phpdocumentor to reflect the code structure",
- "homepage": "http://www.phpdoc.org",
- "keywords": [
- "FQSEN",
- "phpDocumentor",
- "phpdoc",
- "reflection",
- "static analysis"
- ],
- "time": "2017-09-11T18:02:19+00:00"
- },
- {
- "name": "phpdocumentor/reflection-docblock",
- "version": "4.3.0",
- "source": {
- "type": "git",
- "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
- "reference": "94fd0001232e47129dd3504189fa1c7225010d08"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94fd0001232e47129dd3504189fa1c7225010d08",
- "reference": "94fd0001232e47129dd3504189fa1c7225010d08",
- "shasum": ""
- },
- "require": {
- "php": "^7.0",
- "phpdocumentor/reflection-common": "^1.0.0",
- "phpdocumentor/type-resolver": "^0.4.0",
- "webmozart/assert": "^1.0"
- },
- "require-dev": {
- "doctrine/instantiator": "~1.0.5",
- "mockery/mockery": "^1.0",
- "phpunit/phpunit": "^6.4"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "4.x-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "phpDocumentor\\Reflection\\": [
- "src/"
- ]
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Mike van Riel",
- "email": "me@mikevanriel.com"
- }
- ],
- "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
- "time": "2017-11-30T07:14:17+00:00"
- },
- {
- "name": "phpdocumentor/type-resolver",
- "version": "0.4.0",
- "source": {
- "type": "git",
- "url": "https://github.com/phpDocumentor/TypeResolver.git",
- "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/9c977708995954784726e25d0cd1dddf4e65b0f7",
- "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7",
- "shasum": ""
- },
- "require": {
- "php": "^5.5 || ^7.0",
- "phpdocumentor/reflection-common": "^1.0"
- },
- "require-dev": {
- "mockery/mockery": "^0.9.4",
- "phpunit/phpunit": "^5.2||^4.8.24"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "phpDocumentor\\Reflection\\": [
- "src/"
- ]
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Mike van Riel",
- "email": "me@mikevanriel.com"
- }
- ],
- "time": "2017-07-14T14:27:02+00:00"
- },
- {
- "name": "phpspec/prophecy",
- "version": "1.8.0",
- "source": {
- "type": "git",
- "url": "https://github.com/phpspec/prophecy.git",
- "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phpspec/prophecy/zipball/4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
- "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
- "shasum": ""
- },
- "require": {
- "doctrine/instantiator": "^1.0.2",
- "php": "^5.3|^7.0",
- "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0",
- "sebastian/comparator": "^1.1|^2.0|^3.0",
- "sebastian/recursion-context": "^1.0|^2.0|^3.0"
- },
- "require-dev": {
- "phpspec/phpspec": "^2.5|^3.2",
- "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.8.x-dev"
- }
- },
- "autoload": {
- "psr-0": {
- "Prophecy\\": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Konstantin Kudryashov",
- "email": "ever.zet@gmail.com",
- "homepage": "http://everzet.com"
- },
- {
- "name": "Marcello Duarte",
- "email": "marcello.duarte@gmail.com"
- }
- ],
- "description": "Highly opinionated mocking framework for PHP 5.3+",
- "homepage": "https://github.com/phpspec/prophecy",
- "keywords": [
- "Double",
- "Dummy",
- "fake",
- "mock",
- "spy",
- "stub"
- ],
- "time": "2018-08-05T17:53:17+00:00"
- },
- {
- "name": "phpunit/php-code-coverage",
- "version": "5.3.2",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
- "reference": "c89677919c5dd6d3b3852f230a663118762218ac"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/c89677919c5dd6d3b3852f230a663118762218ac",
- "reference": "c89677919c5dd6d3b3852f230a663118762218ac",
- "shasum": ""
- },
- "require": {
- "ext-dom": "*",
- "ext-xmlwriter": "*",
- "php": "^7.0",
- "phpunit/php-file-iterator": "^1.4.2",
- "phpunit/php-text-template": "^1.2.1",
- "phpunit/php-token-stream": "^2.0.1",
- "sebastian/code-unit-reverse-lookup": "^1.0.1",
- "sebastian/environment": "^3.0",
- "sebastian/version": "^2.0.1",
- "theseer/tokenizer": "^1.1"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.0"
- },
- "suggest": {
- "ext-xdebug": "^2.5.5"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "5.3.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "lead"
- }
- ],
- "description": "Library that provides collection, processing, and rendering functionality for PHP code coverage information.",
- "homepage": "https://github.com/sebastianbergmann/php-code-coverage",
- "keywords": [
- "coverage",
- "testing",
- "xunit"
- ],
- "time": "2018-04-06T15:36:58+00:00"
- },
- {
- "name": "phpunit/php-file-iterator",
- "version": "1.4.5",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
- "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4",
- "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.4.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sb@sebastian-bergmann.de",
- "role": "lead"
- }
- ],
- "description": "FilterIterator implementation that filters files based on a list of suffixes.",
- "homepage": "https://github.com/sebastianbergmann/php-file-iterator/",
- "keywords": [
- "filesystem",
- "iterator"
- ],
- "time": "2017-11-27T13:52:08+00:00"
- },
- {
- "name": "phpunit/php-text-template",
- "version": "1.2.1",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/php-text-template.git",
- "reference": "31f8b717e51d9a2afca6c9f046f5d69fc27c8686"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/31f8b717e51d9a2afca6c9f046f5d69fc27c8686",
- "reference": "31f8b717e51d9a2afca6c9f046f5d69fc27c8686",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "type": "library",
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "lead"
- }
- ],
- "description": "Simple template engine.",
- "homepage": "https://github.com/sebastianbergmann/php-text-template/",
- "keywords": [
- "template"
- ],
- "time": "2015-06-21T13:50:34+00:00"
- },
- {
- "name": "phpunit/php-timer",
- "version": "1.0.9",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/php-timer.git",
- "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
- "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
- "shasum": ""
- },
- "require": {
- "php": "^5.3.3 || ^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sb@sebastian-bergmann.de",
- "role": "lead"
- }
- ],
- "description": "Utility class for timing",
- "homepage": "https://github.com/sebastianbergmann/php-timer/",
- "keywords": [
- "timer"
- ],
- "time": "2017-02-26T11:10:40+00:00"
- },
- {
- "name": "phpunit/php-token-stream",
- "version": "2.0.2",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/php-token-stream.git",
- "reference": "791198a2c6254db10131eecfe8c06670700904db"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/791198a2c6254db10131eecfe8c06670700904db",
- "reference": "791198a2c6254db10131eecfe8c06670700904db",
- "shasum": ""
- },
- "require": {
- "ext-tokenizer": "*",
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.2.4"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.0-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Wrapper around PHP's tokenizer extension.",
- "homepage": "https://github.com/sebastianbergmann/php-token-stream/",
- "keywords": [
- "tokenizer"
- ],
- "time": "2017-11-27T05:48:46+00:00"
- },
- {
- "name": "phpunit/phpunit",
- "version": "6.5.13",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/phpunit.git",
- "reference": "0973426fb012359b2f18d3bd1e90ef1172839693"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/0973426fb012359b2f18d3bd1e90ef1172839693",
- "reference": "0973426fb012359b2f18d3bd1e90ef1172839693",
- "shasum": ""
- },
- "require": {
- "ext-dom": "*",
- "ext-json": "*",
- "ext-libxml": "*",
- "ext-mbstring": "*",
- "ext-xml": "*",
- "myclabs/deep-copy": "^1.6.1",
- "phar-io/manifest": "^1.0.1",
- "phar-io/version": "^1.0",
- "php": "^7.0",
- "phpspec/prophecy": "^1.7",
- "phpunit/php-code-coverage": "^5.3",
- "phpunit/php-file-iterator": "^1.4.3",
- "phpunit/php-text-template": "^1.2.1",
- "phpunit/php-timer": "^1.0.9",
- "phpunit/phpunit-mock-objects": "^5.0.9",
- "sebastian/comparator": "^2.1",
- "sebastian/diff": "^2.0",
- "sebastian/environment": "^3.1",
- "sebastian/exporter": "^3.1",
- "sebastian/global-state": "^2.0",
- "sebastian/object-enumerator": "^3.0.3",
- "sebastian/resource-operations": "^1.0",
- "sebastian/version": "^2.0.1"
- },
- "conflict": {
- "phpdocumentor/reflection-docblock": "3.0.2",
- "phpunit/dbunit": "<3.0"
- },
- "require-dev": {
- "ext-pdo": "*"
- },
- "suggest": {
- "ext-xdebug": "*",
- "phpunit/php-invoker": "^1.1"
- },
- "bin": [
- "phpunit"
- ],
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "6.5.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "lead"
- }
- ],
- "description": "The PHP Unit Testing framework.",
- "homepage": "https://phpunit.de/",
- "keywords": [
- "phpunit",
- "testing",
- "xunit"
- ],
- "time": "2018-09-08T15:10:43+00:00"
- },
- {
- "name": "phpunit/phpunit-mock-objects",
- "version": "5.0.10",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git",
- "reference": "cd1cf05c553ecfec36b170070573e540b67d3f1f"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/cd1cf05c553ecfec36b170070573e540b67d3f1f",
- "reference": "cd1cf05c553ecfec36b170070573e540b67d3f1f",
- "shasum": ""
- },
- "require": {
- "doctrine/instantiator": "^1.0.5",
- "php": "^7.0",
- "phpunit/php-text-template": "^1.2.1",
- "sebastian/exporter": "^3.1"
- },
- "conflict": {
- "phpunit/phpunit": "<6.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.5.11"
- },
- "suggest": {
- "ext-soap": "*"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "5.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "lead"
- }
- ],
- "description": "Mock Object library for PHPUnit",
- "homepage": "https://github.com/sebastianbergmann/phpunit-mock-objects/",
- "keywords": [
- "mock",
- "xunit"
- ],
- "time": "2018-08-09T05:50:03+00:00"
- },
- {
- "name": "psr/log",
- "version": "1.0.0",
- "source": {
- "type": "git",
- "url": "https://github.com/php-fig/log.git",
- "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
- "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
- "shasum": ""
- },
- "type": "library",
- "autoload": {
- "psr-0": {
- "Psr\\Log\\": ""
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "PHP-FIG",
- "homepage": "http://www.php-fig.org/"
- }
- ],
- "description": "Common interface for logging libraries",
- "keywords": [
- "log",
- "psr",
- "psr-3"
- ],
- "time": "2012-12-21T11:40:51+00:00"
- },
- {
- "name": "satooshi/php-coveralls",
- "version": "v0.6.1",
- "source": {
- "type": "git",
- "url": "https://github.com/satooshi/php-coveralls.git",
- "reference": "dd0df95bd37a7cf5c5c50304dfe260ffe4b50760"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/satooshi/php-coveralls/zipball/dd0df95bd37a7cf5c5c50304dfe260ffe4b50760",
- "reference": "dd0df95bd37a7cf5c5c50304dfe260ffe4b50760",
- "shasum": ""
- },
- "require": {
- "ext-curl": "*",
- "ext-json": "*",
- "ext-simplexml": "*",
- "guzzle/guzzle": ">=3.0",
- "php": ">=5.3",
- "psr/log": "1.0.0",
- "symfony/config": ">=2.0",
- "symfony/console": ">=2.0",
- "symfony/stopwatch": ">=2.2",
- "symfony/yaml": ">=2.0"
- },
- "require-dev": {
- "apigen/apigen": "2.8.*@stable",
- "pdepend/pdepend": "dev-master",
- "phpmd/phpmd": "dev-master",
- "phpunit/php-invoker": ">=1.1.0,<1.2.0",
- "phpunit/phpunit": "3.7.*@stable",
- "sebastian/finder-facade": "dev-master",
- "sebastian/phpcpd": "1.4.*@stable",
- "squizlabs/php_codesniffer": "1.4.*@stable",
- "theseer/fdomdocument": "dev-master"
- },
- "bin": [
- "composer/bin/coveralls"
- ],
- "type": "library",
- "autoload": {
- "psr-0": {
- "Contrib\\Component": "src/",
- "Contrib\\Bundle": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Kitamura Satoshi",
- "email": "with.no.parachute@gmail.com",
- "homepage": "https://www.facebook.com/satooshi.jp"
- }
- ],
- "description": "PHP client library for Coveralls API",
- "homepage": "https://github.com/satooshi/php-coveralls",
- "keywords": [
- "ci",
- "coverage",
- "github",
- "test"
- ],
- "abandoned": "php-coveralls/php-coveralls",
- "time": "2013-05-04T08:07:33+00:00"
- },
- {
- "name": "sebastian/code-unit-reverse-lookup",
- "version": "1.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/code-unit-reverse-lookup.git",
- "reference": "4419fcdb5eabb9caa61a27c7a1db532a6b55dd18"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/4419fcdb5eabb9caa61a27c7a1db532a6b55dd18",
- "reference": "4419fcdb5eabb9caa61a27c7a1db532a6b55dd18",
- "shasum": ""
- },
- "require": {
- "php": "^5.6 || ^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^5.7 || ^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Looks up which function or method a line of code belongs to",
- "homepage": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/",
- "time": "2017-03-04T06:30:41+00:00"
- },
- {
- "name": "sebastian/comparator",
- "version": "2.1.3",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/comparator.git",
- "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/34369daee48eafb2651bea869b4b15d75ccc35f9",
- "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9",
- "shasum": ""
- },
- "require": {
- "php": "^7.0",
- "sebastian/diff": "^2.0 || ^3.0",
- "sebastian/exporter": "^3.1"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.4"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.1.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Jeff Welch",
- "email": "whatthejeff@gmail.com"
- },
- {
- "name": "Volker Dusch",
- "email": "github@wallbash.com"
- },
- {
- "name": "Bernhard Schussek",
- "email": "bschussek@2bepublished.at"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Provides the functionality to compare PHP values for equality",
- "homepage": "https://github.com/sebastianbergmann/comparator",
- "keywords": [
- "comparator",
- "compare",
- "equality"
- ],
- "time": "2018-02-01T13:46:46+00:00"
- },
- {
- "name": "sebastian/diff",
- "version": "2.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/diff.git",
- "reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
- "reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
- "shasum": ""
- },
- "require": {
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.2"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.0-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Kore Nordmann",
- "email": "mail@kore-nordmann.de"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Diff implementation",
- "homepage": "https://github.com/sebastianbergmann/diff",
- "keywords": [
- "diff"
- ],
- "time": "2017-08-03T08:09:46+00:00"
- },
- {
- "name": "sebastian/environment",
- "version": "3.1.0",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/environment.git",
- "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/cd0871b3975fb7fc44d11314fd1ee20925fce4f5",
- "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5",
- "shasum": ""
- },
- "require": {
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.1"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.1.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Provides functionality to handle HHVM/PHP environments",
- "homepage": "http://www.github.com/sebastianbergmann/environment",
- "keywords": [
- "Xdebug",
- "environment",
- "hhvm"
- ],
- "time": "2017-07-01T08:51:00+00:00"
- },
- {
- "name": "sebastian/exporter",
- "version": "3.1.0",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/exporter.git",
- "reference": "234199f4528de6d12aaa58b612e98f7d36adb937"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/234199f4528de6d12aaa58b612e98f7d36adb937",
- "reference": "234199f4528de6d12aaa58b612e98f7d36adb937",
- "shasum": ""
- },
- "require": {
- "php": "^7.0",
- "sebastian/recursion-context": "^3.0"
- },
- "require-dev": {
- "ext-mbstring": "*",
- "phpunit/phpunit": "^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.1.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Jeff Welch",
- "email": "whatthejeff@gmail.com"
- },
- {
- "name": "Volker Dusch",
- "email": "github@wallbash.com"
- },
- {
- "name": "Bernhard Schussek",
- "email": "bschussek@2bepublished.at"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- },
- {
- "name": "Adam Harvey",
- "email": "aharvey@php.net"
- }
- ],
- "description": "Provides the functionality to export PHP variables for visualization",
- "homepage": "http://www.github.com/sebastianbergmann/exporter",
- "keywords": [
- "export",
- "exporter"
- ],
- "time": "2017-04-03T13:19:02+00:00"
- },
- {
- "name": "sebastian/global-state",
- "version": "2.0.0",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/global-state.git",
- "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4",
- "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4",
- "shasum": ""
- },
- "require": {
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.0"
- },
- "suggest": {
- "ext-uopz": "*"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.0-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Snapshotting of global state",
- "homepage": "http://www.github.com/sebastianbergmann/global-state",
- "keywords": [
- "global state"
- ],
- "time": "2017-04-27T15:39:26+00:00"
- },
- {
- "name": "sebastian/object-enumerator",
- "version": "3.0.3",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/object-enumerator.git",
- "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/7cfd9e65d11ffb5af41198476395774d4c8a84c5",
- "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5",
- "shasum": ""
- },
- "require": {
- "php": "^7.0",
- "sebastian/object-reflector": "^1.1.1",
- "sebastian/recursion-context": "^3.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Traverses array structures and object graphs to enumerate all referenced objects",
- "homepage": "https://github.com/sebastianbergmann/object-enumerator/",
- "time": "2017-08-03T12:35:26+00:00"
- },
- {
- "name": "sebastian/object-reflector",
- "version": "1.1.1",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/object-reflector.git",
- "reference": "773f97c67f28de00d397be301821b06708fca0be"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/773f97c67f28de00d397be301821b06708fca0be",
- "reference": "773f97c67f28de00d397be301821b06708fca0be",
- "shasum": ""
- },
- "require": {
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.1-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Allows reflection of object attributes, including inherited and non-public ones",
- "homepage": "https://github.com/sebastianbergmann/object-reflector/",
- "time": "2017-03-29T09:07:27+00:00"
- },
- {
- "name": "sebastian/recursion-context",
- "version": "3.0.0",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/recursion-context.git",
- "reference": "5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8",
- "reference": "5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8",
- "shasum": ""
- },
- "require": {
- "php": "^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Jeff Welch",
- "email": "whatthejeff@gmail.com"
- },
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- },
- {
- "name": "Adam Harvey",
- "email": "aharvey@php.net"
- }
- ],
- "description": "Provides functionality to recursively process PHP variables",
- "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
- "time": "2017-03-03T06:23:57+00:00"
- },
- {
- "name": "sebastian/resource-operations",
- "version": "1.0.0",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/resource-operations.git",
- "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
- "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
- "shasum": ""
- },
- "require": {
- "php": ">=5.6.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de"
- }
- ],
- "description": "Provides a list of PHP built-in functions that operate on resources",
- "homepage": "https://www.github.com/sebastianbergmann/resource-operations",
- "time": "2015-07-28T20:34:47+00:00"
- },
- {
- "name": "sebastian/version",
- "version": "2.0.1",
- "source": {
- "type": "git",
- "url": "https://github.com/sebastianbergmann/version.git",
- "reference": "99732be0ddb3361e16ad77b68ba41efc8e979019"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/version/zipball/99732be0ddb3361e16ad77b68ba41efc8e979019",
- "reference": "99732be0ddb3361e16ad77b68ba41efc8e979019",
- "shasum": ""
- },
- "require": {
- "php": ">=5.6"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.0.x-dev"
- }
- },
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Sebastian Bergmann",
- "email": "sebastian@phpunit.de",
- "role": "lead"
- }
- ],
- "description": "Library that helps with managing the version number of Git-hosted PHP projects",
- "homepage": "https://github.com/sebastianbergmann/version",
- "time": "2016-10-03T07:35:21+00:00"
- },
- {
- "name": "symfony/config",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/config.git",
- "reference": "e5389132dc6320682de3643091121c048ff796b3"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/config/zipball/e5389132dc6320682de3643091121c048ff796b3",
- "reference": "e5389132dc6320682de3643091121c048ff796b3",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8",
- "symfony/filesystem": "~2.8|~3.0|~4.0",
- "symfony/polyfill-ctype": "~1.8"
- },
- "conflict": {
- "symfony/dependency-injection": "<3.3",
- "symfony/finder": "<3.3"
- },
- "require-dev": {
- "symfony/dependency-injection": "~3.3|~4.0",
- "symfony/event-dispatcher": "~3.3|~4.0",
- "symfony/finder": "~3.3|~4.0",
- "symfony/yaml": "~3.0|~4.0"
- },
- "suggest": {
- "symfony/yaml": "To use the yaml reference dumper"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Config\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Config Component",
- "homepage": "https://symfony.com",
- "time": "2018-09-08T13:15:14+00:00"
- },
- {
- "name": "symfony/console",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/console.git",
- "reference": "1cbaac35024c9dfc9612b7e2310e82677bf85709"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/console/zipball/1cbaac35024c9dfc9612b7e2310e82677bf85709",
- "reference": "1cbaac35024c9dfc9612b7e2310e82677bf85709",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8",
- "symfony/debug": "~2.8|~3.0|~4.0",
- "symfony/polyfill-mbstring": "~1.0"
- },
- "conflict": {
- "symfony/dependency-injection": "<3.4",
- "symfony/process": "<3.3"
- },
- "require-dev": {
- "psr/log": "~1.0",
- "symfony/config": "~3.3|~4.0",
- "symfony/dependency-injection": "~3.4|~4.0",
- "symfony/event-dispatcher": "~2.8|~3.0|~4.0",
- "symfony/lock": "~3.4|~4.0",
- "symfony/process": "~3.3|~4.0"
- },
- "suggest": {
- "psr/log-implementation": "For using the console logger",
- "symfony/event-dispatcher": "",
- "symfony/lock": "",
- "symfony/process": ""
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Console\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Console Component",
- "homepage": "https://symfony.com",
- "time": "2018-09-30T03:37:36+00:00"
- },
- {
- "name": "symfony/debug",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/debug.git",
- "reference": "b70cfaae39009ecde3164bb8cba4d029220d27b1"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/debug/zipball/b70cfaae39009ecde3164bb8cba4d029220d27b1",
- "reference": "b70cfaae39009ecde3164bb8cba4d029220d27b1",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8",
- "psr/log": "~1.0"
- },
- "conflict": {
- "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
- },
- "require-dev": {
- "symfony/http-kernel": "~2.8|~3.0|~4.0"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Debug\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Debug Component",
- "homepage": "https://symfony.com",
- "time": "2018-09-22T18:25:03+00:00"
- },
- {
- "name": "symfony/event-dispatcher",
- "version": "v2.8.46",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/event-dispatcher.git",
- "reference": "84ae343f39947aa084426ed1138bb96bf94d1f12"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/84ae343f39947aa084426ed1138bb96bf94d1f12",
- "reference": "84ae343f39947aa084426ed1138bb96bf94d1f12",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.9"
- },
- "require-dev": {
- "psr/log": "~1.0",
- "symfony/config": "^2.0.5|~3.0.0",
- "symfony/dependency-injection": "~2.6|~3.0.0",
- "symfony/expression-language": "~2.6|~3.0.0",
- "symfony/stopwatch": "~2.3|~3.0.0"
- },
- "suggest": {
- "symfony/dependency-injection": "",
- "symfony/http-kernel": ""
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "2.8-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\EventDispatcher\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony EventDispatcher Component",
- "homepage": "https://symfony.com",
- "time": "2018-07-26T09:03:18+00:00"
- },
- {
- "name": "symfony/filesystem",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/filesystem.git",
- "reference": "f89ab242d915d188fca95ee3291c72c5a094a195"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/filesystem/zipball/f89ab242d915d188fca95ee3291c72c5a094a195",
- "reference": "f89ab242d915d188fca95ee3291c72c5a094a195",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8",
- "symfony/polyfill-ctype": "~1.8"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Filesystem\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Filesystem Component",
- "homepage": "https://symfony.com",
- "time": "2018-09-30T03:32:28+00:00"
- },
- {
- "name": "symfony/polyfill-ctype",
- "version": "v1.9.0",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/polyfill-ctype.git",
- "reference": "e3d826245268269cd66f8326bd8bc066687b4a19"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/e3d826245268269cd66f8326bd8bc066687b4a19",
- "reference": "e3d826245268269cd66f8326bd8bc066687b4a19",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "suggest": {
- "ext-ctype": "For best performance"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.9-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Polyfill\\Ctype\\": ""
- },
- "files": [
- "bootstrap.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- },
- {
- "name": "Gert de Pagter",
- "email": "BackEndTea@gmail.com"
- }
- ],
- "description": "Symfony polyfill for ctype functions",
- "homepage": "https://symfony.com",
- "keywords": [
- "compatibility",
- "ctype",
- "polyfill",
- "portable"
- ],
- "time": "2018-08-06T14:22:27+00:00"
- },
- {
- "name": "symfony/polyfill-mbstring",
- "version": "v1.9.0",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/polyfill-mbstring.git",
- "reference": "d0cd638f4634c16d8df4508e847f14e9e43168b8"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/d0cd638f4634c16d8df4508e847f14e9e43168b8",
- "reference": "d0cd638f4634c16d8df4508e847f14e9e43168b8",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "suggest": {
- "ext-mbstring": "For best performance"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.9-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Polyfill\\Mbstring\\": ""
- },
- "files": [
- "bootstrap.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Nicolas Grekas",
- "email": "p@tchwork.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony polyfill for the Mbstring extension",
- "homepage": "https://symfony.com",
- "keywords": [
- "compatibility",
- "mbstring",
- "polyfill",
- "portable",
- "shim"
- ],
- "time": "2018-08-06T14:22:27+00:00"
- },
- {
- "name": "symfony/stopwatch",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/stopwatch.git",
- "reference": "deda2765e8dab2fc38492e926ea690f2a681f59d"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/stopwatch/zipball/deda2765e8dab2fc38492e926ea690f2a681f59d",
- "reference": "deda2765e8dab2fc38492e926ea690f2a681f59d",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Stopwatch\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Stopwatch Component",
- "homepage": "https://symfony.com",
- "time": "2018-07-26T10:03:52+00:00"
- },
- {
- "name": "symfony/yaml",
- "version": "v3.4.16",
- "source": {
- "type": "git",
- "url": "https://github.com/symfony/yaml.git",
- "reference": "61973ecda60e9f3561e929e19c07d4878b960fc1"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/symfony/yaml/zipball/61973ecda60e9f3561e929e19c07d4878b960fc1",
- "reference": "61973ecda60e9f3561e929e19c07d4878b960fc1",
- "shasum": ""
- },
- "require": {
- "php": "^5.5.9|>=7.0.8",
- "symfony/polyfill-ctype": "~1.8"
- },
- "conflict": {
- "symfony/console": "<3.4"
- },
- "require-dev": {
- "symfony/console": "~3.4|~4.0"
- },
- "suggest": {
- "symfony/console": "For validating YAML files using the lint command"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "3.4-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Symfony\\Component\\Yaml\\": ""
- },
- "exclude-from-classmap": [
- "/Tests/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Fabien Potencier",
- "email": "fabien@symfony.com"
- },
- {
- "name": "Symfony Community",
- "homepage": "https://symfony.com/contributors"
- }
- ],
- "description": "Symfony Yaml Component",
- "homepage": "https://symfony.com",
- "time": "2018-09-24T08:15:45+00:00"
- },
- {
- "name": "theseer/tokenizer",
- "version": "1.1.0",
- "source": {
- "type": "git",
- "url": "https://github.com/theseer/tokenizer.git",
- "reference": "cb2f008f3f05af2893a87208fe6a6c4985483f8b"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/theseer/tokenizer/zipball/cb2f008f3f05af2893a87208fe6a6c4985483f8b",
- "reference": "cb2f008f3f05af2893a87208fe6a6c4985483f8b",
- "shasum": ""
- },
- "require": {
- "ext-dom": "*",
- "ext-tokenizer": "*",
- "ext-xmlwriter": "*",
- "php": "^7.0"
- },
- "type": "library",
- "autoload": {
- "classmap": [
- "src/"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "BSD-3-Clause"
- ],
- "authors": [
- {
- "name": "Arne Blankerts",
- "email": "arne@blankerts.de",
- "role": "Developer"
- }
- ],
- "description": "A small library for converting tokenized PHP source code into XML and potentially other formats",
- "time": "2017-04-07T12:08:54+00:00"
- },
- {
- "name": "webmozart/assert",
- "version": "1.3.0",
- "source": {
- "type": "git",
- "url": "https://github.com/webmozart/assert.git",
- "reference": "0df1908962e7a3071564e857d86874dad1ef204a"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/webmozart/assert/zipball/0df1908962e7a3071564e857d86874dad1ef204a",
- "reference": "0df1908962e7a3071564e857d86874dad1ef204a",
- "shasum": ""
- },
- "require": {
- "php": "^5.3.3 || ^7.0"
- },
- "require-dev": {
- "phpunit/phpunit": "^4.6",
- "sebastian/version": "^1.0.1"
- },
- "type": "library",
- "extra": {
- "branch-alias": {
- "dev-master": "1.3-dev"
- }
- },
- "autoload": {
- "psr-4": {
- "Webmozart\\Assert\\": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Bernhard Schussek",
- "email": "bschussek@gmail.com"
- }
- ],
- "description": "Assertions to validate method input/output with nice error messages.",
- "keywords": [
- "assert",
- "check",
- "validate"
- ],
- "time": "2018-01-29T19:49:41+00:00"
- }
- ],
- "aliases": [],
- "minimum-stability": "stable",
- "stability-flags": [],
- "prefer-stable": false,
- "prefer-lowest": false,
- "platform": [],
- "platform-dev": []
-}
diff --git a/lib/svg-sanitizer/phpunit.xml.dist b/lib/svg-sanitizer/phpunit.xml.dist
deleted file mode 100644
index c05b76b2..00000000
--- a/lib/svg-sanitizer/phpunit.xml.dist
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit bootstrap="vendor/autoload.php"
- colors="true"
- stopOnFailure="false"
- syntaxCheck="false">
-
- <testsuites>
- <testsuite name="The project's test suite">
- <directory>./tests</directory>
- </testsuite>
- </testsuites>
-
- <logging>
- <log type="coverage-clover" target="./build/logs/clover.xml"/>
- </logging>
-
- <filter>
- <whitelist processUncoveredFilesFromWhitelist="true">
- <directory suffix=".php">./src</directory>
- </whitelist>
- </filter>
-
-</phpunit>
\ No newline at end of file
diff --git a/lib/svg-sanitizer/src/ElementReference/Resolver.php b/lib/svg-sanitizer/src/ElementReference/Resolver.php
new file mode 100755
index 00000000..cd7a8406
--- /dev/null
+++ b/lib/svg-sanitizer/src/ElementReference/Resolver.php
@@ -0,0 +1,169 @@
+<?php
+namespace enshrined\svgSanitize\ElementReference;
+
+use enshrined\svgSanitize\data\XPath;
+use enshrined\svgSanitize\Exceptions\NestingException;
+use enshrined\svgSanitize\Helper;
+
+class Resolver
+{
+ /**
+ * @var XPath
+ */
+ protected $xPath;
+
+ /**
+ * @var Subject[]
+ */
+ protected $subjects = [];
+
+ /**
+ * @var array DOMElement[]
+ */
+ protected $elementsToRemove = [];
+
+ /**
+ * @var int
+ */
+ protected $useNestingLimit;
+
+ public function __construct(XPath $xPath, $useNestingLimit)
+ {
+ $this->xPath = $xPath;
+ $this->useNestingLimit = $useNestingLimit;
+ }
+
+ public function collect()
+ {
+ $this->collectIdentifiedElements();
+ $this->processReferences();
+ $this->determineInvalidSubjects();
+ }
+
+ /**
+ * Resolves one subject by element.
+ *
+ * @param \DOMElement $element
+ * @param bool $considerChildren Whether to search in Subject's children as well
+ * @return Subject|null
+ */
+ public function findByElement(\DOMElement $element, $considerChildren = false)
+ {
+ foreach ($this->subjects as $subject) {
+ if (
+ $element === $subject->getElement()
+ || $considerChildren && Helper::isElementContainedIn($element, $subject->getElement())
+ ) {
+ return $subject;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Resolves subjects (plural!) by element id - in theory malformed
+ * DOM might have same ids assigned to different elements and leaving
+ * it to client/browser implementation which element to actually use.
+ *
+ * @param string $elementId
+ * @return Subject[]
+ */
+ public function findByElementId($elementId)
+ {
+ return array_filter(
+ $this->subjects,
+ function (Subject $subject) use ($elementId) {
+ return $elementId === $subject->getElementId();
+ }
+ );
+ }
+
+ /**
+ * Collects elements having `id` attribute (those that can be referenced).
+ */
+ protected function collectIdentifiedElements()
+ {
+ /** @var \DOMNodeList|\DOMElement[] $elements */
+ $elements = $this->xPath->query('//*[@id]');
+ foreach ($elements as $element) {
+ $this->subjects[$element->getAttribute('id')] = new Subject($element, $this->useNestingLimit);
+ }
+ }
+
+ /**
+ * Processes references from and to elements having `id` attribute concerning
+ * their occurrence in `<use ... xlink:href="#identifier">` statements.
+ */
+ protected function processReferences()
+ {
+ $useNodeName = $this->xPath->createNodeName('use');
+ foreach ($this->subjects as $subject) {
+ $useElements = $this->xPath->query(
+ $useNodeName . '[@href or @xlink:href]',
+ $subject->getElement()
+ );
+
+ /** @var \DOMElement $useElement */
+ foreach ($useElements as $useElement) {
+ $useId = Helper::extractIdReferenceFromHref(
+ Helper::getElementHref($useElement)
+ );
+ if ($useId === null || !isset($this->subjects[$useId])) {
+ continue;
+ }
+ $subject->addUse($this->subjects[$useId]);
+ $this->subjects[$useId]->addUsedIn($subject);
+ }
+ }
+ }
+
+ /**
+ * Determines and tags infinite loops.
+ */
+ protected function determineInvalidSubjects()
+ {
+ foreach ($this->subjects as $subject) {
+
+ if (in_array($subject->getElement(), $this->elementsToRemove)) {
+ continue;
+ }
+
+ $useId = Helper::extractIdReferenceFromHref(
+ Helper::getElementHref($subject->getElement())
+ );
+
+ try {
+ if ($useId === $subject->getElementId()) {
+ $this->markSubjectAsInvalid($subject);
+ } elseif ($subject->hasInfiniteLoop()) {
+ $this->markSubjectAsInvalid($subject);
+ }
+ } catch (NestingException $e) {
+ $this->elementsToRemove[] = $e->getElement();
+ $this->markSubjectAsInvalid($subject);
+ }
+ }
+ }
+
+ /**
+ * Get all the elements that caused a nesting exception.
+ *
+ * @return array
+ */
+ public function getElementsToRemove() {
+ return $this->elementsToRemove;
+ }
+
+ /**
+ * The Subject is invalid for some reason, therefore we should
+ * remove it and all it's child usages.
+ *
+ * @param Subject $subject
+ */
+ protected function markSubjectAsInvalid(Subject $subject) {
+ $this->elementsToRemove = array_merge(
+ $this->elementsToRemove,
+ $subject->clearInternalAndGetAffectedElements()
+ );
+ }
+}
\ No newline at end of file
diff --git a/lib/svg-sanitizer/src/ElementReference/Subject.php b/lib/svg-sanitizer/src/ElementReference/Subject.php
new file mode 100755
index 00000000..3610f0f9
--- /dev/null
+++ b/lib/svg-sanitizer/src/ElementReference/Subject.php
@@ -0,0 +1,153 @@
+<?php
+namespace enshrined\svgSanitize\ElementReference;
+
+class Subject
+{
+ /**
+ * @var \DOMElement
+ */
+ protected $element;
+
+ /**
+ * @var Usage[]
+ */
+ protected $useCollection = [];
+
+ /**
+ * @var Usage[]
+ */
+ protected $usedInCollection = [];
+
+ /**
+ * @var int
+ */
+ protected $useNestingLimit;
+
+ /**
+ * Subject constructor.
+ *
+ * @param \DOMElement $element
+ * @param int $useNestingLimit
+ */
+ public function __construct(\DOMElement $element, $useNestingLimit)
+ {
+ $this->element = $element;
+ $this->useNestingLimit = $useNestingLimit;
+ }
+
+ /**
+ * @return \DOMElement
+ */
+ public function getElement()
+ {
+ return $this->element;
+ }
+
+ /**
+ * @return string
+ */
+ public function getElementId()
+ {
+ return $this->element->getAttribute('id');
+ }
+
+ /**
+ * @param array $subjects Previously processed subjects
+ * @param int $level The current level of nesting.
+ * @return bool
+ * @throws \enshrined\svgSanitize\Exceptions\NestingException
+ */
+ public function hasInfiniteLoop(array $subjects = [], $level = 1)
+ {
+ if ($level > $this->useNestingLimit) {
+ throw new \enshrined\svgSanitize\Exceptions\NestingException('Nesting level too high, aborting', 1570713498, null, $this->getElement());
+ }
+
+ if (in_array($this, $subjects, true)) {
+ return true;
+ }
+ $subjects[] = $this;
+ foreach ($this->useCollection as $usage) {
+ if ($usage->getSubject()->hasInfiniteLoop($subjects, $level + 1)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @param Subject $subject
+ */
+ public function addUse(Subject $subject)
+ {
+ if ($subject === $this) {
+ throw new \LogicException('Cannot add self usage', 1570713416);
+ }
+ $identifier = $subject->getElementId();
+ if (isset($this->useCollection[$identifier])) {
+ $this->useCollection[$identifier]->increment();
+ return;
+ }
+ $this->useCollection[$identifier] = new Usage($subject);
+ }
+
+ /**
+ * @param Subject $subject
+ */
+ public function addUsedIn(Subject $subject)
+ {
+ if ($subject === $this) {
+ throw new \LogicException('Cannot add self as usage', 1570713417);
+ }
+ $identifier = $subject->getElementId();
+ if (isset($this->usedInCollection[$identifier])) {
+ $this->usedInCollection[$identifier]->increment();
+ return;
+ }
+ $this->usedInCollection[$identifier] = new Usage($subject);
+ }
+
+ /**
+ * @param bool $accumulated
+ * @return int
+ */
+ public function countUse($accumulated = false)
+ {
+ $count = 0;
+ foreach ($this->useCollection as $use) {
+ $useCount = $use->getSubject()->countUse();
+ $count += $use->getCount() * ($accumulated ? 1 + $useCount : max(1, $useCount));
+ }
+ return $count;
+ }
+
+ /**
+ * @return int
+ */
+ public function countUsedIn()
+ {
+ $count = 0;
+ foreach ($this->usedInCollection as $usedIn) {
+ $count += $usedIn->getCount() * max(1, $usedIn->getSubject()->countUsedIn());
+ }
+ return $count;
+ }
+
+ /**
+ * Clear the internal arrays (to free up memory as they can get big)
+ * and return all the child usages DOMElement's
+ *
+ * @return array
+ */
+ public function clearInternalAndGetAffectedElements()
+ {
+ $elements = array_map(function(Usage $usage) {
+ return $usage->getSubject()->getElement();
+ }, $this->useCollection);
+
+ $this->usedInCollection = [];
+ $this->useCollection = [];
+
+ return $elements;
+ }
+}
\ No newline at end of file
diff --git a/lib/svg-sanitizer/src/ElementReference/Usage.php b/lib/svg-sanitizer/src/ElementReference/Usage.php
new file mode 100755
index 00000000..d0ba62d7
--- /dev/null
+++ b/lib/svg-sanitizer/src/ElementReference/Usage.php
@@ -0,0 +1,49 @@
+<?php
+namespace enshrined\svgSanitize\ElementReference;
+
+class Usage
+{
+ /**
+ * @var Subject
+ */
+ protected $subject;
+
+ /**
+ * @var int
+ */
+ protected $count;
+
+ /**
+ * @param Subject $subject
+ * @param int $count
+ */
+ public function __construct(Subject $subject, $count = 1)
+ {
+ $this->subject = $subject;
+ $this->count = (int)$count;
+ }
+
+ /**
+ * @param int $by
+ */
+ public function increment($by = 1)
+ {
+ $this->count += (int)$by;
+ }
+
+ /**
+ * @return Subject
+ */
+ public function getSubject()
+ {
+ return $this->subject;
+ }
+
+ /**
+ * @return int
+ */
+ public function getCount()
+ {
+ return $this->count;
+ }
+}
\ No newline at end of file
diff --git a/lib/svg-sanitizer/src/Exceptions/NestingException.php b/lib/svg-sanitizer/src/Exceptions/NestingException.php
new file mode 100755
index 00000000..cc7b4cb6
--- /dev/null
+++ b/lib/svg-sanitizer/src/Exceptions/NestingException.php
@@ -0,0 +1,39 @@
+<?php
+
+
+namespace enshrined\svgSanitize\Exceptions;
+
+
+use Exception;
+
+class NestingException extends \Exception
+{
+ /**
+ * @var \DOMElement
+ */
+ protected $element;
+
+ /**
+ * NestingException constructor.
+ *
+ * @param string $message
+ * @param int $code
+ * @param Exception|null $previous
+ * @param \DOMElement|null $element
+ */
+ public function __construct($message = "", $code = 0, Exception $previous = null, \DOMElement $element = null)
+ {
+ $this->element = $element;
+ parent::__construct($message, $code, $previous);
+ }
+
+ /**
+ * Get the element that caused the exception.
+ *
+ * @return \DOMElement
+ */
+ public function getElement()
+ {
+ return $this->element;
+ }
+}
\ No newline at end of file
diff --git a/lib/svg-sanitizer/src/Helper.php b/lib/svg-sanitizer/src/Helper.php
new file mode 100755
index 00000000..6e25003c
--- /dev/null
+++ b/lib/svg-sanitizer/src/Helper.php
@@ -0,0 +1,53 @@
+<?php
+namespace enshrined\svgSanitize;
+
+class Helper
+{
+ /**
+ * @param \DOMElement $element
+ * @return string|null
+ */
+ public static function getElementHref(\DOMElement $element)
+ {
+ if ($element->hasAttribute('href')) {
+ return $element->getAttribute('href');
+ }
+ if ($element->hasAttributeNS('http://www.w3.org/1999/xlink', 'href')) {
+ return $element->getAttributeNS('http://www.w3.org/1999/xlink', 'href');
+ }
+ return null;
+ }
+
+ /**
+ * @param string $href
+ * @return string|null
+ */
+ public static function extractIdReferenceFromHref($href)
+ {
+ if (!is_string($href) || strpos($href, '#') !== 0) {
+ return null;
+ }
+ return substr($href, 1);
+ }
+
+ /**
+ * @param \DOMElement $needle
+ * @param \DOMElement $haystack
+ * @return bool
+ */
+ public static function isElementContainedIn(\DOMElement $needle, \DOMElement $haystack)
+ {
+ if ($needle === $haystack) {
+ return true;
+ }
+ foreach ($haystack->childNodes as $childNode) {
+ if (!$childNode instanceof \DOMElement) {
+ continue;
+ }
+ if (self::isElementContainedIn($needle, $childNode)) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
diff --git a/lib/svg-sanitizer/src/Sanitizer.php b/lib/svg-sanitizer/src/Sanitizer.php
old mode 100644
new mode 100755
index 266ea9d8..34f56d7c
--- a/lib/svg-sanitizer/src/Sanitizer.php
+++ b/lib/svg-sanitizer/src/Sanitizer.php
@@ -2,11 +2,13 @@
namespace enshrined\svgSanitize;
-use DOMDocument;
use enshrined\svgSanitize\data\AllowedAttributes;
use enshrined\svgSanitize\data\AllowedTags;
use enshrined\svgSanitize\data\AttributeInterface;
use enshrined\svgSanitize\data\TagInterface;
+use enshrined\svgSanitize\data\XPath;
+use enshrined\svgSanitize\ElementReference\Resolver;
+use enshrined\svgSanitize\ElementReference\Subject;
/**
* Class Sanitizer
@@ -17,12 +19,7 @@ class Sanitizer
{
/**
- * Regex to catch script and data values in attributes
- */
- const SCRIPT_REGEX = '/(?:\w+script|data):/xi';
-
- /**
- * @var DOMDocument
+ * @var \DOMDocument
*/
protected $xmlDocument;
@@ -51,6 +48,11 @@ class Sanitizer
*/
protected $removeRemoteReferences = false;
+ /**
+ * @var int
+ */
+ protected $useThreshold = 1000;
+
/**
* @var bool
*/
@@ -66,6 +68,16 @@ class Sanitizer
*/
protected $xmlIssues = array();
+ /**
+ * @var Resolver
+ */
+ protected $elementReferenceResolver;
+
+ /**
+ * @var int
+ */
+ protected $useNestingLimit = 15;
+
/**
*
*/
@@ -81,7 +93,7 @@ class Sanitizer
*/
protected function resetInternal()
{
- $this->xmlDocument = new DOMDocument();
+ $this->xmlDocument = new \DOMDocument();
$this->xmlDocument->preserveWhiteSpace = false;
$this->xmlDocument->strictErrorChecking = false;
$this->xmlDocument->formatOutput = !$this->minifyXML;
@@ -90,7 +102,7 @@ class Sanitizer
/**
* Set XML options to use when saving XML
* See: DOMDocument::saveXML
- *
+ *
* @param int $xmlOptions
*/
public function setXMLOptions($xmlOptions)
@@ -98,15 +110,15 @@ class Sanitizer
$this->xmlOptions = $xmlOptions;
}
- /**
+ /**
* Get XML options to use when saving XML
* See: DOMDocument::saveXML
- *
+ *
* @return int
*/
public function getXMLOptions()
{
- return $this->xmlOptions;
+ return $this->xmlOptions;
}
/**
@@ -165,7 +177,7 @@ class Sanitizer
* @return array
*/
public function getXmlIssues() {
- return $this->xmlIssues;
+ return $this->xmlIssues;
}
@@ -198,11 +210,17 @@ class Sanitizer
$this->removeDoctype();
+ // Pre-process all identified elements
+ $xPath = new XPath($this->xmlDocument);
+ $this->elementReferenceResolver = new Resolver($xPath, $this->useNestingLimit);
+ $this->elementReferenceResolver->collect();
+ $elementsToRemove = $this->elementReferenceResolver->getElementsToRemove();
+
// Grab all the elements
$allElements = $this->xmlDocument->getElementsByTagName("*");
// Start the cleaning proccess
- $this->startClean($allElements);
+ $this->startClean($allElements, $elementsToRemove);
// Save cleaned XML to a variable
if ($this->removeXMLTag) {
@@ -227,12 +245,16 @@ class Sanitizer
*/
protected function setUpBefore()
{
- // Turn off the entity loader
- $this->xmlLoaderValue = libxml_disable_entity_loader(true);
+ // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
+ // disabled by default, so this function is no longer needed to protect against XXE attacks.
+ if (\LIBXML_VERSION < 20900) {
+ // Turn off the entity loader
+ $this->xmlLoaderValue = libxml_disable_entity_loader(true);
+ }
// Suppress the errors because we don't really have to worry about formation before cleansing
libxml_use_internal_errors(true);
-
+
// Reset array of altered XML
$this->xmlIssues = array();
}
@@ -242,8 +264,12 @@ class Sanitizer
*/
protected function resetAfter()
{
- // Reset the entity loader
- libxml_disable_entity_loader($this->xmlLoaderValue);
+ // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
+ // disabled by default, so this function is no longer needed to protect against XXE attacks.
+ if (\LIBXML_VERSION < 20900) {
+ // Reset the entity loader
+ libxml_disable_entity_loader($this->xmlLoaderValue);
+ }
}
/**
@@ -263,37 +289,57 @@ class Sanitizer
* Start the cleaning with tags, then we move onto attributes and hrefs later
*
* @param \DOMNodeList $elements
+ * @param array $elementsToRemove
*/
- protected function startClean(\DOMNodeList $elements)
+ protected function startClean(\DOMNodeList $elements, array $elementsToRemove)
{
// loop through all elements
// we do this backwards so we don't skip anything if we delete a node
// see comments at: http://php.net/manual/en/class.domnamednodemap.php
for ($i = $elements->length - 1; $i >= 0; $i--) {
+ /** @var \DOMElement $currentElement */
$currentElement = $elements->item($i);
+ /**
+ * If the element has exceeded the nesting limit, we should remove it.
+ *
+ * As it's only <use> elements that cause us issues with nesting DOS attacks
+ * we should check what the element is before removing it. For now we'll only
+ * remove <use> elements.
+ */
+ if (in_array($currentElement, $elementsToRemove) && 'use' === $currentElement->nodeName) {
+ $currentElement->parentNode->removeChild($currentElement);
+ $this->xmlIssues[] = array(
+ 'message' => 'Invalid \'' . $currentElement->tagName . '\'',
+ 'line' => $currentElement->getLineNo(),
+ );
+ continue;
+ }
+
// If the tag isn't in the whitelist, remove it and continue with next iteration
- if (!in_array(strtolower($currentElement->localName), $this->allowedTags)) {
+ if (!in_array(strtolower($currentElement->tagName), $this->allowedTags)) {
$currentElement->parentNode->removeChild($currentElement);
$this->xmlIssues[] = array(
'message' => 'Suspicious tag \'' . $currentElement->tagName . '\'',
'line' => $currentElement->getLineNo(),
- );
+ );
continue;
}
- $this->cleanAttributesOnWhitelist($currentElement);
+ $this->cleanHrefs($currentElement);
$this->cleanXlinkHrefs($currentElement);
- $this->cleanHrefs($currentElement);
+ $this->cleanAttributesOnWhitelist($currentElement);
- if (strtolower($currentElement->localName) === 'use') {
- if ($this->isUseTagDirty($currentElement)) {
+ if (strtolower($currentElement->tagName) === 'use') {
+ if ($this->isUseTagDirty($currentElement)
+ || $this->isUseTagExceedingThreshold($currentElement)
+ ) {
$currentElement->parentNode->removeChild($currentElement);
$this->xmlIssues[] = array(
'message' => 'Suspicious \'' . $currentElement->tagName . '\'',
- 'line' => $currentElement->getLineNo(),
+ 'line' => $currentElement->getLineNo(),
);
continue;
}
@@ -311,27 +357,42 @@ class Sanitizer
for ($x = $element->attributes->length - 1; $x >= 0; $x--) {
// get attribute name
$attrName = $element->attributes->item($x)->name;
- $nodeName = $element->attributes->item($x)->nodeName;
// Remove attribute if not in whitelist
if (!in_array(strtolower($attrName), $this->allowedAttrs) && !$this->isAriaAttribute(strtolower($attrName)) && !$this->isDataAttribute(strtolower($attrName))) {
- $element->removeAttribute($nodeName);
+ $element->removeAttribute($attrName);
$this->xmlIssues[] = array(
- 'message' => 'Suspicious attribute \'' . $nodeName . '\'',
+ 'message' => 'Suspicious attribute \'' . $attrName . '\'',
'line' => $element->getLineNo(),
- );
+ );
+ }
+
+ /**
+ * This is used for when a namespace isn't imported properly.
+ * Such as xlink:href when the xlink namespace isn't imported.
+ * We have to do this as the link is still ran in this case.
+ */
+ if (false !== strpos($attrName, 'href')) {
+ $href = $element->getAttribute($attrName);
+ if (false === $this->isHrefSafeValue($href)) {
+ $element->removeAttribute($attrName);
+ $this->xmlIssues[] = array(
+ 'message' => 'Suspicious attribute \'href\'',
+ 'line' => $element->getLineNo(),
+ );
+ }
}
// Do we want to strip remote references?
if($this->removeRemoteReferences) {
// Remove attribute if it has a remote reference
if (isset($element->attributes->item($x)->value) && $this->hasRemoteReference($element->attributes->item($x)->value)) {
- $element->removeAttribute($nodeName);
+ $element->removeAttribute($attrName);
$this->xmlIssues[] = array(
- 'message' => 'Suspicious attribute \'' . $nodeName . '\'',
+ 'message' => 'Suspicious attribute \'' . $attrName . '\'',
'line' => $element->getLineNo(),
- );
+ );
}
}
}
@@ -345,22 +406,12 @@ class Sanitizer
protected function cleanXlinkHrefs(\DOMElement $element)
{
$xlinks = $element->getAttributeNS('http://www.w3.org/1999/xlink', 'href');
- if (preg_match(self::SCRIPT_REGEX, $xlinks) === 1) {
- if (!in_array(substr($xlinks, 0, 14), array(
- 'data:image/png', // PNG
- 'data:image/gif', // GIF
- 'data:image/jpg', // JPG
- 'data:image/jpe', // JPEG
- 'data:image/pjp', // PJPEG
- ))) {
- $element->removeAttributeNS( 'http://www.w3.org/1999/xlink', 'href' );
- $this->xmlIssues[] = array(
- 'message' => 'Suspicious attribute \'href\'',
- 'line' => $element->getLineNo(),
- );
-
-
- }
+ if (false === $this->isHrefSafeValue($xlinks)) {
+ $element->removeAttributeNS( 'http://www.w3.org/1999/xlink', 'href' );
+ $this->xmlIssues[] = array(
+ 'message' => 'Suspicious attribute \'href\'',
+ 'line' => $element->getLineNo(),
+ );
}
}
@@ -372,7 +423,7 @@ class Sanitizer
protected function cleanHrefs(\DOMElement $element)
{
$href = $element->getAttribute('href');
- if (preg_match(self::SCRIPT_REGEX, $href) === 1) {
+ if (false === $this->isHrefSafeValue($href)) {
$element->removeAttribute('href');
$this->xmlIssues[] = array(
'message' => 'Suspicious attribute \'href\'',
@@ -381,6 +432,67 @@ class Sanitizer
}
}
+/**
+ * Only allow whitelisted starts to be within the href.
+ *
+ * This will stop scripts etc from being passed through, with or without attempting to hide bypasses.
+ * This stops the need for us to use a complicated script regex.
+ *
+ * @param $value
+ * @return bool
+ */
+ protected function isHrefSafeValue($value) {
+
+ // Allow empty values
+ if (empty($value)) {
+ return true;
+ }
+
+ // Allow fragment identifiers.
+ if ('#' === substr($value, 0, 1)) {
+ return true;
+ }
+
+ // Allow relative URIs.
+ if ('/' === substr($value, 0, 1)) {
+ return true;
+ }
+
+ // Allow HTTPS domains.
+ if ('https://' === substr($value, 0, 8)) {
+ return true;
+ }
+
+ // Allow HTTP domains.
+ if ('http://' === substr($value, 0, 7)) {
+ return true;
+ }
+
+ // Allow known data URIs.
+ if (in_array(substr($value, 0, 14), array(
+ 'data:image/png', // PNG
+ 'data:image/gif', // GIF
+ 'data:image/jpg', // JPG
+ 'data:image/jpe', // JPEG
+ 'data:image/pjp', // PJPEG
+ ))) {
+ return true;
+ }
+
+ // Allow known short data URIs.
+ if (in_array(substr($value, 0, 12), array(
+ 'data:img/png', // PNG
+ 'data:img/gif', // GIF
+ 'data:img/jpg', // JPG
+ 'data:img/jpe', // JPEG
+ 'data:img/pjp', // PJPEG
+ ))) {
+ return true;
+ }
+
+ return false;
+ }
+
/**
* Removes non-printable ASCII characters from string & trims it
*
@@ -432,6 +544,17 @@ class Sanitizer
$this->removeXMLTag = (bool) $removeXMLTag;
}
+ /**
+ * Whether `<use ... xlink:href="#identifier">` elements shall be
+ * removed in case expansion would exceed this threshold.
+ *
+ * @param int $useThreshold
+ */
+ public function useThreshold($useThreshold = 1000)
+ {
+ $this->useThreshold = (int)$useThreshold;
+ }
+
/**
* Check to see if an attribute is an aria attribute or not
*
@@ -464,11 +587,44 @@ class Sanitizer
*/
protected function isUseTagDirty(\DOMElement $element)
{
- $xlinks = $element->getAttributeNS('http://www.w3.org/1999/xlink', 'href');
- if ($xlinks && substr($xlinks, 0, 1) !== '#') {
- return true;
- }
+ $href = Helper::getElementHref($element);
+ return $href && strpos($href, '#') !== 0;
+ }
+ /**
+ * Determines whether `<use ... xlink:href="#identifier">` is expanded
+ * recursively in order to create DoS scenarios. The amount of a actually
+ * used element needs to be below `$this->useThreshold`.
+ *
+ * @param \DOMElement $element
+ * @return bool
+ */
+ protected function isUseTagExceedingThreshold(\DOMElement $element)
+ {
+ if ($this->useThreshold <= 0) {
+ return false;
+ }
+ $useId = Helper::extractIdReferenceFromHref(
+ Helper::getElementHref($element)
+ );
+ if ($useId === null) {
+ return false;
+ }
+ foreach ($this->elementReferenceResolver->findByElementId($useId) as $subject) {
+ if ($subject->countUse() >= $this->useThreshold) {
+ return true;
+ }
+ }
return false;
}
+
+ /**
+ * Set the nesting limit for <use> tags.
+ *
+ * @param $limit
+ */
+ public function setUseNestingLimit($limit)
+ {
+ $this->useNestingLimit = (int) $limit;
+ }
}
diff --git a/lib/svg-sanitizer/src/data/AllowedAttributes.php b/lib/svg-sanitizer/src/data/AllowedAttributes.php
old mode 100644
new mode 100755
index ddd2a6b7..a1929343
--- a/lib/svg-sanitizer/src/data/AllowedAttributes.php
+++ b/lib/svg-sanitizer/src/data/AllowedAttributes.php
@@ -21,6 +21,7 @@ class AllowedAttributes implements AttributeInterface
{
return array(
// HTML
+ 'about',
'accept',
'action',
'align',
@@ -109,6 +110,7 @@ class AllowedAttributes implements AttributeInterface
'usemap',
'valign',
'value',
+ 'version',
'width',
'xmlns',
@@ -270,7 +272,6 @@ class AllowedAttributes implements AttributeInterface
'values',
'viewbox',
'visibility',
- 'version',
'vert-adv-y',
'vert-origin-x',
'vert-origin-y',
@@ -351,11 +352,6 @@ class AllowedAttributes implements AttributeInterface
'xlink:title',
'xml:space',
'xmlns:xlink',
-
- // RDF
- 'about',
- 'resource',
-
);
}
}
diff --git a/lib/svg-sanitizer/src/data/AllowedTags.php b/lib/svg-sanitizer/src/data/AllowedTags.php
old mode 100644
new mode 100755
index c2793078..5b0f3ded
--- a/lib/svg-sanitizer/src/data/AllowedTags.php
+++ b/lib/svg-sanitizer/src/data/AllowedTags.php
@@ -239,20 +239,7 @@ class AllowedTags implements TagInterface
'munderover',
//text
- '#text',
-
- // metadata area
- // RDF
- 'rdf',
- // creativecommons
- 'permits',
- 'license',
- 'agent',
- 'work',
- // Dublin core
- 'publisher',
- 'type',
- 'format',
+ '#text'
);
}
}
diff --git a/lib/svg-sanitizer/src/data/AttributeInterface.php b/lib/svg-sanitizer/src/data/AttributeInterface.php
old mode 100644
new mode 100755
index d0e2082b..f296ea2b
--- a/lib/svg-sanitizer/src/data/AttributeInterface.php
+++ b/lib/svg-sanitizer/src/data/AttributeInterface.php
@@ -1,6 +1,4 @@
<?php
-
-
namespace enshrined\svgSanitize\data;
diff --git a/lib/svg-sanitizer/src/data/TagInterface.php b/lib/svg-sanitizer/src/data/TagInterface.php
old mode 100644
new mode 100755
index da926d93..6d23ec47
--- a/lib/svg-sanitizer/src/data/TagInterface.php
+++ b/lib/svg-sanitizer/src/data/TagInterface.php
@@ -1,9 +1,6 @@
<?php
-
-
namespace enshrined\svgSanitize\data;
-
/**
* Interface TagInterface
*
diff --git a/lib/svg-sanitizer/src/data/XPath.php b/lib/svg-sanitizer/src/data/XPath.php
new file mode 100755
index 00000000..e3540525
--- /dev/null
+++ b/lib/svg-sanitizer/src/data/XPath.php
@@ -0,0 +1,64 @@
+<?php
+namespace enshrined\svgSanitize\data;
+
+class XPath extends \DOMXPath
+{
+ const DEFAULT_NAMESPACE_PREFIX = 'svg';
+
+ /**
+ * @var string
+ */
+ protected $defaultNamespaceURI;
+
+ public function __construct(\DOMDocument $doc)
+ {
+ parent::__construct($doc);
+ $this->handleDefaultNamespace();
+ }
+
+ /**
+ * @param string $nodeName
+ * @return string
+ */
+ public function createNodeName($nodeName)
+ {
+ if (empty($this->defaultNamespaceURI)) {
+ return $nodeName;
+ }
+ return self::DEFAULT_NAMESPACE_PREFIX . ':' . $nodeName;
+ }
+
+ protected function handleDefaultNamespace()
+ {
+ $rootElements = $this->getRootElements();
+
+ if (count($rootElements) !== 1) {
+ throw new \LogicException(
+ sprintf('Got %d svg elements, expected exactly one', count($rootElements)),
+ 1570870568
+ );
+ }
+ $this->defaultNamespaceURI = (string)$rootElements[0]->namespaceURI;
+
+ if ($this->defaultNamespaceURI !== '') {
+ $this->registerNamespace(self::DEFAULT_NAMESPACE_PREFIX, $this->defaultNamespaceURI);
+ }
+ }
+
+ /**
+ * @return \DOMElement[]
+ */
+ protected function getRootElements()
+ {
+ $rootElements = [];
+ $elements = $this->document->getElementsByTagName('svg');
+ /** @var \DOMElement $element */
+ foreach ($elements as $element) {
+ if ($element->parentNode !== $this->document) {
+ continue;
+ }
+ $rootElements[] = $element;
+ }
+ return $rootElements;
+ }
+}
diff --git a/lib/svg-sanitizer/src/svg-scanner.php b/lib/svg-sanitizer/src/svg-scanner.php
old mode 100644
new mode 100755
diff --git a/paquet.xml b/paquet.xml
index 2a672f61..8f9e5522 100644
--- a/paquet.xml
+++ b/paquet.xml
@@ -1,7 +1,7 @@
<paquet
prefix="medias"
categorie="multimedia"
- version="2.30.2"
+ version="2.31.0"
etat="stable"
compatibilite="[3.3.0-dev;3.3.*]"
logo="prive/themes/spip/images/portfolio-32.png"
@@ -15,6 +15,7 @@
<credit>Cédric Morin, Romy Duhem-Verdière pour la médiathèque</credit>
<credit lien="http://www.getid3.org/">getID3()</credit>
<credit lien="http://mediaelementjs.com/">MediaElement.js</credit>
+ <credit lien="https://github.com/darylldoyle/svg-sanitizer/releases">SVG Sanitizer v0.14.0</credit>
<traduire module="medias" reference="fr" gestionnaire="salvatore" />
--
GitLab