1 |
cd5c298a
|
Geoffroy Desvernay
|
<?php
|
2 |
|
|
|
3 |
|
|
use Drupal\Core\Security\PharExtensionInterceptor;
|
4 |
|
|
use TYPO3\PharStreamWrapper\Manager as PharStreamWrapperManager;
|
5 |
|
|
use TYPO3\PharStreamWrapper\Behavior as PharStreamWrapperBehavior;
|
6 |
|
|
use TYPO3\PharStreamWrapper\PharStreamWrapper;
|
7 |
|
|
|
8 |
|
|
/**
|
9 |
|
|
* Registers a phar stream wrapper that is more secure than PHP's built-in one.
|
10 |
|
|
*
|
11 |
|
|
* @see file_get_stream_wrappers()
|
12 |
|
|
*/
|
13 |
|
|
function file_register_phar_wrapper() {
|
14 |
|
|
$directory = DRUPAL_ROOT . '/misc/typo3/phar-stream-wrapper/src';
|
15 |
|
|
include_once $directory . '/Assertable.php';
|
16 |
|
|
include_once $directory . '/Behavior.php';
|
17 |
|
|
include_once $directory . '/Exception.php';
|
18 |
|
|
include_once $directory . '/Helper.php';
|
19 |
|
|
include_once $directory . '/Manager.php';
|
20 |
|
|
include_once $directory . '/PharStreamWrapper.php';
|
21 |
fbb66ca6
|
Assos Assos
|
include_once $directory . '/Collectable.php';
|
22 |
|
|
include_once $directory . '/Interceptor/ConjunctionInterceptor.php';
|
23 |
|
|
include_once $directory . '/Interceptor/PharMetaDataInterceptor.php';
|
24 |
|
|
include_once $directory . '/Phar/Container.php';
|
25 |
|
|
include_once $directory . '/Phar/DeserializationException.php';
|
26 |
|
|
include_once $directory . '/Phar/Manifest.php';
|
27 |
|
|
include_once $directory . '/Phar/Reader.php';
|
28 |
|
|
include_once $directory . '/Phar/ReaderException.php';
|
29 |
|
|
include_once $directory . '/Phar/Stub.php';
|
30 |
|
|
include_once $directory . '/Resolvable.php';
|
31 |
|
|
include_once $directory . '/Resolver/PharInvocation.php';
|
32 |
|
|
include_once $directory . '/Resolver/PharInvocationCollection.php';
|
33 |
|
|
include_once $directory . '/Resolver/PharInvocationResolver.php';
|
34 |
cd5c298a
|
Geoffroy Desvernay
|
include_once DRUPAL_ROOT . '/misc/typo3/drupal-security/PharExtensionInterceptor.php';
|
35 |
fbb66ca6
|
Assos Assos
|
include_once DRUPAL_ROOT . '/misc/brumann/polyfill-unserialize/src/Unserialize.php';
|
36 |
cd5c298a
|
Geoffroy Desvernay
|
|
37 |
|
|
// Set up a stream wrapper to handle insecurities due to PHP's built-in
|
38 |
|
|
// phar stream wrapper.
|
39 |
|
|
try {
|
40 |
|
|
$behavior = new PharStreamWrapperBehavior();
|
41 |
|
|
PharStreamWrapperManager::initialize(
|
42 |
|
|
$behavior->withAssertion(new PharExtensionInterceptor())
|
43 |
|
|
);
|
44 |
|
|
}
|
45 |
|
|
catch (\LogicException $e) {
|
46 |
|
|
// Continue if the PharStreamWrapperManager is already initialized.
|
47 |
|
|
// For example, this occurs following a drupal_static_reset(), such
|
48 |
|
|
// as during tests.
|
49 |
|
|
};
|
50 |
|
|
|
51 |
|
|
// To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid
|
52 |
|
|
// scheme, this is registered with PHP only, not with hook_stream_wrappers()
|
53 |
|
|
// or the internal storage of file_get_stream_wrappers().
|
54 |
|
|
stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper');
|
55 |
|
|
} |