|
1
|
<?php
|
|
2
|
|
|
3
|
use Drupal\Core\Security\PharExtensionInterceptor;
|
|
4
|
use TYPO3\PharStreamWrapper\Manager as PharStreamWrapperManager;
|
|
5
|
use TYPO3\PharStreamWrapper\Behavior as PharStreamWrapperBehavior;
|
|
6
|
use TYPO3\PharStreamWrapper\PharStreamWrapper;
|
|
7
|
|
|
8
|
/**
|
|
9
|
* Registers a phar stream wrapper that is more secure than PHP's built-in one.
|
|
10
|
*
|
|
11
|
* @see file_get_stream_wrappers()
|
|
12
|
*/
|
|
13
|
function file_register_phar_wrapper() {
|
|
14
|
$directory = DRUPAL_ROOT . '/misc/typo3/phar-stream-wrapper/src';
|
|
15
|
include_once $directory . '/Assertable.php';
|
|
16
|
include_once $directory . '/Behavior.php';
|
|
17
|
include_once $directory . '/Exception.php';
|
|
18
|
include_once $directory . '/Helper.php';
|
|
19
|
include_once $directory . '/Manager.php';
|
|
20
|
include_once $directory . '/PharStreamWrapper.php';
|
|
21
|
include_once DRUPAL_ROOT . '/misc/typo3/drupal-security/PharExtensionInterceptor.php';
|
|
22
|
|
|
23
|
// Set up a stream wrapper to handle insecurities due to PHP's built-in
|
|
24
|
// phar stream wrapper.
|
|
25
|
try {
|
|
26
|
$behavior = new PharStreamWrapperBehavior();
|
|
27
|
PharStreamWrapperManager::initialize(
|
|
28
|
$behavior->withAssertion(new PharExtensionInterceptor())
|
|
29
|
);
|
|
30
|
}
|
|
31
|
catch (\LogicException $e) {
|
|
32
|
// Continue if the PharStreamWrapperManager is already initialized.
|
|
33
|
// For example, this occurs following a drupal_static_reset(), such
|
|
34
|
// as during tests.
|
|
35
|
};
|
|
36
|
|
|
37
|
// To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid
|
|
38
|
// scheme, this is registered with PHP only, not with hook_stream_wrappers()
|
|
39
|
// or the internal storage of file_get_stream_wrappers().
|
|
40
|
stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper');
|
|
41
|
}
|
