Club Drupal

Drupal 7.67, 2019-05-08

-----------------------

- Fixed security issues:

   - SA-CORE-2019-007

define('VERSION', '7.67');

  include_once $directory . '/Collectable.php';

  include_once $directory . '/Interceptor/ConjunctionInterceptor.php';

  include_once $directory . '/Interceptor/PharMetaDataInterceptor.php';

  include_once $directory . '/Phar/Container.php';

  include_once $directory . '/Phar/DeserializationException.php';

  include_once $directory . '/Phar/Manifest.php';

  include_once $directory . '/Phar/Reader.php';

  include_once $directory . '/Phar/ReaderException.php';

  include_once $directory . '/Phar/Stub.php';

  include_once $directory . '/Resolvable.php';

  include_once $directory . '/Resolver/PharInvocation.php';

  include_once $directory . '/Resolver/PharInvocationCollection.php';

  include_once $directory . '/Resolver/PharInvocationResolver.php';

  include_once DRUPAL_ROOT . '/misc/brumann/polyfill-unserialize/src/Unserialize.php';

MIT License

Copyright (c) 2016 Denis Brumann

Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all

copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

SOFTWARE.

Polyfill unserialize [![Build Status](https://travis-ci.org/dbrumann/polyfill-unserialize.svg?branch=master)](https://travis-ci.org/dbrumann/polyfill-unserialize)

===

Backports unserialize options introduced in PHP 7.0 to older PHP versions.

This was originally designed as a Proof of Concept for Symfony Issue [#21090](https://github.com/symfony/symfony/pull/21090).

You can use this package in projects that rely on PHP versions older than PHP 7.0.

In case you are using PHP 7.0+ the original `unserialize()` will be used instead.

From the [documentation](https://secure.php.net/manual/en/function.unserialize.php):

> Warning: Do not pass untrusted user input to unserialize(). Unserialization can

> result in code being loaded and executed due to object instantiation

> and autoloading, and a malicious user may be able to exploit this.

This warning holds true even when `allowed_classes` is used.

Requirements

------------

 - PHP 5.3+

Installation

------------

You can install this package via composer:

```

composer require brumann/polyfill-unserialize "^1.0"

```

Known Issues

------------

There is a mismatch in behavior when `allowed_classes` in `$options` is not

of the correct type (array or boolean). PHP 7.1 will issue a warning, whereas

PHP 7.0 will not. I opted to copy the behavior of the former.

Tests

-----

You can run the test suite using PHPUnit. It is intentionally not bundled as

dev dependency to make sure this package has the lowest restrictions on the

implementing system as possible.

Please read the [PHPUnit Manual](https://phpunit.de/manual/current/en/installation.html)

for information how to install it on your system.

You can run the test suite as follows:

```

phpunit -c phpunit.xml.dist tests/

```

Contributing

------------

This package is considered feature complete. As such I will likely not update it

unless there are security issues.

Should you find any bugs or have questions, feel free to submit an Issue or a Pull Request.

{

    "name": "brumann/polyfill-unserialize",

    "description": "Backports unserialize options introduced in PHP 7.0 to older PHP versions.",

    "type": "library",

    "license": "MIT",

    "authors": [

        {

            "name": "Denis Brumann",

            "email": "denis.brumann@sensiolabs.de"

        }

    ],

    "autoload": {

        "psr-4": {

            "Brumann\\Polyfill\\": "src/"

        }

    },

    "autoload-dev": {

        "psr-4": {

            "Tests\\Brumann\\Polyfill\\": "tests/"

        }

    },

    "minimum-stability": "stable",

    "require": {

        "php": "^5.3|^7.0"

    }

}

<?xml version="1.0" encoding="UTF-8"?>

<phpunit

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.1/phpunit.xsd"

    backupGlobals="false"

    colors="true"

    bootstrap="vendor/autoload.php"

>

    <php>

        <ini name="error_reporting" value="-1" />

    </php>

    <testsuites>

        <testsuite name="Brumann\Polyfill Test Suite">

            <directory>./tests/</directory>

        </testsuite>

    </testsuites>

    <filter>

        <whitelist>

            <directory>./src/</directory>

        </whitelist>

    </filter>

</phpunit>

<?php

namespace Brumann\Polyfill;

final class Unserialize

{

    /**

     * @see https://secure.php.net/manual/en/function.unserialize.php

     *

     * @param string $serialized Serialized data

     * @param array $options Associative array containing options

     *

     * @return mixed

     */

    public static function unserialize($serialized, array $options = array())

    {

        if (PHP_VERSION_ID >= 70000) {

            return \unserialize($serialized, $options);

        }

        if (!array_key_exists('allowed_classes', $options)) {

            $options['allowed_classes'] = true;

        }

        $allowedClasses = $options['allowed_classes'];

        if (true === $allowedClasses) {

            return \unserialize($serialized);

        }

        if (false === $allowedClasses) {

            $allowedClasses = array();

        }

        if (!is_array($allowedClasses)) {

            trigger_error(

                'unserialize(): allowed_classes option should be array or boolean',

                E_USER_WARNING

            );

            $allowedClasses = array();

        }

        $sanitizedSerialized = preg_replace_callback(

            '/(^|;)O:\d+:"([^"]*)":(\d+):{/',

            function ($match) use ($allowedClasses) {

                list($completeMatch, $leftBorder, $className, $objectSize) = $match;

                if (in_array($className, $allowedClasses)) {

                    return $completeMatch;

                } else {

                    return sprintf(

                        '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s',

                        $leftBorder,

                        $objectSize + 1, // size of object + 1 for added string

                        \serialize($className)

                    );

                }

            },

            $serialized

        );

        return \unserialize($sanitizedSerialized);

    }

}

\TYPO3\PharStreamWrapper\Manager::initialize(

## Interceptors

### ConjunctionInterceptor

This interceptor combines multiple interceptors implementing `Assertable`.

It succeeds when all nested interceptors succeed as well (logical `AND`).

```

$behavior = new \TYPO3\PharStreamWrapper\Behavior();

\TYPO3\PharStreamWrapper\Manager::initialize(

    $behavior->withAssertion(new ConjunctionInterceptor(array(

        new PharExtensionInterceptor(),

        new PharMetaDataInterceptor()

    )))

);

```

### PharExtensionInterceptor

This (basic) interceptor just checks whether the invoked Phar archive has

an according `.phar` file extension. Resolving symbolic links as well as

Phar internal alias resolving are considered as well.

```

$behavior = new \TYPO3\PharStreamWrapper\Behavior();

\TYPO3\PharStreamWrapper\Manager::initialize(

    $behavior->withAssertion(new PharExtensionInterceptor())

);

```

### PharMetaDataInterceptor

This interceptor is actually checking serialized Phar meta-data against

PHP objects and would consider a Phar archive malicious in case not only

scalar values are found. A custom low-level `Phar\Reader` is used in order to

avoid using PHP's `Phar` object which would trigger the initial vulnerability.

```

$behavior = new \TYPO3\PharStreamWrapper\Behavior();

\TYPO3\PharStreamWrapper\Manager::initialize(

    $behavior->withAssertion(new PharMetaDataInterceptor())

);

```

## Reader

* `Phar\Reader::__construct(string $fileName)`: Creates low-level reader for Phar archive

* `Phar\Reader::resolveContainer(): Phar\Container`: Resolves model representing Phar archive

* `Phar\Container::getStub(): Phar\Stub`: Resolves (plain PHP) stub section of Phar archive

* `Phar\Container::getManifest(): Phar\Manifest`: Resolves parsed Phar archive manifest as

  documented at http://php.net/manual/en/phar.fileformat.manifestfile.php

* `Phar\Stub::getMappedAlias(): string`: Resolves internal Phar archive alias defined in stub

  using `Phar::mapPhar('alias.phar')` - actually the plain PHP source is analyzed here

* `Phar\Manifest::getAlias(): string` - Resolves internal Phar archive alias defined in manifest

  using `Phar::setAlias('alias.phar')`

* `Phar\Manifest::getMetaData(): string`: Resolves serialized Phar archive meta-data

* `Phar\Manifest::deserializeMetaData(): mixed`: Resolves deserialized Phar archive meta-data

  containing only scalar values - in case an object is determined, an according

  `Phar\DeserializationException` will be thrown

```

$reader = new Phar\Reader('example.phar');

var_dump($reader->resolveContainer()->getManifest()->deserializeMetaData());

```

* `Helper::determineBaseFile(string $path): string`: Determines base file that can be

        "php": "^5.3.3|^7.0",

        "ext-fileinfo": "*",

        "ext-json": "*",

        "brumann/polyfill-unserialize": "^1.0"

        "ext-xdebug": "*",

<?php

namespace TYPO3\PharStreamWrapper;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Resolver\PharInvocation;

interface Collectable

{

    /**

     * @param PharInvocation $invocation

     * @return bool

     */

    public function has(PharInvocation $invocation);

    /**

     * @param PharInvocation $invocation

     * @param null $flags

     * @return bool

     */

    public function collect(PharInvocation $invocation, $flags = null);

    /**

     * @param callable $callback

     * @param bool $reverse

     * @return null|PharInvocation

     */

    public function findByCallback($callback, $reverse = false);

}

/**

 * Helper provides low-level tools on file name resolving. However it does not

 * (and should not) maintain any runtime state information. In order to resolve

 * Phar archive paths according resolvers have to be used.

 *

 * @see \TYPO3\PharStreamWrapper\Resolvable::resolve()

 */

    /**

     * @param string $path

     * @return bool

     */

    public static function hasPharPrefix($path)

    {

        return stripos($path, 'phar://') === 0;

    }

        if (!static::hasPharPrefix($path)) {

            static::normalizeWindowsPath(

<?php

namespace TYPO3\PharStreamWrapper\Interceptor;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Assertable;

use TYPO3\PharStreamWrapper\Exception;

class ConjunctionInterceptor implements Assertable

{

    /**

     * @var Assertable[]

     */

    private $assertions;

    public function __construct(array $assertions)

    {

        $this->assertAssertions($assertions);

        $this->assertions = $assertions;

    }

    /**

     * Executes assertions based on all contained assertions.

     *

     * @param string $path

     * @param string $command

     * @return bool

     * @throws Exception

     */

    public function assert($path, $command)

    {

        if ($this->invokeAssertions($path, $command)) {

            return true;

        }

        throw new Exception(

            sprintf(

                'Assertion failed in "%s"',

                $path

            ),

            1539625084

        );

    }

    /**

     * @param Assertable[] $assertions

     */

    private function assertAssertions(array $assertions)

    {

        foreach ($assertions as $assertion) {

            if (!$assertion instanceof Assertable) {

                throw new \InvalidArgumentException(

                    sprintf(

                        'Instance %s must implement Assertable',

                        get_class($assertion)

                    ),

                    1539624719

                );

            }

        }

    }

    /**

     * @param string $path

     * @param string $command

     * @return bool

     */

    private function invokeAssertions($path, $command)

    {

        try {

            foreach ($this->assertions as $assertion) {

                if (!$assertion->assert($path, $command)) {

                    return false;

                }

            }

        } catch (Exception $exception) {

            return false;

        }

        return true;

    }

}

use TYPO3\PharStreamWrapper\Manager;

        $invocation = Manager::instance()->resolve($path);

        if ($invocation === null) {

        $fileExtension = pathinfo($invocation->getBaseName(), PATHINFO_EXTENSION);

<?php

namespace TYPO3\PharStreamWrapper\Interceptor;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Assertable;

use TYPO3\PharStreamWrapper\Exception;

use TYPO3\PharStreamWrapper\Manager;

use TYPO3\PharStreamWrapper\Phar\DeserializationException;

use TYPO3\PharStreamWrapper\Phar\Reader;

/**

 * @internal Experimental implementation of checking against serialized objects in Phar meta-data

 * @internal This functionality has not been 100% pentested...

 */

class PharMetaDataInterceptor implements Assertable

{

    /**

     * Determines whether the according Phar archive contains

     * (potential insecure) serialized objects.

     *

     * @param string $path

     * @param string $command

     * @return bool

     * @throws Exception

     */

    public function assert($path, $command)

    {

        if ($this->baseFileDoesNotHaveMetaDataIssues($path)) {

            return true;

        }

        throw new Exception(

            sprintf(

                'Problematic meta-data in "%s"',

                $path

            ),

            1539632368

        );

    }

    /**

     * @param string $path

     * @return bool

     */

    private function baseFileDoesNotHaveMetaDataIssues($path)

    {

        $invocation = Manager::instance()->resolve($path);

        if ($invocation === null) {

            return false;

        }

        // directly return in case invocation was checked before

        if ($invocation->getVariable(__CLASS__) === true) {

            return true;

        }

        // otherwise analyze meta-data

        try {

            $reader = new Reader($invocation->getBaseName());

            $reader->resolveContainer()->getManifest()->deserializeMetaData();

            $invocation->setVariable(__CLASS__, true);

        } catch (DeserializationException $exception) {

            return false;

        }

        return true;

    }

}

use TYPO3\PharStreamWrapper\Resolver\PharInvocation;

use TYPO3\PharStreamWrapper\Resolver\PharInvocationCollection;

use TYPO3\PharStreamWrapper\Resolver\PharInvocationResolver;

class Manager

    /**

     * @var Resolvable

     */

    private $resolver;

    /**

     * @var Collectable

     */

    private $collection;

     * @param Resolvable $resolver

     * @param Collectable $collection

    public static function initialize(

        Behavior $behaviour,

        Resolvable $resolver = null,

        Collectable $collection = null

    ) {

            self::$instance = new self($behaviour, $resolver, $collection);

     * @param Resolvable $resolver

     * @param Collectable $collection

    private function __construct(

        Behavior $behaviour,

        Resolvable $resolver = null,

        Collectable $collection = null

    ) {

        if ($collection === null) {

            $collection = new PharInvocationCollection();

        }

        if ($resolver === null) {

            $resolver = new PharInvocationResolver();

        }

        $this->collection = $collection;

        $this->resolver = $resolver;

    /**

     * @param string $path

     * @param null|int $flags

     * @return null|PharInvocation

     */

    public function resolve($path, $flags = null)

    {

        return $this->resolver->resolve($path, $flags);

    }

    /**

     * @return Collectable

     */

    public function getCollection()

    {

        return $this->collection;

    }

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

class Container

{

    /**

     * @var Stub

     */

    private $stub;

    /**

     * @var Manifest

     */

    private $manifest;

    /**

     * @param Stub $stub

     * @param Manifest $manifest

     */

    public function __construct(Stub $stub, Manifest $manifest)

    {

        $this->stub = $stub;

        $this->manifest = $manifest;

    }

    /**

     * @return Stub

     */

    public function getStub()

    {

        return $this->stub;

    }

    /**

     * @return Manifest

     */

    public function getManifest()

    {

        return $this->manifest;

    }

    /**

     * @return string

     */

    public function getAlias()

    {

        return $this->manifest->getAlias() ?: $this->stub->getMappedAlias();

    }

}

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Exception;

class DeserializationException extends Exception

{

}

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use Brumann\Polyfill\Unserialize;

class Manifest

{

    /**

     * @param string $content

     * @return self

     * @see http://php.net/manual/en/phar.fileformat.phar.php

     */

    public static function fromContent($content)

    {

        $target = new static();

        $target->manifestLength = Reader::resolveFourByteLittleEndian($content, 0);

        $target->amountOfFiles = Reader::resolveFourByteLittleEndian($content, 4);

        $target->flags = Reader::resolveFourByteLittleEndian($content, 10);

        $target->aliasLength = Reader::resolveFourByteLittleEndian($content, 14);

        $target->alias = substr($content, 18, $target->aliasLength);

        $target->metaDataLength = Reader::resolveFourByteLittleEndian($content, 18 + $target->aliasLength);

        $target->metaData = substr($content, 22 + $target->aliasLength, $target->metaDataLength);

        $apiVersionNibbles = Reader::resolveTwoByteBigEndian($content, 8);

        $target->apiVersion = implode('.', array(

            ($apiVersionNibbles & 0xf000) >> 12,

            ($apiVersionNibbles & 0x0f00) >> 8,

            ($apiVersionNibbles & 0x00f0) >> 4,

        ));

        return $target;

    }

    /**

     * @var int

     */

    private $manifestLength;

    /**

     * @var int

     */

    private $amountOfFiles;

    /**

     * @var string

     */

    private $apiVersion;

    /**

     * @var int

     */

    private $flags;

    /**

     * @var int

     */

    private $aliasLength;

    /**

     * @var string

     */

    private $alias;

    /**

     * @var int

     */

    private $metaDataLength;

    /**

     * @var string

     */

    private $metaData;

    /**

     * Avoid direct instantiation.

     */

    private function __construct()

    {

    }

    /**

     * @return int

     */

    public function getManifestLength()

    {

        return $this->manifestLength;

    }

    /**

     * @return int

     */

    public function getAmountOfFiles()

    {

        return $this->amountOfFiles;

    }

    /**

     * @return string

     */

    public function getApiVersion()

    {

        return $this->apiVersion;

    }

    /**

     * @return int

     */

    public function getFlags()

    {

        return $this->flags;

    }

    /**

     * @return int

     */

    public function getAliasLength()

    {

        return $this->aliasLength;

    }

    /**

     * @return string

     */

    public function getAlias()

    {

        return $this->alias;

    }

    /**

     * @return int

     */

    public function getMetaDataLength()

    {

        return $this->metaDataLength;

    }

    /**

     * @return string

     */

    public function getMetaData()

    {

        return $this->metaData;

    }

    /**

     * @return mixed|null

     */

    public function deserializeMetaData()

    {

        if (empty($this->metaData)) {

            return null;

        }

        $result = Unserialize::unserialize($this->metaData, array('allowed_classes' => false));

        $serialized = json_encode($result);

        if (strpos($serialized, '__PHP_Incomplete_Class_Name') !== false) {

            throw new DeserializationException(

                'Meta-data contains serialized object',

                1539623382

            );

        }

        return $result;

    }

}

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

class Reader

{

    /**

     * @var string

     */

    private $fileName;

    /**

     * @var string

     */

    private $fileType;

    /**

     * @param string $fileName

     */

    public function __construct($fileName)

    {

        if (strpos($fileName, '://') !== false) {

            throw new ReaderException(

                'File name must not contain stream prefix',

                1539623708

            );

        }

        $this->fileName = $fileName;

        $this->fileType = $this->determineFileType();

    }

    /**

     * @return Container

     */

    public function resolveContainer()

    {

        $data = $this->extractData($this->resolveStream() . $this->fileName);

        if ($data['stubContent'] === null) {

            throw new ReaderException(

                'Cannot resolve stub',

                1547807881

            );

        }

        if ($data['manifestContent'] === null || $data['manifestLength'] === null) {

            throw new ReaderException(

                'Cannot resolve manifest',

                1547807882

            );

        }

        if (strlen($data['manifestContent']) < $data['manifestLength']) {

            throw new ReaderException(

                sprintf(

                    'Exected manifest length %d, got %d',

                    strlen($data['manifestContent']),

                    $data['manifestLength']

                ),

                1547807883

            );

        }

        return new Container(

            Stub::fromContent($data['stubContent']),

            Manifest::fromContent($data['manifestContent'])

        );

    }

    /**

     * @param string $fileName e.g. '/path/file.phar' or 'compress.zlib:///path/file.phar'

     * @return array

     */

    private function extractData($fileName)

    {

        $stubContent = null;

        $manifestContent = null;

        $manifestLength = null;

        $resource = fopen($fileName, 'r');

        if (!is_resource($resource)) {

            throw new ReaderException(

                sprintf('Resource %s could not be opened', $fileName),

                1547902055

            );

        }

        while (!feof($resource)) {

            $line = fgets($resource);

            // stop reading file when manifest can be extracted

            if ($manifestLength !== null && $manifestContent !== null && strlen($manifestContent) >= $manifestLength) {

                break;

            }

            $manifestPosition = strpos($line, '__HALT_COMPILER();');

            // first line contains start of manifest

            if ($stubContent === null && $manifestContent === null && $manifestPosition !== false) {

                $stubContent = substr($line, 0, $manifestPosition - 1);

                $manifestContent = preg_replace('#^.*__HALT_COMPILER\(\);(?>[ \n]\?>(?>\r\n|\n)?)?#', '', $line);

                $manifestLength = $this->resolveManifestLength($manifestContent);

            // line contains start of stub

            } elseif ($stubContent === null) {

                $stubContent = $line;

            // line contains start of manifest

            } elseif ($manifestContent === null && $manifestPosition !== false) {

                $manifestContent = preg_replace('#^.*__HALT_COMPILER\(\);(?>[ \n]\?>(?>\r\n|\n)?)?#', '', $line);

                $manifestLength = $this->resolveManifestLength($manifestContent);

            // manifest has been started (thus is cannot be stub anymore), add content

            } elseif ($manifestContent !== null) {

                $manifestContent .= $line;

                $manifestLength = $this->resolveManifestLength($manifestContent);

            // stub has been started (thus cannot be manifest here, yet), add content

            } elseif ($stubContent !== null) {

                $stubContent .= $line;

            }

        }

        fclose($resource);

        return array(

            'stubContent' => $stubContent,

            'manifestContent' => $manifestContent,

            'manifestLength' => $manifestLength,

        );

    }

    /**

     * Resolves stream in order to handle compressed Phar archives.

     *

     * @return string

     */

    private function resolveStream()

    {

        if ($this->fileType === 'application/x-gzip') {

            return 'compress.zlib://';

        } elseif ($this->fileType === 'application/x-bzip2') {

            return 'compress.bzip2://';

        }

        return '';

    }

    /**

     * @return string

     */

    private function determineFileType()

    {

        $fileInfo = new \finfo();

        return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);

    }

    /**

     * @param string $content

     * @return int|null

     */

    private function resolveManifestLength($content)

    {

        if (strlen($content) < 4) {

            return null;

        }

        return static::resolveFourByteLittleEndian($content, 0);

    }

    /**

     * @param string $content

     * @param int $start

     * @return int

     */

    public static function resolveFourByteLittleEndian($content, $start)

    {

        $payload = substr($content, $start, 4);

        if (!is_string($payload)) {

            throw new ReaderException(

                sprintf('Cannot resolve value at offset %d', $start),

                1539614260

            );

        }

        $value = unpack('V', $payload);

        if (!isset($value[1])) {

            throw new ReaderException(

                sprintf('Cannot resolve value at offset %d', $start),

                1539614261

            );

        }

        return $value[1];

    }

    /**

     * @param string $content

     * @param int $start

     * @return int

     */

    public static function resolveTwoByteBigEndian($content, $start)

    {

        $payload = substr($content, $start, 2);

        if (!is_string($payload)) {

            throw new ReaderException(

                sprintf('Cannot resolve value at offset %d', $start),

                1539614263

            );

        }

        $value = unpack('n', $payload);

        if (!isset($value[1])) {

            throw new ReaderException(

                sprintf('Cannot resolve value at offset %d', $start),

                1539614264

            );

        }

        return $value[1];

    }

}

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Exception;

class ReaderException extends Exception

{

}

<?php

namespace TYPO3\PharStreamWrapper\Phar;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

/**

 * @internal Experimental implementation of Phar archive internals

 */

class Stub

{

    /**

     * @param string $content

     * @return self

     */

    public static function fromContent($content)

    {

        $target = new static();

        $target->content = $content;

        if (

            stripos($content, 'Phar::mapPhar(') !== false

            && preg_match('#Phar\:\:mapPhar\(([^)]+)\)#', $content, $matches)

        ) {

            // remove spaces, single & double quotes

            // @todo `'my' . 'alias' . '.phar'` is not evaluated here

            $target->mappedAlias = trim($matches[1], ' \'"');

        }

        return $target;

    }

    /**

     * @var string

     */

    private $content;

    /**

     * @var string

     */

    private $mappedAlias = '';

    /**

     * @return string

     */

    public function getContent()

    {

        return $this->content;

    }

    /**

     * @return string

     */

    public function getMappedAlias()

    {

        return $this->mappedAlias;

    }

}

use TYPO3\PharStreamWrapper\Resolver\PharInvocation;

    /**

     * @var PharInvocation

     */

    protected $invocation;

        if (Manager::instance()->assert($path, $command) === true) {

            $this->collectInvocation($path);

     * @param string $path

     */

    protected function collectInvocation($path)

    {

        if (isset($this->invocation)) {

            return;

        }

        $manager = Manager::instance();

        $this->invocation = $manager->resolve($path);

        if ($this->invocation === null) {

            throw new Exception(

                'Expected invocation could not be resolved',

                1556389591

            );

        }

        // confirm, previous interceptor(s) validated invocation

        $this->invocation->confirm();

        $collection = $manager->getCollection();

        if (!$collection->has($this->invocation)) {

            $collection->collect($this->invocation);

        }

    }

    /**

     * @return Manager|Assertable

     * @deprecated Use Manager::instance() directly

<?php

namespace TYPO3\PharStreamWrapper;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */

use TYPO3\PharStreamWrapper\Resolver\PharInvocation;

interface Resolvable

{

    /**

     * @param string $path

     * @param null|int $flags

     * @return null|PharInvocation

     */

    public function resolve($path, $flags = null);

}

<?php

namespace TYPO3\PharStreamWrapper\Resolver;

/*

 * This file is part of the TYPO3 project.

 *

 * It is free software; you can redistribute it and/or modify it under the terms

 * of the MIT License (MIT). For the full copyright and license information,

 * please read the LICENSE file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!