/drupal7/misc/typo3/phar-stream-wrapper/README.md - Diff - Club Drupal - Forge Centrale Marseille

Révision fbb66ca6

Ajouté par Assos Assos il y a presque 5 ans

ID fbb66ca6901fa33b9a508b3b9c6a015fb8a8b468
Parent 32700c57
Enfant 8be7bf84

Udpate to 7.67

     ```
     $behavior = new \TYPO3\PharStreamWrapper\Behavior();
     Manager::initialize(
     \TYPO3\PharStreamWrapper\Manager::initialize(
         $behavior->withAssertion(new PharExtensionInterceptor())
     );
-...
       + `COMMAND_UNLINK`
       + `COMMAND_URL_STAT`
     ## Interceptor
     ## Interceptors
     The following interceptor is shipped with the package and ready to use in order
     to block any Phar invocation of files not having a `.phar` suffix. Besides that
-...
+    }
     ```
     ### ConjunctionInterceptor
     This interceptor combines multiple interceptors implementing `Assertable`.
     It succeeds when all nested interceptors succeed as well (logical `AND`).
     ```
     $behavior = new \TYPO3\PharStreamWrapper\Behavior();
     \TYPO3\PharStreamWrapper\Manager::initialize(
         $behavior->withAssertion(new ConjunctionInterceptor(array(
             new PharExtensionInterceptor(),
             new PharMetaDataInterceptor()
         )))
     );
     ```
     ### PharExtensionInterceptor
     This (basic) interceptor just checks whether the invoked Phar archive has
     an according `.phar` file extension. Resolving symbolic links as well as
     Phar internal alias resolving are considered as well.
     ```
     $behavior = new \TYPO3\PharStreamWrapper\Behavior();
     \TYPO3\PharStreamWrapper\Manager::initialize(
         $behavior->withAssertion(new PharExtensionInterceptor())
     );
     ```
     ### PharMetaDataInterceptor
     This interceptor is actually checking serialized Phar meta-data against
     PHP objects and would consider a Phar archive malicious in case not only
     scalar values are found. A custom low-level `Phar\Reader` is used in order to
     avoid using PHP's `Phar` object which would trigger the initial vulnerability.
     ```
     $behavior = new \TYPO3\PharStreamWrapper\Behavior();
     \TYPO3\PharStreamWrapper\Manager::initialize(
         $behavior->withAssertion(new PharMetaDataInterceptor())
     );
     ```
     ## Reader
     * `Phar\Reader::__construct(string $fileName)`: Creates low-level reader for Phar archive
     * `Phar\Reader::resolveContainer(): Phar\Container`: Resolves model representing Phar archive
     * `Phar\Container::getStub(): Phar\Stub`: Resolves (plain PHP) stub section of Phar archive
     * `Phar\Container::getManifest(): Phar\Manifest`: Resolves parsed Phar archive manifest as
       documented at http://php.net/manual/en/phar.fileformat.manifestfile.php
     * `Phar\Stub::getMappedAlias(): string`: Resolves internal Phar archive alias defined in stub
       using `Phar::mapPhar('alias.phar')` - actually the plain PHP source is analyzed here
     * `Phar\Manifest::getAlias(): string` - Resolves internal Phar archive alias defined in manifest
       using `Phar::setAlias('alias.phar')`
     * `Phar\Manifest::getMetaData(): string`: Resolves serialized Phar archive meta-data
     * `Phar\Manifest::deserializeMetaData(): mixed`: Resolves deserialized Phar archive meta-data
       containing only scalar values - in case an object is determined, an according
       `Phar\DeserializationException` will be thrown
     ```
     $reader = new Phar\Reader('example.phar');
     var_dump($reader->resolveContainer()->getManifest()->deserializeMetaData());
     ```
     ## Helper
     * `Helper::determineBaseFile(string $path)`: Determines base file that can be
     * `Helper::determineBaseFile(string $path): string`: Determines base file that can be
       accessed using the regular file system. For instance the following path
       `phar:///home/user/bundle.phar/content.txt` would be resolved to
       `/home/user/bundle.phar`.

Formats disponibles : Unified diff

Projet

Général

Profil

Club Drupal

Révision fbb66ca6

Ajouté par Assos Assos il y a presque 5 ans