From 46dc620a2b6c1f0e671d5a2f2edffe67ee3d0dbf Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Mon, 15 May 2023 09:06:30 +0200 Subject: [PATCH] Update composer dependencies --- .../files/lib/system/api/composer.json | 2 +- .../files/lib/system/api/composer.lock | 17 +++---- .../lib/system/api/composer/installed.json | 17 +++---- .../lib/system/api/composer/installed.php | 6 +-- .../system/api/guzzlehttp/guzzle/CHANGELOG.md | 18 ++++++++ .../api/guzzlehttp/guzzle/composer.json | 3 -- .../api/guzzlehttp/guzzle/src/Client.php | 4 ++ .../guzzle/src/Cookie/SetCookie.php | 46 +++++++++++++++++-- .../guzzle/src/Handler/CurlFactory.php | 28 ++++++++++- .../guzzle/src/Handler/StreamHandler.php | 21 ++++++++- .../guzzlehttp/guzzle/src/RequestOptions.php | 14 +++++- 11 files changed, 141 insertions(+), 35 deletions(-) diff --git a/wcfsetup/install/files/lib/system/api/composer.json b/wcfsetup/install/files/lib/system/api/composer.json index ca77157d26..4e39701614 100644 --- a/wcfsetup/install/files/lib/system/api/composer.json +++ b/wcfsetup/install/files/lib/system/api/composer.json @@ -14,7 +14,7 @@ "dragonmantank/cron-expression": "^3.3.2", "erusev/parsedown": "^1.7.4", "ezyang/htmlpurifier": "^4.16", - "guzzlehttp/guzzle": "^7.5.1", + "guzzlehttp/guzzle": "^7.6.0", "guzzlehttp/psr7": "^2.5.0", "laminas/laminas-diactoros": "^3.0.0", "laminas/laminas-httphandlerrunner": "^2.6.1", diff --git a/wcfsetup/install/files/lib/system/api/composer.lock b/wcfsetup/install/files/lib/system/api/composer.lock index bba583c9ee..da5debf795 100644 --- a/wcfsetup/install/files/lib/system/api/composer.lock +++ b/wcfsetup/install/files/lib/system/api/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3890cea4bf52b36ef7c334e1bc964d5e", + "content-hash": "c7c064656bc3cb2982c96672ad21ed19", "packages": [ { "name": "cuyz/valinor", @@ -253,16 +253,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.5.1", + "version": "7.6.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9" + "reference": "733dd89533dd371a0987172727df15f500dab0ef" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/733dd89533dd371a0987172727df15f500dab0ef", + "reference": "733dd89533dd371a0987172727df15f500dab0ef", "shasum": "" }, "require": { @@ -293,9 +293,6 @@ "bamarni-bin": { "bin-links": true, "forward-command": false - }, - "branch-alias": { - "dev-master": "7.5-dev" } }, "autoload": { @@ -361,7 +358,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.5.1" + "source": "https://github.com/guzzle/guzzle/tree/7.6.0" }, "funding": [ { @@ -377,7 +374,7 @@ "type": "tidelift" } ], - "time": "2023-04-17T16:30:08+00:00" + "time": "2023-05-14T11:23:39+00:00" }, { "name": "guzzlehttp/promises", diff --git a/wcfsetup/install/files/lib/system/api/composer/installed.json b/wcfsetup/install/files/lib/system/api/composer/installed.json index 1c6a4a8ded..c12222e7a3 100644 --- a/wcfsetup/install/files/lib/system/api/composer/installed.json +++ b/wcfsetup/install/files/lib/system/api/composer/installed.json @@ -259,17 +259,17 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.5.1", - "version_normalized": "7.5.1.0", + "version": "7.6.0", + "version_normalized": "7.6.0.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9" + "reference": "733dd89533dd371a0987172727df15f500dab0ef" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/733dd89533dd371a0987172727df15f500dab0ef", + "reference": "733dd89533dd371a0987172727df15f500dab0ef", "shasum": "" }, "require": { @@ -295,15 +295,12 @@ "ext-intl": "Required for Internationalized Domain Name (IDN) support", "psr/log": "Required for using the Log middleware" }, - "time": "2023-04-17T16:30:08+00:00", + "time": "2023-05-14T11:23:39+00:00", "type": "library", "extra": { "bamarni-bin": { "bin-links": true, "forward-command": false - }, - "branch-alias": { - "dev-master": "7.5-dev" } }, "installation-source": "dist", @@ -370,7 +367,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.5.1" + "source": "https://github.com/guzzle/guzzle/tree/7.6.0" }, "funding": [ { diff --git a/wcfsetup/install/files/lib/system/api/composer/installed.php b/wcfsetup/install/files/lib/system/api/composer/installed.php index cb8d366f3f..32c16a445f 100644 --- a/wcfsetup/install/files/lib/system/api/composer/installed.php +++ b/wcfsetup/install/files/lib/system/api/composer/installed.php @@ -56,9 +56,9 @@ 'dev_requirement' => false, ), 'guzzlehttp/guzzle' => array( - 'pretty_version' => '7.5.1', - 'version' => '7.5.1.0', - 'reference' => 'b964ca597e86b752cd994f27293e9fa6b6a95ed9', + 'pretty_version' => '7.6.0', + 'version' => '7.6.0.0', + 'reference' => '733dd89533dd371a0987172727df15f500dab0ef', 'type' => 'library', 'install_path' => __DIR__ . '/../guzzlehttp/guzzle', 'aliases' => array(), diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/CHANGELOG.md b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/CHANGELOG.md index 1a9684340f..0bc64f587a 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/CHANGELOG.md +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/CHANGELOG.md @@ -2,6 +2,24 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version. +## 7.6.0 - 2023-05-14 + +### Added + +- Support for setting the minimum TLS version in a unified way +- Apply on request the version set in options parameters + +## 7.5.2 - 2023-05-14 + +### Fixed + +- Fixed set cookie constructor validation +- Fixed handling of files with `'0'` body + +### Changed + +- Corrected docs and default connect timeout value to 300 seconds + ## 7.5.1 - 2023-04-17 ### Fixed diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/composer.json b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/composer.json index eb40a45c26..b38d5d99fc 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/composer.json +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/composer.json @@ -84,9 +84,6 @@ "bamarni-bin": { "bin-links": true, "forward-command": false - }, - "branch-alias": { - "dev-master": "7.5-dev" } }, "autoload": { diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Client.php b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Client.php index 58f1d891a7..c21fcb6e46 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Client.php +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Client.php @@ -437,6 +437,10 @@ class Client implements ClientInterface, \Psr\Http\Client\ClientInterface } } + if (isset($options['version'])) { + $modify['version'] = $options['version']; + } + $request = Psr7\Utils::modifyRequest($request, $modify); if ($request->getBody() instanceof Psr7\MultipartStream) { // Use a multipart/form-data POST if a Content-Type is not set. diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Cookie/SetCookie.php b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Cookie/SetCookie.php index a613c77bf4..cf1e03c1a0 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Cookie/SetCookie.php +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Cookie/SetCookie.php @@ -74,13 +74,49 @@ class SetCookie */ public function __construct(array $data = []) { - /** @var array|null $replaced will be null in case of replace error */ - $replaced = \array_replace(self::$defaults, $data); - if ($replaced === null) { - throw new \InvalidArgumentException('Unable to replace the default values for the Cookie.'); + $this->data = self::$defaults; + + if (isset($data['Name'])) { + $this->setName($data['Name']); + } + + if (isset($data['Value'])) { + $this->setValue($data['Value']); + } + + if (isset($data['Domain'])) { + $this->setDomain($data['Domain']); + } + + if (isset($data['Path'])) { + $this->setPath($data['Path']); + } + + if (isset($data['Max-Age'])) { + $this->setMaxAge($data['Max-Age']); + } + + if (isset($data['Expires'])) { + $this->setExpires($data['Expires']); + } + + if (isset($data['Secure'])) { + $this->setSecure($data['Secure']); + } + + if (isset($data['Discard'])) { + $this->setDiscard($data['Discard']); + } + + if (isset($data['HttpOnly'])) { + $this->setHttpOnly($data['HttpOnly']); + } + + // Set the remaining values that don't have extra validation logic + foreach (array_diff(array_keys($data), array_keys(self::$defaults)) as $key) { + $this->data[$key] = $data[$key]; } - $this->data = $replaced; // Extract the Expires value and turn it into a UNIX timestamp if needed if (!$this->getExpires() && $this->getMaxAge()) { // Calculate the Expires date diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/CurlFactory.php b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/CurlFactory.php index e8f5fe8c64..95375e30e7 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/CurlFactory.php +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/CurlFactory.php @@ -224,7 +224,7 @@ class CurlFactory implements CurlFactoryInterface \CURLOPT_URL => (string) $easy->request->getUri()->withFragment(''), \CURLOPT_RETURNTRANSFER => false, \CURLOPT_HEADER => false, - \CURLOPT_CONNECTTIMEOUT => 150, + \CURLOPT_CONNECTTIMEOUT => 300, ]; if (\defined('CURLOPT_PROTOCOLS')) { @@ -452,6 +452,32 @@ class CurlFactory implements CurlFactoryInterface } } + if (isset($options['crypto_method'])) { + if (\STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT === $options['crypto_method']) { + if (!defined('CURL_SSLVERSION_TLSv1_0')) { + throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.0 not supported by your version of cURL'); + } + $conf[\CURLOPT_SSLVERSION] = \CURL_SSLVERSION_TLSv1_0; + } elseif (\STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT === $options['crypto_method']) { + if (!defined('CURL_SSLVERSION_TLSv1_1')) { + throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.1 not supported by your version of cURL'); + } + $conf[\CURLOPT_SSLVERSION] = \CURL_SSLVERSION_TLSv1_1; + } elseif (\STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT === $options['crypto_method']) { + if (!defined('CURL_SSLVERSION_TLSv1_2')) { + throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.2 not supported by your version of cURL'); + } + $conf[\CURLOPT_SSLVERSION] = \CURL_SSLVERSION_TLSv1_2; + } elseif (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT') && \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT === $options['crypto_method']) { + if (!defined('CURL_SSLVERSION_TLSv1_3')) { + throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.3 not supported by your version of cURL'); + } + $conf[\CURLOPT_SSLVERSION] = \CURL_SSLVERSION_TLSv1_3; + } else { + throw new \InvalidArgumentException('Invalid crypto_method request option: unknown version provided'); + } + } + if (isset($options['cert'])) { $cert = $options['cert']; if (\is_array($cert)) { diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/StreamHandler.php b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/StreamHandler.php index 543f825a25..310987c205 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/StreamHandler.php +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/Handler/StreamHandler.php @@ -388,7 +388,7 @@ class StreamHandler $body = (string) $request->getBody(); - if (!empty($body)) { + if ('' !== $body) { $context['http']['content'] = $body; // Prevent the HTTP handler from adding a Content-Type header. if (!$request->hasHeader('Content-Type')) { @@ -472,6 +472,25 @@ class StreamHandler } } + /** + * @param mixed $value as passed via Request transfer options. + */ + private function add_crypto_method(RequestInterface $request, array &$options, $value, array &$params): void + { + if ( + $value === \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT + || $value === \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT + || $value === \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT + || (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT') && $value === \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT) + ) { + $options['http']['crypto_method'] = $value; + + return; + } + + throw new \InvalidArgumentException('Invalid crypto_method request option: unknown version provided'); + } + /** * @param mixed $value as passed via Request transfer options. */ diff --git a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/RequestOptions.php b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/RequestOptions.php index 20b31bc207..542cd72c09 100644 --- a/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/RequestOptions.php +++ b/wcfsetup/install/files/lib/system/api/guzzlehttp/guzzle/src/RequestOptions.php @@ -70,10 +70,22 @@ final class RequestOptions /** * connect_timeout: (float, default=0) Float describing the number of * seconds to wait while trying to connect to a server. Use 0 to wait - * indefinitely (the default behavior). + * 300 seconds (the default behavior). */ public const CONNECT_TIMEOUT = 'connect_timeout'; + /** + * crypto_method: (int) A value describing the minimum TLS protocol + * version to use. + * + * This setting must be set to one of the + * ``STREAM_CRYPTO_METHOD_TLS*_CLIENT`` constants. PHP 7.4 or higher is + * required in order to use TLS 1.3, and cURL 7.34.0 or higher is required + * in order to specify a crypto method, with cURL 7.52.0 or higher being + * required to use TLS 1.3. + */ + public const CRYPTO_METHOD = 'crypto_method'; + /** * debug: (bool|resource) Set to true or set to a PHP stream returned by * fopen() enable debug output with the HTTP handler used to send a -- 2.20.1