[Pkg-owncloud-commits] [owncloud] 389/394: Bump SabreDAV to 1.6.8
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:12:58 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.5.10
in repository owncloud.
commit ade283169dbeb607213943288db38b838dd245c6
Author: Lukas Reschke <lukas at statuscode.ch>
Date: Tue Apr 9 09:55:00 2013 +0200
Bump SabreDAV to 1.6.8
---
.../CardDAV/Property/SupportedAddressData.php | 2 +-
3rdparty/Sabre/CardDAV/Version.php | 2 +-
3rdparty/Sabre/DAV/Browser/Plugin.php | 12 ++++---
3rdparty/Sabre/DAV/Client.php | 36 ++++++++++++++++++--
3rdparty/Sabre/DAV/Version.php | 2 +-
3rdparty/Sabre/DAVACL/Version.php | 2 +-
6 files changed, 46 insertions(+), 10 deletions(-)
diff --git a/3rdparty/Sabre/CardDAV/Property/SupportedAddressData.php b/3rdparty/Sabre/CardDAV/Property/SupportedAddressData.php
index 36d9306..16284bf 100755
--- a/3rdparty/Sabre/CardDAV/Property/SupportedAddressData.php
+++ b/3rdparty/Sabre/CardDAV/Property/SupportedAddressData.php
@@ -31,7 +31,7 @@ class Sabre_CardDAV_Property_SupportedAddressData extends Sabre_DAV_Property {
if (is_null($supportedData)) {
$supportedData = array(
array('contentType' => 'text/vcard', 'version' => '3.0'),
- array('contentType' => 'text/vcard', 'version' => '4.0'),
+ // array('contentType' => 'text/vcard', 'version' => '4.0'),
);
}
diff --git a/3rdparty/Sabre/CardDAV/Version.php b/3rdparty/Sabre/CardDAV/Version.php
index 6c19050..ec3eea1 100755
--- a/3rdparty/Sabre/CardDAV/Version.php
+++ b/3rdparty/Sabre/CardDAV/Version.php
@@ -16,7 +16,7 @@ class Sabre_CardDAV_Version {
/**
* Full version number
*/
- const VERSION = '1.6.5';
+ const VERSION = '1.6.7';
/**
* Stability : alpha, beta, stable
diff --git a/3rdparty/Sabre/DAV/Browser/Plugin.php b/3rdparty/Sabre/DAV/Browser/Plugin.php
index b6440ab..d866c50 100755
--- a/3rdparty/Sabre/DAV/Browser/Plugin.php
+++ b/3rdparty/Sabre/DAV/Browser/Plugin.php
@@ -439,12 +439,16 @@ class Sabre_DAV_Browser_Plugin extends Sabre_DAV_ServerPlugin {
*/
protected function getLocalAssetPath($assetName) {
+ $assetDir = realpath(__DIR__ . '/assets') . '/';
+ $path = $assetDir . $assetName;
+
// Making sure people aren't trying to escape from the base path.
- $assetSplit = explode('/', $assetName);
- if (in_array('..',$assetSplit)) {
- throw new Sabre_DAV_Exception('Incorrect asset path');
+ $path = realpath($path);
+
+ if ($path === false || substr($path, 0, strlen($assetDir))!==$assetDir) {
+ throw new Sabre_DAV_Exception_Forbidden('Path does not exist, or escaping from the base path was detected');
}
- $path = __DIR__ . '/assets/' . $assetName;
+
return $path;
}
diff --git a/3rdparty/Sabre/DAV/Client.php b/3rdparty/Sabre/DAV/Client.php
index 7afa708..c41305b 100755
--- a/3rdparty/Sabre/DAV/Client.php
+++ b/3rdparty/Sabre/DAV/Client.php
@@ -16,6 +16,18 @@
*/
class Sabre_DAV_Client {
+ /**
+ * The propertyMap is a key-value array.
+ *
+ * If you use the propertyMap, any {DAV:}multistatus responses with the
+ * properties listed in this array, will automatically be mapped to a
+ * respective class.
+ *
+ * The {DAV:}resourcetype property is automatically added. This maps to
+ * Sabre\DAV\Property\ResourceType
+ *
+ * @var array
+ */
public $propertyMap = array();
protected $baseUri;
@@ -47,6 +59,13 @@ class Sabre_DAV_Client {
protected $authType;
/**
+ * Indicates if SSL verification is enabled or not.
+ *
+ * @var boolean
+ */
+ private $verifyPeer;
+
+ /**
* Constructor
*
* Settings are provided through the 'settings' argument. The following
@@ -91,7 +110,7 @@ class Sabre_DAV_Client {
/**
* Add trusted root certificates to the webdav client.
*
- * The parameter certificates should be a absulute path to a file
+ * The parameter certificates should be a absolute path to a file
* which contains all trusted certificates
*
* @param string $certificates
@@ -101,6 +120,15 @@ class Sabre_DAV_Client {
}
/**
+ * Enables/disables SSL peer verification
+ *
+ * @param boolean $value
+ */
+ public function setVerifyPeer($value) {
+ $this->verifyPeer = $value;
+ }
+
+ /**
* Does a PROPFIND request
*
* The list of requested properties must be specified as an array, in clark
@@ -292,6 +320,10 @@ class Sabre_DAV_Client {
CURLOPT_MAXREDIRS => 5,
);
+ if($this->verifyPeer !== null) {
+ $curlSettings[CURLOPT_SSL_VERIFYPEER] = $this->verifyPeer;
+ }
+
if($this->trustedCertificates) {
$curlSettings[CURLOPT_CAINFO] = $this->trustedCertificates;
}
@@ -299,7 +331,7 @@ class Sabre_DAV_Client {
switch ($method) {
case 'HEAD' :
- // do not read body with HEAD requests (this is neccessary because cURL does not ignore the body with HEAD
+ // do not read body with HEAD requests (this is necessary because cURL does not ignore the body with HEAD
// requests when the Content-Length header is given - which in turn is perfectly valid according to HTTP
// specs...) cURL does unfortunately return an error in this case ("transfer closed transfer closed with
// ... bytes remaining to read") this can be circumvented by explicitly telling cURL to ignore the
diff --git a/3rdparty/Sabre/DAV/Version.php b/3rdparty/Sabre/DAV/Version.php
index 78b1724..e56a208 100755
--- a/3rdparty/Sabre/DAV/Version.php
+++ b/3rdparty/Sabre/DAV/Version.php
@@ -14,7 +14,7 @@ class Sabre_DAV_Version {
/**
* Full version number
*/
- const VERSION = '1.6.6';
+ const VERSION = '1.6.8';
/**
* Stability : alpha, beta, stable
diff --git a/3rdparty/Sabre/DAVACL/Version.php b/3rdparty/Sabre/DAVACL/Version.php
index 9950f74..0ec02d3 100755
--- a/3rdparty/Sabre/DAVACL/Version.php
+++ b/3rdparty/Sabre/DAVACL/Version.php
@@ -14,7 +14,7 @@ class Sabre_DAVACL_Version {
/**
* Full version number
*/
- const VERSION = '1.6.0';
+ const VERSION = '1.6.8';
/**
* Stability : alpha, beta, stable
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list