From 89b4f1d05ee45b5e534bae768b3019c1689c5adc Mon Sep 17 00:00:00 2001 From: Ricardo Dalinger Date: Fri, 4 Mar 2022 16:39:56 -0300 Subject: [PATCH] Elimina SecurityMultiTool y cambia a paragonie/anti-csrf --- composer.json | 5 +- composer.lock | 1064 ++++++-------------- php/nucleo/lib/toba_manejador_sesiones.php | 37 +- php/nucleo/lib/toba_memoria.php | 36 +- php/nucleo/toba_nucleo.php | 8 +- 5 files changed, 362 insertions(+), 788 deletions(-) diff --git a/composer.json b/composer.json index 569efbe176..f8b02d0145 100644 --- a/composer.json +++ b/composer.json @@ -29,9 +29,10 @@ "siu/arai-json-migrator": "~1.1", "siu/manejador-salida-toba": "~1.1", "siu/interfaces-manejador-salida-toba": "~1.2.0", - "siu/security-multitool": "~1.1", + "paragonie/anti-csrf": "~2.3.0", "symfony/yaml": "~4.4", - "vlucas/phpdotenv": "~3.6" + "vlucas/phpdotenv": "~3.6", + "laminas/laminas-escaper": "~2.9.0" }, "conflict": { "siu/arai-cli": "<3.0.0", diff --git a/composer.lock b/composer.lock index eb143e77c4..8cd1f8dded 100644 --- a/composer.lock +++ b/composer.lock @@ -4,44 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "1758aeffa44ecad101d9ae6f67cc4ab6", + "content-hash": "e31b9505c8c2451b54e75410041c4696", "packages": [ - { - "name": "container-interop/container-interop", - "version": "1.2.0", - "source": { - "type": "git", - "url": "https://github.com/container-interop/container-interop.git", - "reference": "79cbf1341c22ec75643d841642dd5d6acd83bdb8" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/container-interop/container-interop/zipball/79cbf1341c22ec75643d841642dd5d6acd83bdb8", - "reference": "79cbf1341c22ec75643d841642dd5d6acd83bdb8", - "shasum": "" - }, - "require": { - "psr/container": "^1.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "Interop\\Container\\": "src/Interop/Container/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "Promoting the interoperability of container objects (DIC, SL, etc.)", - "homepage": "https://github.com/container-interop/container-interop", - "support": { - "issues": "https://github.com/container-interop/container-interop/issues", - "source": "https://github.com/container-interop/container-interop/tree/master" - }, - "abandoned": "psr/container", - "time": "2017-02-14T19:40:03+00:00" - }, { "name": "dapphp/securimage", "version": "3.6.8", @@ -197,32 +161,29 @@ }, { "name": "ezyang/htmlpurifier", - "version": "v4.13.0", + "version": "v4.14.0", "source": { "type": "git", "url": "https://github.com/ezyang/htmlpurifier.git", - "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75" + "reference": "12ab42bd6e742c70c0a52f7b82477fcd44e64b75" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/08e27c97e4c6ed02f37c5b2b20488046c8d90d75", - "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/12ab42bd6e742c70c0a52f7b82477fcd44e64b75", + "reference": "12ab42bd6e742c70c0a52f7b82477fcd44e64b75", "shasum": "" }, "require": { "php": ">=5.2" }, - "require-dev": { - "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd" - }, "type": "library", "autoload": { - "psr-0": { - "HTMLPurifier": "library/" - }, "files": [ "library/HTMLPurifier.composer.php" ], + "psr-0": { + "HTMLPurifier": "library/" + }, "exclude-from-classmap": [ "/library/HTMLPurifier/Language/" ] @@ -245,9 +206,9 @@ ], "support": { "issues": "https://github.com/ezyang/htmlpurifier/issues", - "source": "https://github.com/ezyang/htmlpurifier/tree/master" + "source": "https://github.com/ezyang/htmlpurifier/tree/v4.14.0" }, - "time": "2020-06-29T00:56:53+00:00" + "time": "2021-12-25T01:21:49+00:00" }, { "name": "firebase/php-jwt", @@ -391,12 +352,12 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -453,12 +414,12 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\Promise\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -546,12 +507,12 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\Psr7\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\Psr7\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -826,276 +787,6 @@ ], "time": "2021-09-02T17:10:53+00:00" }, - { - "name": "laminas/laminas-stdlib", - "version": "3.6.2", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-stdlib.git", - "reference": "6fe0842909638ca6bea8401b7e8168fb154bffb5" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-stdlib/zipball/6fe0842909638ca6bea8401b7e8168fb154bffb5", - "reference": "6fe0842909638ca6bea8401b7e8168fb154bffb5", - "shasum": "" - }, - "require": { - "php": "^7.3 || ~8.0.0 || ~8.1.0" - }, - "conflict": { - "zendframework/zend-stdlib": "*" - }, - "require-dev": { - "laminas/laminas-coding-standard": "~2.3.0", - "phpbench/phpbench": "^0.17.1", - "phpunit/phpunit": "~9.3.7", - "psalm/plugin-phpunit": "^0.16.0", - "vimeo/psalm": "^4.7" - }, - "type": "library", - "autoload": { - "psr-4": { - "Laminas\\Stdlib\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "SPL extensions, array utilities, error handlers, and more", - "homepage": "https://laminas.dev", - "keywords": [ - "laminas", - "stdlib" - ], - "support": { - "chat": "https://laminas.dev/chat", - "docs": "https://docs.laminas.dev/laminas-stdlib/", - "forum": "https://discourse.laminas.dev", - "issues": "https://github.com/laminas/laminas-stdlib/issues", - "rss": "https://github.com/laminas/laminas-stdlib/releases.atom", - "source": "https://github.com/laminas/laminas-stdlib" - }, - "funding": [ - { - "url": "https://funding.communitybridge.org/projects/laminas-project", - "type": "community_bridge" - } - ], - "time": "2021-12-07T21:06:58+00:00" - }, - { - "name": "laminas/laminas-uri", - "version": "2.7.1", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-uri.git", - "reference": "6be8ce19622f359b048ce4faebf1aa1bca73a7ff" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-uri/zipball/6be8ce19622f359b048ce4faebf1aa1bca73a7ff", - "reference": "6be8ce19622f359b048ce4faebf1aa1bca73a7ff", - "shasum": "" - }, - "require": { - "laminas/laminas-escaper": "^2.5", - "laminas/laminas-validator": "^2.10", - "laminas/laminas-zendframework-bridge": "^1.0", - "php": "^5.6 || ^7.0" - }, - "replace": { - "zendframework/zend-uri": "self.version" - }, - "require-dev": { - "laminas/laminas-coding-standard": "~1.0.0", - "phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.4" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "2.7.x-dev", - "dev-develop": "2.8.x-dev" - } - }, - "autoload": { - "psr-4": { - "Laminas\\Uri\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "A component that aids in manipulating and validating » Uniform Resource Identifiers (URIs)", - "homepage": "https://laminas.dev", - "keywords": [ - "laminas", - "uri" - ], - "support": { - "chat": "https://laminas.dev/chat", - "docs": "https://docs.laminas.dev/laminas-uri/", - "forum": "https://discourse.laminas.dev", - "issues": "https://github.com/laminas/laminas-uri/issues", - "rss": "https://github.com/laminas/laminas-uri/releases.atom", - "source": "https://github.com/laminas/laminas-uri" - }, - "time": "2019-12-31T17:56:00+00:00" - }, - { - "name": "laminas/laminas-validator", - "version": "2.15.1", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-validator.git", - "reference": "fbd87f30c0a27aaeeee8adb2f934c14fb6046c80" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-validator/zipball/fbd87f30c0a27aaeeee8adb2f934c14fb6046c80", - "reference": "fbd87f30c0a27aaeeee8adb2f934c14fb6046c80", - "shasum": "" - }, - "require": { - "container-interop/container-interop": "^1.1", - "laminas/laminas-stdlib": "^3.6", - "php": "^7.3 || ~8.0.0 || ~8.1.0" - }, - "conflict": { - "zendframework/zend-validator": "*" - }, - "require-dev": { - "laminas/laminas-cache": "^2.6.1", - "laminas/laminas-coding-standard": "~2.2.1", - "laminas/laminas-db": "^2.7", - "laminas/laminas-filter": "^2.6", - "laminas/laminas-http": "^2.14.2", - "laminas/laminas-i18n": "^2.6", - "laminas/laminas-math": "^2.6", - "laminas/laminas-servicemanager": "^2.7.11 || ^3.0.3", - "laminas/laminas-session": "^2.8", - "laminas/laminas-uri": "^2.7", - "phpspec/prophecy-phpunit": "^2.0", - "phpunit/phpunit": "^9.5.5", - "psalm/plugin-phpunit": "^0.15.0", - "psr/http-client": "^1.0", - "psr/http-factory": "^1.0", - "psr/http-message": "^1.0", - "vimeo/psalm": "^4.3" - }, - "suggest": { - "laminas/laminas-db": "Laminas\\Db component, required by the (No)RecordExists validator", - "laminas/laminas-filter": "Laminas\\Filter component, required by the Digits validator", - "laminas/laminas-i18n": "Laminas\\I18n component to allow translation of validation error messages", - "laminas/laminas-i18n-resources": "Translations of validator messages", - "laminas/laminas-math": "Laminas\\Math component, required by the Csrf validator", - "laminas/laminas-servicemanager": "Laminas\\ServiceManager component to allow using the ValidatorPluginManager and validator chains", - "laminas/laminas-session": "Laminas\\Session component, ^2.8; required by the Csrf validator", - "laminas/laminas-uri": "Laminas\\Uri component, required by the Uri and Sitemap\\Loc validators", - "psr/http-message": "psr/http-message, required when validating PSR-7 UploadedFileInterface instances via the Upload and UploadFile validators" - }, - "type": "library", - "extra": { - "laminas": { - "component": "Laminas\\Validator", - "config-provider": "Laminas\\Validator\\ConfigProvider" - } - }, - "autoload": { - "psr-4": { - "Laminas\\Validator\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "Validation classes for a wide range of domains, and the ability to chain validators to create complex validation criteria", - "homepage": "https://laminas.dev", - "keywords": [ - "laminas", - "validator" - ], - "support": { - "chat": "https://laminas.dev/chat", - "docs": "https://docs.laminas.dev/laminas-validator/", - "forum": "https://discourse.laminas.dev", - "issues": "https://github.com/laminas/laminas-validator/issues", - "rss": "https://github.com/laminas/laminas-validator/releases.atom", - "source": "https://github.com/laminas/laminas-validator" - }, - "funding": [ - { - "url": "https://funding.communitybridge.org/projects/laminas-project", - "type": "community_bridge" - } - ], - "time": "2021-12-02T14:23:06+00:00" - }, - { - "name": "laminas/laminas-zendframework-bridge", - "version": "1.4.0", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-zendframework-bridge.git", - "reference": "bf180a382393e7db5c1e8d0f2ec0c4af9c724baf" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-zendframework-bridge/zipball/bf180a382393e7db5c1e8d0f2ec0c4af9c724baf", - "reference": "bf180a382393e7db5c1e8d0f2ec0c4af9c724baf", - "shasum": "" - }, - "require": { - "php": "^7.3 || ~8.0.0 || ~8.1.0" - }, - "require-dev": { - "phpunit/phpunit": "^9.3", - "psalm/plugin-phpunit": "^0.15.1", - "squizlabs/php_codesniffer": "^3.5", - "vimeo/psalm": "^4.6" - }, - "type": "library", - "extra": { - "laminas": { - "module": "Laminas\\ZendFrameworkBridge" - } - }, - "autoload": { - "files": [ - "src/autoload.php" - ], - "psr-4": { - "Laminas\\ZendFrameworkBridge\\": "src//" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "Alias legacy ZF class names to Laminas Project equivalents.", - "keywords": [ - "ZendFramework", - "autoloading", - "laminas", - "zf" - ], - "support": { - "forum": "https://discourse.laminas.dev/", - "issues": "https://github.com/laminas/laminas-zendframework-bridge/issues", - "rss": "https://github.com/laminas/laminas-zendframework-bridge/releases.atom", - "source": "https://github.com/laminas/laminas-zendframework-bridge" - }, - "funding": [ - { - "url": "https://funding.communitybridge.org/projects/laminas-project", - "type": "community_bridge" - } - ], - "time": "2021-09-03T17:53:30+00:00" - }, { "name": "maennchen/zipstream-php", "version": "2.1.0", @@ -1274,117 +965,6 @@ }, "time": "2021-07-01T19:01:15+00:00" }, - { - "name": "michelf/php-markdown", - "version": "1.9.1", - "source": { - "type": "git", - "url": "https://github.com/michelf/php-markdown.git", - "reference": "5024d623c1a057dcd2d076d25b7d270a1d0d55f3" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/michelf/php-markdown/zipball/5024d623c1a057dcd2d076d25b7d270a1d0d55f3", - "reference": "5024d623c1a057dcd2d076d25b7d270a1d0d55f3", - "shasum": "" - }, - "require": { - "php": ">=5.3.0" - }, - "require-dev": { - "phpunit/phpunit": ">=4.3 <5.8" - }, - "type": "library", - "autoload": { - "psr-4": { - "Michelf\\": "Michelf/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "authors": [ - { - "name": "Michel Fortin", - "email": "michel.fortin@michelf.ca", - "homepage": "https://michelf.ca/", - "role": "Developer" - }, - { - "name": "John Gruber", - "homepage": "https://daringfireball.net/" - } - ], - "description": "PHP Markdown", - "homepage": "https://michelf.ca/projects/php-markdown/", - "keywords": [ - "markdown" - ], - "support": { - "issues": "https://github.com/michelf/php-markdown/issues", - "source": "https://github.com/michelf/php-markdown/tree/1.9.1" - }, - "time": "2021-11-24T02:52:38+00:00" - }, - { - "name": "mjohnson/decoda", - "version": "6.12.0", - "source": { - "type": "git", - "url": "https://github.com/milesj/decoda.git", - "reference": "9817fd5abbd742384f59831d8a5953b01803b45d" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/milesj/decoda/zipball/9817fd5abbd742384f59831d8a5953b01803b45d", - "reference": "9817fd5abbd742384f59831d8a5953b01803b45d", - "shasum": "" - }, - "require": { - "ext-mbstring": "*", - "php": ">=5.3.0" - }, - "require-dev": { - "phpunit/phpunit": "~4.8|^7.5" - }, - "suggest": { - "ext-memcached": "Cache data using Memcache", - "ext-redis": "Cache data using Redis" - }, - "type": "library", - "autoload": { - "psr-0": { - "Decoda": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Miles Johnson", - "homepage": "http://milesj.me" - } - ], - "description": "A lightweight lexical string parser for BBCode styled markup.", - "homepage": "http://milesj.me/code/php/decoda", - "keywords": [ - "HOOK", - "bbcode", - "decoda", - "filter", - "lexer", - "markup", - "parser" - ], - "support": { - "issues": "https://github.com/milesj/decoda/issues", - "source": "https://github.com/milesj/decoda" - }, - "time": "2019-01-16T04:52:14+00:00" - }, { "name": "myclabs/php-enum", "version": "1.8.3", @@ -1556,6 +1136,127 @@ }, "time": "2021-03-02T10:13:07+00:00" }, + { + "name": "paragonie/anti-csrf", + "version": "v2.3.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/anti-csrf.git", + "reference": "2b2579108d35e569ff8b312fb87728db12bfd90d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/anti-csrf/zipball/2b2579108d35e569ff8b312fb87728db12bfd90d", + "reference": "2b2579108d35e569ff8b312fb87728db12bfd90d", + "shasum": "" + }, + "require": { + "paragonie/constant_time_encoding": "^2", + "php": "^7|^8" + }, + "require-dev": { + "phpunit/phpunit": "^7|^8|^9", + "vimeo/psalm": "^1|^3|^4" + }, + "type": "library", + "autoload": { + "psr-4": { + "ParagonIE\\AntiCSRF\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "(MIT or AGPL-3.0)" + ], + "authors": [ + { + "name": "Scott Arciszewski", + "email": "scott@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Developer" + } + ], + "description": "Paragon Initiative's Anti-CSRF Security Library", + "keywords": [ + "appsec", + "csrf", + "security", + "session" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/anti-csrf/issues", + "source": "https://github.com/paragonie/anti-csrf" + }, + "time": "2020-12-03T14:37:16+00:00" + }, + { + "name": "paragonie/constant_time_encoding", + "version": "v2.5.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/constant_time_encoding.git", + "reference": "9229e15f2e6ba772f0c55dd6986c563b937170a8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/9229e15f2e6ba772f0c55dd6986c563b937170a8", + "reference": "9229e15f2e6ba772f0c55dd6986c563b937170a8", + "shasum": "" + }, + "require": { + "php": "^7|^8" + }, + "require-dev": { + "phpunit/phpunit": "^6|^7|^8|^9", + "vimeo/psalm": "^1|^2|^3|^4" + }, + "type": "library", + "autoload": { + "psr-4": { + "ParagonIE\\ConstantTime\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com", + "role": "Maintainer" + }, + { + "name": "Steve 'Sc00bz' Thomas", + "email": "steve@tobtu.com", + "homepage": "https://www.tobtu.com", + "role": "Original Developer" + } + ], + "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", + "keywords": [ + "base16", + "base32", + "base32_decode", + "base32_encode", + "base64", + "base64_decode", + "base64_encode", + "bin2hex", + "encoding", + "hex", + "hex2bin", + "rfc4648" + ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/constant_time_encoding/issues", + "source": "https://github.com/paragonie/constant_time_encoding" + }, + "time": "2022-01-17T05:32:27+00:00" + }, { "name": "paragonie/random-lib", "version": "v2.0.1", @@ -1623,23 +1324,23 @@ }, { "name": "paragonie/random_compat", - "version": "v2.0.20", + "version": "v2.0.21", "source": { "type": "git", "url": "https://github.com/paragonie/random_compat.git", - "reference": "0f1f60250fccffeaf5dda91eea1c018aed1adc2a" + "reference": "96c132c7f2f7bc3230723b66e89f8f150b29d5ae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/0f1f60250fccffeaf5dda91eea1c018aed1adc2a", - "reference": "0f1f60250fccffeaf5dda91eea1c018aed1adc2a", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/96c132c7f2f7bc3230723b66e89f8f150b29d5ae", + "reference": "96c132c7f2f7bc3230723b66e89f8f150b29d5ae", "shasum": "" }, "require": { "php": ">=5.2.0" }, "require-dev": { - "phpunit/phpunit": "4.*|5.*" + "phpunit/phpunit": "*" }, "suggest": { "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." @@ -1673,7 +1374,7 @@ "issues": "https://github.com/paragonie/random_compat/issues", "source": "https://github.com/paragonie/random_compat" }, - "time": "2021-04-17T09:33:01+00:00" + "time": "2022-02-16T17:07:03+00:00" }, { "name": "paragonie/sodium_compat", @@ -1875,16 +1576,16 @@ }, { "name": "phpmailer/phpmailer", - "version": "v6.5.3", + "version": "v6.5.4", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "baeb7cde6b60b1286912690ab0693c7789a31e71" + "reference": "c0d9f7dd3c2aa247ca44791e9209233829d82285" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/baeb7cde6b60b1286912690ab0693c7789a31e71", - "reference": "baeb7cde6b60b1286912690ab0693c7789a31e71", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/c0d9f7dd3c2aa247ca44791e9209233829d82285", + "reference": "c0d9f7dd3c2aa247ca44791e9209233829d82285", "shasum": "" }, "require": { @@ -1897,10 +1598,10 @@ "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0", "doctrine/annotations": "^1.2", "php-parallel-lint/php-console-highlighter": "^0.5.0", - "php-parallel-lint/php-parallel-lint": "^1.3", + "php-parallel-lint/php-parallel-lint": "^1.3.1", "phpcompatibility/php-compatibility": "^9.3.5", "roave/security-advisories": "dev-latest", - "squizlabs/php_codesniffer": "^3.6.0", + "squizlabs/php_codesniffer": "^3.6.2", "yoast/phpunit-polyfills": "^1.0.0" }, "suggest": { @@ -1941,7 +1642,7 @@ "description": "PHPMailer is a full-featured email creation and transfer class for PHP", "support": { "issues": "https://github.com/PHPMailer/PHPMailer/issues", - "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.5.3" + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.5.4" }, "funding": [ { @@ -1949,20 +1650,20 @@ "type": "github" } ], - "time": "2021-11-25T16:34:11+00:00" + "time": "2022-02-17T08:19:04+00:00" }, { "name": "phpoffice/phpspreadsheet", - "version": "1.20.0", + "version": "1.22.0", "source": { "type": "git", "url": "https://github.com/PHPOffice/PhpSpreadsheet.git", - "reference": "44436f270bb134b4a94670f3d020a85dfa0a3c02" + "reference": "3a9e29b4f386a08a151a33578e80ef1747037a48" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/44436f270bb134b4a94670f3d020a85dfa0a3c02", - "reference": "44436f270bb134b4a94670f3d020a85dfa0a3c02", + "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/3a9e29b4f386a08a151a33578e80ef1747037a48", + "reference": "3a9e29b4f386a08a151a33578e80ef1747037a48", "shasum": "" }, "require": { @@ -1993,7 +1694,7 @@ "dompdf/dompdf": "^1.0", "friendsofphp/php-cs-fixer": "^3.2", "jpgraph/jpgraph": "^4.0", - "mpdf/mpdf": "^8.0", + "mpdf/mpdf": "8.0.17", "phpcompatibility/php-compatibility": "^9.3", "phpstan/phpstan": "^1.1", "phpstan/phpstan-phpunit": "^1.0", @@ -2051,9 +1752,9 @@ ], "support": { "issues": "https://github.com/PHPOffice/PhpSpreadsheet/issues", - "source": "https://github.com/PHPOffice/PhpSpreadsheet/tree/1.20.0" + "source": "https://github.com/PHPOffice/PhpSpreadsheet/tree/1.22.0" }, - "time": "2021-11-23T15:23:42+00:00" + "time": "2022-02-18T12:57:07+00:00" }, { "name": "phpoption/phpoption", @@ -2126,54 +1827,6 @@ ], "time": "2021-12-04T23:24:31+00:00" }, - { - "name": "psr/container", - "version": "1.1.2", - "source": { - "type": "git", - "url": "https://github.com/php-fig/container.git", - "reference": "513e0666f7216c7459170d56df27dfcefe1689ea" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/php-fig/container/zipball/513e0666f7216c7459170d56df27dfcefe1689ea", - "reference": "513e0666f7216c7459170d56df27dfcefe1689ea", - "shasum": "" - }, - "require": { - "php": ">=7.4.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "Psr\\Container\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "PHP-FIG", - "homepage": "https://www.php-fig.org/" - } - ], - "description": "Common Container Interface (PHP FIG PSR-11)", - "homepage": "https://github.com/php-fig/container", - "keywords": [ - "PSR-11", - "container", - "container-interface", - "container-interop", - "psr" - ], - "support": { - "issues": "https://github.com/php-fig/container/issues", - "source": "https://github.com/php-fig/container/tree/1.1.2" - }, - "time": "2021-11-05T16:50:12+00:00" - }, { "name": "psr/http-client", "version": "1.0.1", @@ -3021,77 +2674,26 @@ "description": "Implementación del patrón 'Abstract Factory' para la salida de Toba", "time": "2021-01-19T13:45:12+00:00" }, - { - "name": "siu/security-multitool", - "version": "1.1.0", - "source": { - "type": "git", - "url": "https://github.com/SIU-Toba/SecurityMultiTool.git", - "reference": "20d7e5bda22901a77faeef59a1cfe87c8276b9b4" - }, - "require": { - "ezyang/htmlpurifier": ">=4.5.0", - "ircmaxell/security-lib": "1.1.*@dev", - "laminas/laminas-uri": "2.7.*", - "michelf/php-markdown": ">=1.0.2", - "mjohnson/decoda": ">=5.1.2", - "paragonie/random-lib": "~2.0" - }, - "require-dev": { - "mockery/mockery": "~1.3" - }, - "type": "library", - "autoload": { - "psr-0": { - "SecurityMultiTool": "library/" - } - }, - "license": [ - "BSD-3-Clause" - ], - "authors": [ - { - "name": "Pádraic Brady", - "email": "padraic.brady@gmail.com", - "homepage": "http://blog.astrumfutura.com" - } - ], - "description": "A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.", - "homepage": "http://github.com/padraic/SecurityMultiTool", - "keywords": [ - "PRNG", - "RNG", - "csrf", - "escaping", - "htmlpurifier", - "library", - "random", - "sanitisation", - "sanitization", - "security", - "ssl", - "tls", - "xss" - ], - "time": "2020-03-27T15:17:49+00:00" - }, { "name": "symfony/polyfill-ctype", - "version": "v1.23.0", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce" + "reference": "30885182c981ab175d4d034db0f6f469898070ab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/46cd95797e9df938fdd2b03693b5fca5e64b01ce", - "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab", + "reference": "30885182c981ab175d4d034db0f6f469898070ab", "shasum": "" }, "require": { "php": ">=7.1" }, + "provide": { + "ext-ctype": "*" + }, "suggest": { "ext-ctype": "For best performance" }, @@ -3106,12 +2708,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Ctype\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Ctype\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3136,7 +2738,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.23.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.24.0" }, "funding": [ { @@ -3152,20 +2754,20 @@ "type": "tidelift" } ], - "time": "2021-02-19T12:13:01+00:00" + "time": "2021-10-20T20:35:02+00:00" }, { "name": "symfony/polyfill-intl-idn", - "version": "v1.23.0", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-idn.git", - "reference": "65bd267525e82759e7d8c4e8ceea44f398838e65" + "reference": "749045c69efb97c70d25d7463abba812e91f3a44" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/65bd267525e82759e7d8c4e8ceea44f398838e65", - "reference": "65bd267525e82759e7d8c4e8ceea44f398838e65", + "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/749045c69efb97c70d25d7463abba812e91f3a44", + "reference": "749045c69efb97c70d25d7463abba812e91f3a44", "shasum": "" }, "require": { @@ -3187,12 +2789,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Idn\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Idn\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3223,7 +2825,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.23.0" + "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.24.0" }, "funding": [ { @@ -3239,11 +2841,11 @@ "type": "tidelift" } ], - "time": "2021-05-27T09:27:20+00:00" + "time": "2021-09-14T14:02:44+00:00" }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.23.0", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", @@ -3272,12 +2874,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Normalizer\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Normalizer\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -3307,7 +2909,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.23.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.24.0" }, "funding": [ { @@ -3327,21 +2929,24 @@ }, { "name": "symfony/polyfill-mbstring", - "version": "v1.23.1", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "9174a3d80210dca8daa7f31fec659150bbeabfc6" + "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9174a3d80210dca8daa7f31fec659150bbeabfc6", - "reference": "9174a3d80210dca8daa7f31fec659150bbeabfc6", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825", + "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825", "shasum": "" }, "require": { "php": ">=7.1" }, + "provide": { + "ext-mbstring": "*" + }, "suggest": { "ext-mbstring": "For best performance" }, @@ -3356,12 +2961,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Mbstring\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Mbstring\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3387,7 +2992,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.23.1" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.24.0" }, "funding": [ { @@ -3403,11 +3008,11 @@ "type": "tidelift" } ], - "time": "2021-05-27T12:26:48+00:00" + "time": "2021-11-30T18:21:41+00:00" }, { "name": "symfony/polyfill-php72", - "version": "v1.23.0", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php72.git", @@ -3433,12 +3038,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php72\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Php72\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3463,7 +3068,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php72/tree/v1.23.0" + "source": "https://github.com/symfony/polyfill-php72/tree/v1.24.0" }, "funding": [ { @@ -3483,16 +3088,16 @@ }, { "name": "symfony/yaml", - "version": "v4.4.34", + "version": "v4.4.37", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "2c309e258adeb9970229042be39b360d34986fad" + "reference": "d7f637cc0f0cc14beb0984f2bb50da560b271311" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/2c309e258adeb9970229042be39b360d34986fad", - "reference": "2c309e258adeb9970229042be39b360d34986fad", + "url": "https://api.github.com/repos/symfony/yaml/zipball/d7f637cc0f0cc14beb0984f2bb50da560b271311", + "reference": "d7f637cc0f0cc14beb0984f2bb50da560b271311", "shasum": "" }, "require": { @@ -3534,7 +3139,7 @@ "description": "Loads and dumps YAML files", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/yaml/tree/v4.4.34" + "source": "https://github.com/symfony/yaml/tree/v4.4.37" }, "funding": [ { @@ -3550,7 +3155,7 @@ "type": "tidelift" } ], - "time": "2021-11-18T18:49:23+00:00" + "time": "2022-01-24T20:11:01+00:00" }, { "name": "vlucas/phpdotenv", @@ -3633,32 +3238,28 @@ "packages-dev": [ { "name": "doctrine/lexer", - "version": "1.2.1", + "version": "1.2.2", "source": { "type": "git", "url": "https://github.com/doctrine/lexer.git", - "reference": "e864bbf5904cb8f5bb334f99209b48018522f042" + "reference": "9c50f840f257bbb941e6f4a0e94ccf5db5c3f76c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/lexer/zipball/e864bbf5904cb8f5bb334f99209b48018522f042", - "reference": "e864bbf5904cb8f5bb334f99209b48018522f042", + "url": "https://api.github.com/repos/doctrine/lexer/zipball/9c50f840f257bbb941e6f4a0e94ccf5db5c3f76c", + "reference": "9c50f840f257bbb941e6f4a0e94ccf5db5c3f76c", "shasum": "" }, "require": { - "php": "^7.2 || ^8.0" + "php": "^7.1 || ^8.0" }, "require-dev": { - "doctrine/coding-standard": "^6.0", - "phpstan/phpstan": "^0.11.8", - "phpunit/phpunit": "^8.2" + "doctrine/coding-standard": "^9.0", + "phpstan/phpstan": "1.3", + "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", + "vimeo/psalm": "^4.11" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.2.x-dev" - } - }, "autoload": { "psr-4": { "Doctrine\\Common\\Lexer\\": "lib/Doctrine/Common/Lexer" @@ -3693,7 +3294,7 @@ ], "support": { "issues": "https://github.com/doctrine/lexer/issues", - "source": "https://github.com/doctrine/lexer/tree/1.2.1" + "source": "https://github.com/doctrine/lexer/tree/1.2.2" }, "funding": [ { @@ -3709,7 +3310,7 @@ "type": "tidelift" } ], - "time": "2020-05-25T17:44:05+00:00" + "time": "2022-01-12T08:27:12+00:00" }, { "name": "egulias/email-validator", @@ -3765,16 +3366,16 @@ }, { "name": "greenlion/php-sql-parser", - "version": "v4.4.0", + "version": "v4.5.0", "source": { "type": "git", "url": "https://github.com/greenlion/PHP-SQL-Parser.git", - "reference": "e38d6f0f500d4d86bee7722e2e89262eeaab7e59" + "reference": "a5d5c292d97271c95140192e6f0e962916e39b50" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/greenlion/PHP-SQL-Parser/zipball/e38d6f0f500d4d86bee7722e2e89262eeaab7e59", - "reference": "e38d6f0f500d4d86bee7722e2e89262eeaab7e59", + "url": "https://api.github.com/repos/greenlion/PHP-SQL-Parser/zipball/a5d5c292d97271c95140192e6f0e962916e39b50", + "reference": "a5d5c292d97271c95140192e6f0e962916e39b50", "shasum": "" }, "require": { @@ -3782,7 +3383,7 @@ }, "require-dev": { "analog/analog": "^1.0.6", - "phpunit/phpunit": "^4.0.14", + "phpunit/phpunit": "^9.5.13", "squizlabs/php_codesniffer": "^1.5.1" }, "type": "library", @@ -3821,7 +3422,7 @@ "issues": "https://github.com/greenlion/PHP-SQL-Parser/issues", "source": "https://github.com/greenlion/PHP-SQL-Parser" }, - "time": "2021-03-28T23:13:55+00:00" + "time": "2022-02-01T09:26:56+00:00" }, { "name": "monolog/monolog", @@ -3909,73 +3510,6 @@ ], "time": "2021-05-28T08:32:12+00:00" }, - { - "name": "paragonie/constant_time_encoding", - "version": "v2.4.0", - "source": { - "type": "git", - "url": "https://github.com/paragonie/constant_time_encoding.git", - "reference": "f34c2b11eb9d2c9318e13540a1dbc2a3afbd939c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/f34c2b11eb9d2c9318e13540a1dbc2a3afbd939c", - "reference": "f34c2b11eb9d2c9318e13540a1dbc2a3afbd939c", - "shasum": "" - }, - "require": { - "php": "^7|^8" - }, - "require-dev": { - "phpunit/phpunit": "^6|^7|^8|^9", - "vimeo/psalm": "^1|^2|^3|^4" - }, - "type": "library", - "autoload": { - "psr-4": { - "ParagonIE\\ConstantTime\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Paragon Initiative Enterprises", - "email": "security@paragonie.com", - "homepage": "https://paragonie.com", - "role": "Maintainer" - }, - { - "name": "Steve 'Sc00bz' Thomas", - "email": "steve@tobtu.com", - "homepage": "https://www.tobtu.com", - "role": "Original Developer" - } - ], - "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)", - "keywords": [ - "base16", - "base32", - "base32_decode", - "base32_encode", - "base64", - "base64_decode", - "base64_encode", - "bin2hex", - "encoding", - "hex", - "hex2bin", - "rfc4648" - ], - "support": { - "email": "info@paragonie.com", - "issues": "https://github.com/paragonie/constant_time_encoding/issues", - "source": "https://github.com/paragonie/constant_time_encoding" - }, - "time": "2020-12-06T15:14:20+00:00" - }, { "name": "pear/console_getopt", "version": "v1.4.3", @@ -4114,12 +3648,12 @@ }, "type": "library", "autoload": { - "psr-4": { - "Facebook\\WebDriver\\": "lib/" - }, "files": [ "lib/Exception/TimeoutException.php" - ] + ], + "psr-4": { + "Facebook\\WebDriver\\": "lib/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -4193,6 +3727,54 @@ }, "time": "2021-10-28T11:13:42+00:00" }, + { + "name": "psr/container", + "version": "1.1.2", + "source": { + "type": "git", + "url": "https://github.com/php-fig/container.git", + "reference": "513e0666f7216c7459170d56df27dfcefe1689ea" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/container/zipball/513e0666f7216c7459170d56df27dfcefe1689ea", + "reference": "513e0666f7216c7459170d56df27dfcefe1689ea", + "shasum": "" + }, + "require": { + "php": ">=7.4.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Psr\\Container\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common Container Interface (PHP FIG PSR-11)", + "homepage": "https://github.com/php-fig/container", + "keywords": [ + "PSR-11", + "container", + "container-interface", + "container-interop", + "psr" + ], + "support": { + "issues": "https://github.com/php-fig/container/issues", + "source": "https://github.com/php-fig/container/tree/1.1.2" + }, + "time": "2021-11-05T16:50:12+00:00" + }, { "name": "seld/cli-prompt", "version": "1.0.4", @@ -4508,16 +4090,16 @@ }, { "name": "symfony/console", - "version": "v4.4.34", + "version": "v4.4.37", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "329b3a75cc6b16d435ba1b1a41df54a53382a3f0" + "reference": "0259f01dbf9d77badddbbf4c2abb681f24c9cac6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/329b3a75cc6b16d435ba1b1a41df54a53382a3f0", - "reference": "329b3a75cc6b16d435ba1b1a41df54a53382a3f0", + "url": "https://api.github.com/repos/symfony/console/zipball/0259f01dbf9d77badddbbf4c2abb681f24c9cac6", + "reference": "0259f01dbf9d77badddbbf4c2abb681f24c9cac6", "shasum": "" }, "require": { @@ -4578,7 +4160,7 @@ "description": "Eases the creation of beautiful and testable command line interfaces", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/console/tree/v4.4.34" + "source": "https://github.com/symfony/console/tree/v4.4.37" }, "funding": [ { @@ -4594,20 +4176,20 @@ "type": "tidelift" } ], - "time": "2021-11-04T12:23:33+00:00" + "time": "2022-01-26T16:15:26+00:00" }, { "name": "symfony/debug", - "version": "v4.4.31", + "version": "v4.4.37", "source": { "type": "git", "url": "https://github.com/symfony/debug.git", - "reference": "43ede438d4cb52cd589ae5dc070e9323866ba8e0" + "reference": "5de6c6e7f52b364840e53851c126be4d71e60470" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/debug/zipball/43ede438d4cb52cd589ae5dc070e9323866ba8e0", - "reference": "43ede438d4cb52cd589ae5dc070e9323866ba8e0", + "url": "https://api.github.com/repos/symfony/debug/zipball/5de6c6e7f52b364840e53851c126be4d71e60470", + "reference": "5de6c6e7f52b364840e53851c126be4d71e60470", "shasum": "" }, "require": { @@ -4646,7 +4228,7 @@ "description": "Provides tools to ease debugging PHP code", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/debug/tree/v4.4.31" + "source": "https://github.com/symfony/debug/tree/v4.4.37" }, "funding": [ { @@ -4662,7 +4244,7 @@ "type": "tidelift" } ], - "time": "2021-09-24T13:30:14+00:00" + "time": "2022-01-02T09:41:36+00:00" }, { "name": "symfony/deprecation-contracts", @@ -4733,16 +4315,16 @@ }, { "name": "symfony/polyfill-php73", - "version": "v1.23.0", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "fba8933c384d6476ab14fb7b8526e5287ca7e010" + "reference": "cc5db0e22b3cb4111010e48785a97f670b350ca5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/fba8933c384d6476ab14fb7b8526e5287ca7e010", - "reference": "fba8933c384d6476ab14fb7b8526e5287ca7e010", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/cc5db0e22b3cb4111010e48785a97f670b350ca5", + "reference": "cc5db0e22b3cb4111010e48785a97f670b350ca5", "shasum": "" }, "require": { @@ -4759,12 +4341,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php73\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Php73\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -4792,7 +4374,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php73/tree/v1.23.0" + "source": "https://github.com/symfony/polyfill-php73/tree/v1.24.0" }, "funding": [ { @@ -4808,20 +4390,20 @@ "type": "tidelift" } ], - "time": "2021-02-19T12:13:01+00:00" + "time": "2021-06-05T21:20:04+00:00" }, { "name": "symfony/polyfill-php80", - "version": "v1.23.1", + "version": "v1.24.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "1100343ed1a92e3a38f9ae122fc0eb21602547be" + "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/1100343ed1a92e3a38f9ae122fc0eb21602547be", - "reference": "1100343ed1a92e3a38f9ae122fc0eb21602547be", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/57b712b08eddb97c762a8caa32c84e037892d2e9", + "reference": "57b712b08eddb97c762a8caa32c84e037892d2e9", "shasum": "" }, "require": { @@ -4838,12 +4420,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php80\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -4875,7 +4457,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.23.1" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.24.0" }, "funding": [ { @@ -4891,20 +4473,20 @@ "type": "tidelift" } ], - "time": "2021-07-28T13:41:28+00:00" + "time": "2021-09-13T13:58:33+00:00" }, { "name": "symfony/process", - "version": "v5.4.0", + "version": "v5.4.3", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "5be20b3830f726e019162b26223110c8f47cf274" + "reference": "553f50487389a977eb31cf6b37faae56da00f753" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/5be20b3830f726e019162b26223110c8f47cf274", - "reference": "5be20b3830f726e019162b26223110c8f47cf274", + "url": "https://api.github.com/repos/symfony/process/zipball/553f50487389a977eb31cf6b37faae56da00f753", + "reference": "553f50487389a977eb31cf6b37faae56da00f753", "shasum": "" }, "require": { @@ -4937,7 +4519,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v5.4.0" + "source": "https://github.com/symfony/process/tree/v5.4.3" }, "funding": [ { @@ -4953,7 +4535,7 @@ "type": "tidelift" } ], - "time": "2021-11-28T15:25:38+00:00" + "time": "2022-01-26T16:28:35+00:00" }, { "name": "symfony/service-contracts", @@ -5053,5 +4635,5 @@ "ext-curl": "*" }, "platform-dev": [], - "plugin-api-version": "2.1.0" + "plugin-api-version": "2.2.0" } diff --git a/php/nucleo/lib/toba_manejador_sesiones.php b/php/nucleo/lib/toba_manejador_sesiones.php index 301fc9397e..ea31517158 100644 --- a/php/nucleo/lib/toba_manejador_sesiones.php +++ b/php/nucleo/lib/toba_manejador_sesiones.php @@ -56,29 +56,26 @@ private function __construct() } } - private function iniciar_session_php() - { - //Instancio el handler y configuro via ini_set - $handler = $this->instanciar_handler(); - $handler->read_env_settings(); - $handler->configure_settings(); - - if (session_id() != '') { - throw new toba_error('Ya existe una sesión abierta, probablemente tenga activado session.auto_start = 1 en el php.ini'); - } - if (! toba_nucleo::instancia()->es_acceso_rest()) { - session_name(toba::instalacion()->get_session_name()); - session_start(); - } + private function iniciar_session_php() + { + //Instancio el handler y configuro via ini_set + $handler = $this->instanciar_handler(); + $handler->read_env_settings(); + $handler->configure_settings(); + + if (session_id() != '') { + throw new toba_error('Ya existe una sesión abierta, probablemente tenga activado session.auto_start = 1 en el php.ini'); + } + if (! toba_nucleo::instancia()->es_acceso_rest()) { + session_name(toba::instalacion()->get_session_name()); + session_start(); } + } static function enviar_csrf_hidden() { - $tm = toba::memoria(); - if ($tm->existe_dato_operacion(apex_sesion_csrt)) { - $valor = $tm->get_dato_operacion(apex_sesion_csrt); - echo toba_form::hidden(apex_sesion_csrt, $valor); - } + echo toba::memoria()->fijar_csrf_token(); + //ei_arbol($_SESSION['CSRF']); } //------------------------------------------------------------------ @@ -1017,7 +1014,7 @@ private function autenticar($id_usuario, $clave=null, $datos_iniciales=null) throw new toba_error_autenticacion("$error. Ha superado el límite de inicios de sesion."); }elseif ($lanzar_excepcion) { toba_logger::instancia()->error("$error. Ha superado el límite de inicios de sesion.|$intentos"); - throw new toba_error_autenticacion_intentos("$error. Ha superado el límite de inicios de sesion."); + throw new toba_error_autenticacion_intentos("$error. Ha superado el límite de inicios de sesion.|$intentos"); } else { $this->invocar_metodo_usuario('bloquear_ip',array($ip)); toba_logger::instancia()->error("$error. La IP ha sido bloqueada."); diff --git a/php/nucleo/lib/toba_memoria.php b/php/nucleo/lib/toba_memoria.php index a3e729729a..912a169033 100644 --- a/php/nucleo/lib/toba_memoria.php +++ b/php/nucleo/lib/toba_memoria.php @@ -1,5 +1,6 @@ false, 'recycle_after' => 10, 'expire_old' => true]; + static function instancia() { if (!isset(self::$instancia)) { @@ -934,29 +937,22 @@ static function get_valor_verificado($param, $valor_defecto) //-------------------------------------------------------------------------------------------------------------------------------------// function fijar_csrf_token($forzar = false) { - if (! $this->existe_dato_operacion(apex_sesion_csrt) || $forzar) { - $cstoken = $this->generar_unique_cripto(); - $this->set_dato_operacion(apex_sesion_csrt, $cstoken); - } + $conf = ($forzar === true) ? ['recycle_after' => 1] :$this->csrf_config; + + $generador = new AntiCSRF(); + $val = $generador->reconfigure($conf)->insertToken($this->get_id() ?? '', false); //ID del proximo pedido de pagina + //toba_logger::instancia()->var_dump($val); + return $val; } function validar_pedido_pagina($valor_form) { - if ($this->existe_dato_operacion(apex_sesion_csrt)) { - $valor = trim($valor_form); - $frm_orig = ($valor === trim($this->get_dato_operacion(apex_sesion_csrt))); - return $frm_orig; - } - return true; + $generador = new AntiCSRF(); + $val = $generador->reconfigure($this->csrf_config)->validateRequest($this->hilo_referencia ?? ''); //ID del pedido de pagina actual + //toba_logger::instancia()->debug($generador->getFormToken()); + return $val; } - - protected function generar_unique_cripto() - { - $generador = new SecurityMultiTool\Csrf\TokenGenerator(); - $hashed = $generador->generate(); - return $hashed; - } - + static protected function validar_id_item_enviado($item) { $rs = explode(apex_qs_separador, $item); diff --git a/php/nucleo/toba_nucleo.php b/php/nucleo/toba_nucleo.php index 9976acc4c2..2fcde76995 100644 --- a/php/nucleo/toba_nucleo.php +++ b/php/nucleo/toba_nucleo.php @@ -566,12 +566,10 @@ private function recuperar_revision_recursos() //---------------------------------------------------------------- function verificar_pedido_post() { - if ($_SERVER['REQUEST_METHOD'] == 'POST' && toba::manejador_sesiones()->existe_usuario_activo()) { //Solo si es request via post. Hay que ver para el put. - $frm = (isset($_POST[apex_sesion_csrt])) ? $_POST[apex_sesion_csrt] : null; - if (toba::memoria()->validar_pedido_pagina($frm) === false) { + if ($_SERVER['REQUEST_METHOD'] == 'POST' && toba::manejador_sesiones()->existe_usuario_activo()) { //Solo si es request via post. Hay que ver para el put. + $frm = null; + if (toba::memoria()->validar_pedido_pagina($frm) === false) { toba::logger()->debug('Se intenta hacer un post donde no coinciden parametros anti CSRF'); - toba::logger()->debug(' Form: '. var_export($frm, true)); - toba::memoria()->fijar_csrf_token(true); throw new toba_error_seguridad('Request Invalido'); } }