Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/wp-conte.../plugins/twitter-.../vendor/composer/ca-bundl.../src
File: CaBundle.php
<?php
[0] Fix | Delete
[1] Fix | Delete
/*
[2] Fix | Delete
* This file is part of composer/ca-bundle.
[3] Fix | Delete
*
[4] Fix | Delete
* (c) Composer <https://github.com/composer>
[5] Fix | Delete
*
[6] Fix | Delete
* For the full copyright and license information, please view
[7] Fix | Delete
* the LICENSE file that was distributed with this source code.
[8] Fix | Delete
*/
[9] Fix | Delete
[10] Fix | Delete
namespace Composer\CaBundle;
[11] Fix | Delete
[12] Fix | Delete
use Psr\Log\LoggerInterface;
[13] Fix | Delete
use Symfony\Component\Process\PhpProcess;
[14] Fix | Delete
[15] Fix | Delete
/**
[16] Fix | Delete
* @author Chris Smith <chris@cs278.org>
[17] Fix | Delete
* @author Jordi Boggiano <j.boggiano@seld.be>
[18] Fix | Delete
*/
[19] Fix | Delete
class CaBundle
[20] Fix | Delete
{
[21] Fix | Delete
/** @var string|null */
[22] Fix | Delete
private static $caPath;
[23] Fix | Delete
/** @var array<string, bool> */
[24] Fix | Delete
private static $caFileValidity = array();
[25] Fix | Delete
/** @var bool|null */
[26] Fix | Delete
private static $useOpensslParse;
[27] Fix | Delete
[28] Fix | Delete
/**
[29] Fix | Delete
* Returns the system CA bundle path, or a path to the bundled one
[30] Fix | Delete
*
[31] Fix | Delete
* This method was adapted from Sslurp.
[32] Fix | Delete
* https://github.com/EvanDotPro/Sslurp
[33] Fix | Delete
*
[34] Fix | Delete
* (c) Evan Coury <me@evancoury.com>
[35] Fix | Delete
*
[36] Fix | Delete
* For the full copyright and license information, please see below:
[37] Fix | Delete
*
[38] Fix | Delete
* Copyright (c) 2013, Evan Coury
[39] Fix | Delete
* All rights reserved.
[40] Fix | Delete
*
[41] Fix | Delete
* Redistribution and use in source and binary forms, with or without modification,
[42] Fix | Delete
* are permitted provided that the following conditions are met:
[43] Fix | Delete
*
[44] Fix | Delete
* * Redistributions of source code must retain the above copyright notice,
[45] Fix | Delete
* this list of conditions and the following disclaimer.
[46] Fix | Delete
*
[47] Fix | Delete
* * Redistributions in binary form must reproduce the above copyright notice,
[48] Fix | Delete
* this list of conditions and the following disclaimer in the documentation
[49] Fix | Delete
* and/or other materials provided with the distribution.
[50] Fix | Delete
*
[51] Fix | Delete
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
[52] Fix | Delete
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
[53] Fix | Delete
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
[54] Fix | Delete
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
[55] Fix | Delete
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
[56] Fix | Delete
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
[57] Fix | Delete
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
[58] Fix | Delete
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
[59] Fix | Delete
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
[60] Fix | Delete
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[61] Fix | Delete
*
[62] Fix | Delete
* @param LoggerInterface $logger optional logger for information about which CA files were loaded
[63] Fix | Delete
* @return string path to a CA bundle file or directory
[64] Fix | Delete
*/
[65] Fix | Delete
public static function getSystemCaRootBundlePath(LoggerInterface $logger = null)
[66] Fix | Delete
{
[67] Fix | Delete
if (self::$caPath !== null) {
[68] Fix | Delete
return self::$caPath;
[69] Fix | Delete
}
[70] Fix | Delete
$caBundlePaths = array();
[71] Fix | Delete
[72] Fix | Delete
// If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that.
[73] Fix | Delete
// This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
[74] Fix | Delete
$caBundlePaths[] = self::getEnvVariable('SSL_CERT_FILE');
[75] Fix | Delete
[76] Fix | Delete
// If SSL_CERT_DIR env variable points to a valid certificate/bundle, use that.
[77] Fix | Delete
// This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
[78] Fix | Delete
$caBundlePaths[] = self::getEnvVariable('SSL_CERT_DIR');
[79] Fix | Delete
[80] Fix | Delete
$caBundlePaths[] = ini_get('openssl.cafile');
[81] Fix | Delete
$caBundlePaths[] = ini_get('openssl.capath');
[82] Fix | Delete
[83] Fix | Delete
$otherLocations = array(
[84] Fix | Delete
'/etc/pki/tls/certs/ca-bundle.crt', // Fedora, RHEL, CentOS (ca-certificates package)
[85] Fix | Delete
'/etc/ssl/certs/ca-certificates.crt', // Debian, Ubuntu, Gentoo, Arch Linux (ca-certificates package)
[86] Fix | Delete
'/etc/ssl/ca-bundle.pem', // SUSE, openSUSE (ca-certificates package)
[87] Fix | Delete
'/usr/local/share/certs/ca-root-nss.crt', // FreeBSD (ca_root_nss_package)
[88] Fix | Delete
'/usr/ssl/certs/ca-bundle.crt', // Cygwin
[89] Fix | Delete
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
[90] Fix | Delete
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
[91] Fix | Delete
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
[92] Fix | Delete
'/etc/ssl/cert.pem', // OpenBSD
[93] Fix | Delete
'/usr/local/etc/ssl/cert.pem', // FreeBSD 10.x
[94] Fix | Delete
'/usr/local/etc/openssl/cert.pem', // OS X homebrew, openssl package
[95] Fix | Delete
'/usr/local/etc/openssl@1.1/cert.pem', // OS X homebrew, openssl@1.1 package
[96] Fix | Delete
);
[97] Fix | Delete
[98] Fix | Delete
foreach($otherLocations as $location) {
[99] Fix | Delete
$otherLocations[] = dirname($location);
[100] Fix | Delete
}
[101] Fix | Delete
[102] Fix | Delete
$caBundlePaths = array_merge($caBundlePaths, $otherLocations);
[103] Fix | Delete
[104] Fix | Delete
foreach ($caBundlePaths as $caBundle) {
[105] Fix | Delete
if ($caBundle && self::caFileUsable($caBundle, $logger)) {
[106] Fix | Delete
return self::$caPath = $caBundle;
[107] Fix | Delete
}
[108] Fix | Delete
[109] Fix | Delete
if ($caBundle && self::caDirUsable($caBundle, $logger)) {
[110] Fix | Delete
return self::$caPath = $caBundle;
[111] Fix | Delete
}
[112] Fix | Delete
}
[113] Fix | Delete
[114] Fix | Delete
return self::$caPath = static::getBundledCaBundlePath(); // Bundled CA file, last resort
[115] Fix | Delete
}
[116] Fix | Delete
[117] Fix | Delete
/**
[118] Fix | Delete
* Returns the path to the bundled CA file
[119] Fix | Delete
*
[120] Fix | Delete
* In case you don't want to trust the user or the system, you can use this directly
[121] Fix | Delete
*
[122] Fix | Delete
* @return string path to a CA bundle file
[123] Fix | Delete
*/
[124] Fix | Delete
public static function getBundledCaBundlePath()
[125] Fix | Delete
{
[126] Fix | Delete
$caBundleFile = __DIR__.'/../res/cacert.pem';
[127] Fix | Delete
[128] Fix | Delete
// cURL does not understand 'phar://' paths
[129] Fix | Delete
// see https://github.com/composer/ca-bundle/issues/10
[130] Fix | Delete
if (0 === strpos($caBundleFile, 'phar://')) {
[131] Fix | Delete
$tempCaBundleFile = tempnam(sys_get_temp_dir(), 'openssl-ca-bundle-');
[132] Fix | Delete
if (false === $tempCaBundleFile) {
[133] Fix | Delete
throw new \RuntimeException('Could not create a temporary file to store the bundled CA file');
[134] Fix | Delete
}
[135] Fix | Delete
[136] Fix | Delete
file_put_contents(
[137] Fix | Delete
$tempCaBundleFile,
[138] Fix | Delete
file_get_contents($caBundleFile)
[139] Fix | Delete
);
[140] Fix | Delete
[141] Fix | Delete
register_shutdown_function(function() use ($tempCaBundleFile) {
[142] Fix | Delete
@unlink($tempCaBundleFile);
[143] Fix | Delete
});
[144] Fix | Delete
[145] Fix | Delete
$caBundleFile = $tempCaBundleFile;
[146] Fix | Delete
}
[147] Fix | Delete
[148] Fix | Delete
return $caBundleFile;
[149] Fix | Delete
}
[150] Fix | Delete
[151] Fix | Delete
/**
[152] Fix | Delete
* Validates a CA file using opensl_x509_parse only if it is safe to use
[153] Fix | Delete
*
[154] Fix | Delete
* @param string $filename
[155] Fix | Delete
* @param LoggerInterface $logger optional logger for information about which CA files were loaded
[156] Fix | Delete
*
[157] Fix | Delete
* @return bool
[158] Fix | Delete
*/
[159] Fix | Delete
public static function validateCaFile($filename, LoggerInterface $logger = null)
[160] Fix | Delete
{
[161] Fix | Delete
static $warned = false;
[162] Fix | Delete
[163] Fix | Delete
if (isset(self::$caFileValidity[$filename])) {
[164] Fix | Delete
return self::$caFileValidity[$filename];
[165] Fix | Delete
}
[166] Fix | Delete
[167] Fix | Delete
$contents = file_get_contents($filename);
[168] Fix | Delete
[169] Fix | Delete
// assume the CA is valid if php is vulnerable to
[170] Fix | Delete
// https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
[171] Fix | Delete
if (!static::isOpensslParseSafe()) {
[172] Fix | Delete
if (!$warned && $logger) {
[173] Fix | Delete
$logger->warning(sprintf(
[174] Fix | Delete
'Your version of PHP, %s, is affected by CVE-2013-6420 and cannot safely perform certificate validation, we strongly suggest you upgrade.',
[175] Fix | Delete
PHP_VERSION
[176] Fix | Delete
));
[177] Fix | Delete
$warned = true;
[178] Fix | Delete
}
[179] Fix | Delete
[180] Fix | Delete
$isValid = !empty($contents);
[181] Fix | Delete
} elseif (is_string($contents) && strlen($contents) > 0) {
[182] Fix | Delete
$contents = preg_replace("/^(\\-+(?:BEGIN|END))\\s+TRUSTED\\s+(CERTIFICATE\\-+)\$/m", '$1 $2', $contents);
[183] Fix | Delete
if (null === $contents) {
[184] Fix | Delete
// regex extraction failed
[185] Fix | Delete
$isValid = false;
[186] Fix | Delete
} else {
[187] Fix | Delete
$isValid = (bool) openssl_x509_parse($contents);
[188] Fix | Delete
}
[189] Fix | Delete
} else {
[190] Fix | Delete
$isValid = false;
[191] Fix | Delete
}
[192] Fix | Delete
[193] Fix | Delete
if ($logger) {
[194] Fix | Delete
$logger->debug('Checked CA file '.realpath($filename).': '.($isValid ? 'valid' : 'invalid'));
[195] Fix | Delete
}
[196] Fix | Delete
[197] Fix | Delete
return self::$caFileValidity[$filename] = $isValid;
[198] Fix | Delete
}
[199] Fix | Delete
[200] Fix | Delete
/**
[201] Fix | Delete
* Test if it is safe to use the PHP function openssl_x509_parse().
[202] Fix | Delete
*
[203] Fix | Delete
* This checks if OpenSSL extensions is vulnerable to remote code execution
[204] Fix | Delete
* via the exploit documented as CVE-2013-6420.
[205] Fix | Delete
*
[206] Fix | Delete
* @return bool
[207] Fix | Delete
*/
[208] Fix | Delete
public static function isOpensslParseSafe()
[209] Fix | Delete
{
[210] Fix | Delete
if (null !== self::$useOpensslParse) {
[211] Fix | Delete
return self::$useOpensslParse;
[212] Fix | Delete
}
[213] Fix | Delete
[214] Fix | Delete
if (PHP_VERSION_ID >= 50600) {
[215] Fix | Delete
return self::$useOpensslParse = true;
[216] Fix | Delete
}
[217] Fix | Delete
[218] Fix | Delete
// Vulnerable:
[219] Fix | Delete
// PHP 5.3.0 - PHP 5.3.27
[220] Fix | Delete
// PHP 5.4.0 - PHP 5.4.22
[221] Fix | Delete
// PHP 5.5.0 - PHP 5.5.6
[222] Fix | Delete
if (
[223] Fix | Delete
(PHP_VERSION_ID < 50400 && PHP_VERSION_ID >= 50328)
[224] Fix | Delete
|| (PHP_VERSION_ID < 50500 && PHP_VERSION_ID >= 50423)
[225] Fix | Delete
|| PHP_VERSION_ID >= 50507
[226] Fix | Delete
) {
[227] Fix | Delete
// This version of PHP has the fix for CVE-2013-6420 applied.
[228] Fix | Delete
return self::$useOpensslParse = true;
[229] Fix | Delete
}
[230] Fix | Delete
[231] Fix | Delete
if (defined('PHP_WINDOWS_VERSION_BUILD')) {
[232] Fix | Delete
// Windows is probably insecure in this case.
[233] Fix | Delete
return self::$useOpensslParse = false;
[234] Fix | Delete
}
[235] Fix | Delete
[236] Fix | Delete
$compareDistroVersionPrefix = function ($prefix, $fixedVersion) {
[237] Fix | Delete
$regex = '{^'.preg_quote($prefix).'([0-9]+)$}';
[238] Fix | Delete
[239] Fix | Delete
if (preg_match($regex, PHP_VERSION, $m)) {
[240] Fix | Delete
return ((int) $m[1]) >= $fixedVersion;
[241] Fix | Delete
}
[242] Fix | Delete
[243] Fix | Delete
return false;
[244] Fix | Delete
};
[245] Fix | Delete
[246] Fix | Delete
// Hard coded list of PHP distributions with the fix backported.
[247] Fix | Delete
if (
[248] Fix | Delete
$compareDistroVersionPrefix('5.3.3-7+squeeze', 18) // Debian 6 (Squeeze)
[249] Fix | Delete
|| $compareDistroVersionPrefix('5.4.4-14+deb7u', 7) // Debian 7 (Wheezy)
[250] Fix | Delete
|| $compareDistroVersionPrefix('5.3.10-1ubuntu3.', 9) // Ubuntu 12.04 (Precise)
[251] Fix | Delete
) {
[252] Fix | Delete
return self::$useOpensslParse = true;
[253] Fix | Delete
}
[254] Fix | Delete
[255] Fix | Delete
// Symfony Process component is missing so we assume it is unsafe at this point
[256] Fix | Delete
if (!class_exists('Symfony\Component\Process\PhpProcess')) {
[257] Fix | Delete
return self::$useOpensslParse = false;
[258] Fix | Delete
}
[259] Fix | Delete
[260] Fix | Delete
// This is where things get crazy, because distros backport security
[261] Fix | Delete
// fixes the chances are on NIX systems the fix has been applied but
[262] Fix | Delete
// it's not possible to verify that from the PHP version.
[263] Fix | Delete
//
[264] Fix | Delete
// To verify exec a new PHP process and run the issue testcase with
[265] Fix | Delete
// known safe input that replicates the bug.
[266] Fix | Delete
[267] Fix | Delete
// Based on testcase in https://github.com/php/php-src/commit/c1224573c773b6845e83505f717fbf820fc18415
[268] Fix | Delete
// changes in https://github.com/php/php-src/commit/76a7fd893b7d6101300cc656058704a73254d593
[269] Fix | Delete
$cert = 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVwRENDQTR5Z0F3SUJBZ0lKQUp6dThyNnU2ZUJjTUEwR0NTcUdTSWIzRFFFQkJRVUFNSUhETVFzd0NRWUQKVlFRR0V3SkVSVEVjTUJvR0ExVUVDQXdUVG05eVpISm9aV2x1TFZkbGMzUm1ZV3hsYmpFUU1BNEdBMVVFQnd3SApTOE9Ed3Jac2JqRVVNQklHQTFVRUNnd0xVMlZyZEdsdmJrVnBibk14SHpBZEJnTlZCQXNNRmsxaGJHbGphVzkxCmN5QkRaWEowSUZObFkzUnBiMjR4SVRBZkJnTlZCQU1NR0cxaGJHbGphVzkxY3k1elpXdDBhVzl1WldsdWN5NWsKWlRFcU1DZ0dDU3FHU0liM0RRRUpBUlliYzNSbFptRnVMbVZ6YzJWeVFITmxhM1JwYjI1bGFXNXpMbVJsTUhVWQpaREU1TnpBd01UQXhNREF3TURBd1dnQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQVhEVEUwTVRFeU9ERXhNemt6TlZvd2djTXhDekFKQmdOVkJBWVRBa1JGTVJ3d0dnWURWUVFJREJOTwpiM0prY21obGFXNHRWMlZ6ZEdaaGJHVnVNUkF3RGdZRFZRUUhEQWRMdzRQQ3RteHVNUlF3RWdZRFZRUUtEQXRUClpXdDBhVzl1UldsdWN6RWZNQjBHQTFVRUN3d1dUV0ZzYVdOcGIzVnpJRU5sY25RZ1UyVmpkR2x2YmpFaE1COEcKQTFVRUF3d1liV0ZzYVdOcGIzVnpMbk5sYTNScGIyNWxhVzV6TG1SbE1Tb3dLQVlKS29aSWh2Y05BUWtCRmh0egpkR1ZtWVc0dVpYTnpaWEpBYzJWcmRHbHZibVZwYm5NdVpHVXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRRERBZjNobDdKWTBYY0ZuaXlFSnBTU0RxbjBPcUJyNlFQNjV1c0pQUnQvOFBhRG9xQnUKd0VZVC9OYSs2ZnNnUGpDMHVLOURaZ1dnMnRIV1dvYW5TYmxBTW96NVBINlorUzRTSFJaN2UyZERJalBqZGhqaAowbUxnMlVNTzV5cDBWNzk3R2dzOWxOdDZKUmZIODFNTjJvYlhXczROdHp0TE11RDZlZ3FwcjhkRGJyMzRhT3M4CnBrZHVpNVVhd1Raa3N5NXBMUEhxNWNNaEZHbTA2djY1Q0xvMFYyUGQ5K0tBb2tQclBjTjVLTEtlYno3bUxwazYKU01lRVhPS1A0aWRFcXh5UTdPN2ZCdUhNZWRzUWh1K3ByWTNzaTNCVXlLZlF0UDVDWm5YMmJwMHdLSHhYMTJEWAoxbmZGSXQ5RGJHdkhUY3lPdU4rblpMUEJtM3ZXeG50eUlJdlZBZ01CQUFHalFqQkFNQWtHQTFVZEV3UUNNQUF3CkVRWUpZSVpJQVliNFFnRUJCQVFEQWdlQU1Bc0dBMVVkRHdRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUYKQlFjREFqQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FRRUFHMGZaWVlDVGJkajFYWWMrMVNub2FQUit2SThDOENhRAo4KzBVWWhkbnlVNGdnYTBCQWNEclk5ZTk0ZUVBdTZacXljRjZGakxxWFhkQWJvcHBXb2NyNlQ2R0QxeDMzQ2tsClZBcnpHL0t4UW9oR0QySmVxa2hJTWxEb214SE83a2EzOStPYThpMnZXTFZ5alU4QVp2V01BcnVIYTRFRU55RzcKbFcyQWFnYUZLRkNyOVRuWFRmcmR4R1ZFYnY3S1ZRNmJkaGc1cDVTanBXSDErTXEwM3VSM1pYUEJZZHlWODMxOQpvMGxWajFLRkkyRENML2xpV2lzSlJvb2YrMWNSMzVDdGQwd1lCY3BCNlRac2xNY09QbDc2ZHdLd0pnZUpvMlFnClpzZm1jMnZDMS9xT2xOdU5xLzBUenprVkd2OEVUVDNDZ2FVK1VYZTRYT1Z2a2NjZWJKbjJkZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K';
[270] Fix | Delete
$script = <<<'EOT'
[271] Fix | Delete
[272] Fix | Delete
error_reporting(-1);
[273] Fix | Delete
$info = openssl_x509_parse(base64_decode('%s'));
[274] Fix | Delete
var_dump(PHP_VERSION, $info['issuer']['emailAddress'], $info['validFrom_time_t']);
[275] Fix | Delete
[276] Fix | Delete
EOT;
[277] Fix | Delete
$script = '<'."?php\n".sprintf($script, $cert);
[278] Fix | Delete
[279] Fix | Delete
try {
[280] Fix | Delete
$process = new PhpProcess($script);
[281] Fix | Delete
$process->mustRun();
[282] Fix | Delete
} catch (\Exception $e) {
[283] Fix | Delete
// In the case of any exceptions just accept it is not possible to
[284] Fix | Delete
// determine the safety of openssl_x509_parse and bail out.
[285] Fix | Delete
return self::$useOpensslParse = false;
[286] Fix | Delete
}
[287] Fix | Delete
[288] Fix | Delete
$output = preg_split('{\r?\n}', trim($process->getOutput()));
[289] Fix | Delete
$errorOutput = trim($process->getErrorOutput());
[290] Fix | Delete
[291] Fix | Delete
if (
[292] Fix | Delete
is_array($output)
[293] Fix | Delete
&& count($output) === 3
[294] Fix | Delete
&& $output[0] === sprintf('string(%d) "%s"', strlen(PHP_VERSION), PHP_VERSION)
[295] Fix | Delete
&& $output[1] === 'string(27) "stefan.esser@sektioneins.de"'
[296] Fix | Delete
&& $output[2] === 'int(-1)'
[297] Fix | Delete
&& preg_match('{openssl_x509_parse\(\): illegal (?:ASN1 data type for|length in) timestamp in - on line \d+}', $errorOutput)
[298] Fix | Delete
) {
[299] Fix | Delete
// This PHP has the fix backported probably by a distro security team.
[300] Fix | Delete
return self::$useOpensslParse = true;
[301] Fix | Delete
}
[302] Fix | Delete
[303] Fix | Delete
return self::$useOpensslParse = false;
[304] Fix | Delete
}
[305] Fix | Delete
[306] Fix | Delete
/**
[307] Fix | Delete
* Resets the static caches
[308] Fix | Delete
* @return void
[309] Fix | Delete
*/
[310] Fix | Delete
public static function reset()
[311] Fix | Delete
{
[312] Fix | Delete
self::$caFileValidity = array();
[313] Fix | Delete
self::$caPath = null;
[314] Fix | Delete
self::$useOpensslParse = null;
[315] Fix | Delete
}
[316] Fix | Delete
[317] Fix | Delete
/**
[318] Fix | Delete
* @param string $name
[319] Fix | Delete
* @return string|false
[320] Fix | Delete
*/
[321] Fix | Delete
private static function getEnvVariable($name)
[322] Fix | Delete
{
[323] Fix | Delete
if (isset($_SERVER[$name])) {
[324] Fix | Delete
return (string) $_SERVER[$name];
[325] Fix | Delete
}
[326] Fix | Delete
[327] Fix | Delete
if (PHP_SAPI === 'cli' && ($value = getenv($name)) !== false && $value !== null) {
[328] Fix | Delete
return (string) $value;
[329] Fix | Delete
}
[330] Fix | Delete
[331] Fix | Delete
return false;
[332] Fix | Delete
}
[333] Fix | Delete
[334] Fix | Delete
/**
[335] Fix | Delete
* @param string|false $certFile
[336] Fix | Delete
* @param LoggerInterface|null $logger
[337] Fix | Delete
* @return bool
[338] Fix | Delete
*/
[339] Fix | Delete
private static function caFileUsable($certFile, LoggerInterface $logger = null)
[340] Fix | Delete
{
[341] Fix | Delete
return $certFile
[342] Fix | Delete
&& static::isFile($certFile, $logger)
[343] Fix | Delete
&& static::isReadable($certFile, $logger)
[344] Fix | Delete
&& static::validateCaFile($certFile, $logger);
[345] Fix | Delete
}
[346] Fix | Delete
[347] Fix | Delete
/**
[348] Fix | Delete
* @param string|false $certDir
[349] Fix | Delete
* @param LoggerInterface|null $logger
[350] Fix | Delete
* @return bool
[351] Fix | Delete
*/
[352] Fix | Delete
private static function caDirUsable($certDir, LoggerInterface $logger = null)
[353] Fix | Delete
{
[354] Fix | Delete
return $certDir
[355] Fix | Delete
&& static::isDir($certDir, $logger)
[356] Fix | Delete
&& static::isReadable($certDir, $logger)
[357] Fix | Delete
&& static::glob($certDir . '/*', $logger);
[358] Fix | Delete
}
[359] Fix | Delete
[360] Fix | Delete
/**
[361] Fix | Delete
* @param string $certFile
[362] Fix | Delete
* @param LoggerInterface|null $logger
[363] Fix | Delete
* @return bool
[364] Fix | Delete
*/
[365] Fix | Delete
private static function isFile($certFile, LoggerInterface $logger = null)
[366] Fix | Delete
{
[367] Fix | Delete
$isFile = @is_file($certFile);
[368] Fix | Delete
if (!$isFile && $logger) {
[369] Fix | Delete
$logger->debug(sprintf('Checked CA file %s does not exist or it is not a file.', $certFile));
[370] Fix | Delete
}
[371] Fix | Delete
[372] Fix | Delete
return $isFile;
[373] Fix | Delete
}
[374] Fix | Delete
[375] Fix | Delete
/**
[376] Fix | Delete
* @param string $certDir
[377] Fix | Delete
* @param LoggerInterface|null $logger
[378] Fix | Delete
* @return bool
[379] Fix | Delete
*/
[380] Fix | Delete
private static function isDir($certDir, LoggerInterface $logger = null)
[381] Fix | Delete
{
[382] Fix | Delete
$isDir = @is_dir($certDir);
[383] Fix | Delete
if (!$isDir && $logger) {
[384] Fix | Delete
$logger->debug(sprintf('Checked directory %s does not exist or it is not a directory.', $certDir));
[385] Fix | Delete
}
[386] Fix | Delete
[387] Fix | Delete
return $isDir;
[388] Fix | Delete
}
[389] Fix | Delete
[390] Fix | Delete
/**
[391] Fix | Delete
* @param string $certFileOrDir
[392] Fix | Delete
* @param LoggerInterface|null $logger
[393] Fix | Delete
* @return bool
[394] Fix | Delete
*/
[395] Fix | Delete
private static function isReadable($certFileOrDir, LoggerInterface $logger = null)
[396] Fix | Delete
{
[397] Fix | Delete
$isReadable = @is_readable($certFileOrDir);
[398] Fix | Delete
if (!$isReadable && $logger) {
[399] Fix | Delete
$logger->debug(sprintf('Checked file or directory %s is not readable.', $certFileOrDir));
[400] Fix | Delete
}
[401] Fix | Delete
[402] Fix | Delete
return $isReadable;
[403] Fix | Delete
}
[404] Fix | Delete
[405] Fix | Delete
/**
[406] Fix | Delete
* @param string $pattern
[407] Fix | Delete
* @param LoggerInterface|null $logger
[408] Fix | Delete
* @return bool
[409] Fix | Delete
*/
[410] Fix | Delete
private static function glob($pattern, LoggerInterface $logger = null)
[411] Fix | Delete
{
[412] Fix | Delete
$certs = glob($pattern);
[413] Fix | Delete
if ($certs === false) {
[414] Fix | Delete
if ($logger) {
[415] Fix | Delete
$logger->debug(sprintf("An error occurred while trying to find certificates for pattern: %s", $pattern));
[416] Fix | Delete
}
[417] Fix | Delete
return false;
[418] Fix | Delete
}
[419] Fix | Delete
[420] Fix | Delete
if (count($certs) === 0) {
[421] Fix | Delete
if ($logger) {
[422] Fix | Delete
$logger->debug(sprintf("No CA files found for pattern: %s", $pattern));
[423] Fix | Delete
}
[424] Fix | Delete
return false;
[425] Fix | Delete
}
[426] Fix | Delete
[427] Fix | Delete
return true;
[428] Fix | Delete
}
[429] Fix | Delete
}
[430] Fix | Delete
[431] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function