From 1e871813f86a8b4cdafb9ffa12b8b7dd4a2bf03e Mon Sep 17 00:00:00 2001 From: FreeScout Date: Fri, 22 Sep 2023 04:31:41 -0700 Subject: [PATCH] Fix CVE-2021-43808 issue in laravel/framework --- composer.json | 6 + .../Illuminate/View/Compilers/Compiler.php | 74 ++++++ .../Compilers/Concerns/CompilesLayouts.php | 118 +++++++++ .../View/Concerns/ManagesLayouts.php | 243 ++++++++++++++++++ 4 files changed, 441 insertions(+) create mode 100644 overrides/laravel/framework/src/Illuminate/View/Compilers/Compiler.php create mode 100644 overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php create mode 100644 overrides/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php diff --git a/composer.json b/composer.json index d07ed95ec..01cf7ed61 100644 --- a/composer.json +++ b/composer.json @@ -140,6 +140,9 @@ "Illuminate\\Cache\\Console\\": "overrides/laravel/framework/src/Illuminate/Cache/Console/", "Dotenv\\": "overrides/vlucas/phpdotenv/src/", "Illuminate\\View\\": "overrides/laravel/framework/src/Illuminate/View/", + "Illuminate\\View\\Compilers\\": "overrides/laravel/framework/src/Illuminate/View/Compilers/", + "Illuminate\\View\\Compilers\\Concerns\\": "overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/", + "Illuminate\\View\\Concerns\\": "overrides/laravel/framework/src/Illuminate/View/Concerns/", "Symfony\\Component\\Routing\\": "overrides/symfony/routing/", "Symfony\\Component\\VarDumper\\Cloner\\": "overrides/symfony/var-dumper/Cloner/", "Symfony\\Component\\VarDumper\\Dumper\\": "overrides/symfony/var-dumper/Dumper/", @@ -252,6 +255,9 @@ "vendor/laravel/framework/src/Illuminate/Cache/Console/ClearCommand.php", "vendor/vlucas/phpdotenv/src/Loader.php", "vendor/laravel/framework/src/Illuminate/View/View.php", + "vendor/laravel/framework/src/Illuminate/View/Compilers/Compiler.php", + "vendor/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php", + "vendor/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php", "vendor/symfony/routing/Route.php", "vendor/symfony/routing/CompiledRoute.php", "vendor/symfony/var-dumper/Cloner/Data.php", diff --git a/overrides/laravel/framework/src/Illuminate/View/Compilers/Compiler.php b/overrides/laravel/framework/src/Illuminate/View/Compilers/Compiler.php new file mode 100644 index 000000000..b15c9df8a --- /dev/null +++ b/overrides/laravel/framework/src/Illuminate/View/Compilers/Compiler.php @@ -0,0 +1,74 @@ +files = $files; + $this->cachePath = $cachePath; + } + + /** + * Get the path to the compiled version of a view. + * + * @param string $path + * @return string + */ + public function getCompiledPath($path) + { + return $this->cachePath.'/'.sha1('v2'.$path).'.php'; + } + + /** + * Determine if the view at the given path is expired. + * + * @param string $path + * @return bool + */ + public function isExpired($path) + { + $compiled = $this->getCompiledPath($path); + + // If the compiled file doesn't exist we will indicate that the view is expired + // so that it can be re-compiled. Else, we will verify the last modification + // of the views is less than the modification times of the compiled views. + if (! $this->files->exists($compiled)) { + return true; + } + + return $this->files->lastModified($path) >= + $this->files->lastModified($compiled); + } +} diff --git a/overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php b/overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php new file mode 100644 index 000000000..f8282104b --- /dev/null +++ b/overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php @@ -0,0 +1,118 @@ +stripParentheses($expression); + + $echo = "make({$expression}, array_except(get_defined_vars(), array('__data', '__path')))->render(); ?>"; + + $this->footer[] = $echo; + + return ''; + } + + /** + * Compile the section statements into valid PHP. + * + * @param string $expression + * @return string + */ + protected function compileSection($expression) + { + $this->lastSection = trim($expression, "()'\" "); + + return "startSection{$expression}; ?>"; + } + + /** + * Replace the @parent directive to a placeholder. + * + * @return string + */ + protected function compileParent() + { + //return ViewFactory::parentPlaceholder($this->lastSection ?: ''); + + $escapedLastSection = strtr($this->lastSection, ['\\' => '\\\\', "'" => "\\'"]); + + return ""; + } + + /** + * Compile the yield statements into valid PHP. + * + * @param string $expression + * @return string + */ + protected function compileYield($expression) + { + return "yieldContent{$expression}; ?>"; + } + + /** + * Compile the show statements into valid PHP. + * + * @return string + */ + protected function compileShow() + { + return 'yieldSection(); ?>'; + } + + /** + * Compile the append statements into valid PHP. + * + * @return string + */ + protected function compileAppend() + { + return 'appendSection(); ?>'; + } + + /** + * Compile the overwrite statements into valid PHP. + * + * @return string + */ + protected function compileOverwrite() + { + return 'stopSection(true); ?>'; + } + + /** + * Compile the stop statements into valid PHP. + * + * @return string + */ + protected function compileStop() + { + return 'stopSection(); ?>'; + } + + /** + * Compile the end-section statements into valid PHP. + * + * @return string + */ + protected function compileEndsection() + { + return 'stopSection(); ?>'; + } +} diff --git a/overrides/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php b/overrides/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php new file mode 100644 index 000000000..b96049c3d --- /dev/null +++ b/overrides/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php @@ -0,0 +1,243 @@ +sectionStack[] = $section; + } + } else { + $this->extendSection($section, $content instanceof View ? $content : e($content)); + } + } + + /** + * Inject inline content into a section. + * + * @param string $section + * @param string $content + * @return void + */ + public function inject($section, $content) + { + $this->startSection($section, $content); + } + + /** + * Stop injecting content into a section and return its contents. + * + * @return string + */ + public function yieldSection() + { + if (empty($this->sectionStack)) { + return ''; + } + + return $this->yieldContent($this->stopSection()); + } + + /** + * Stop injecting content into a section. + * + * @param bool $overwrite + * @return string + * @throws \InvalidArgumentException + */ + public function stopSection($overwrite = false) + { + if (empty($this->sectionStack)) { + throw new InvalidArgumentException('Cannot end a section without first starting one.'); + } + + $last = array_pop($this->sectionStack); + + if ($overwrite) { + $this->sections[$last] = ob_get_clean(); + } else { + $this->extendSection($last, ob_get_clean()); + } + + return $last; + } + + /** + * Stop injecting content into a section and append it. + * + * @return string + * @throws \InvalidArgumentException + */ + public function appendSection() + { + if (empty($this->sectionStack)) { + throw new InvalidArgumentException('Cannot end a section without first starting one.'); + } + + $last = array_pop($this->sectionStack); + + if (isset($this->sections[$last])) { + $this->sections[$last] .= ob_get_clean(); + } else { + $this->sections[$last] = ob_get_clean(); + } + + return $last; + } + + /** + * Append content to a given section. + * + * @param string $section + * @param string $content + * @return void + */ + protected function extendSection($section, $content) + { + if (isset($this->sections[$section])) { + $content = str_replace(static::parentPlaceholder($section), $content, $this->sections[$section]); + } + + $this->sections[$section] = $content; + } + + /** + * Get the string contents of a section. + * + * @param string $section + * @param string $default + * @return string + */ + public function yieldContent($section, $default = '') + { + $sectionContent = $default instanceof View ? $default : e($default); + + if (isset($this->sections[$section])) { + $sectionContent = $this->sections[$section]; + } + + $sectionContent = str_replace('@@parent', '--parent--holder--', $sectionContent); + + return str_replace( + '--parent--holder--', '@parent', str_replace(static::parentPlaceholder($section), '', $sectionContent) + ); + } + + /** + * Get the parent placeholder for the current request. + * + * @param string $section + * @return string + */ + public static function parentPlaceholder($section = '') + { + if (! isset(static::$parentPlaceholder[$section])) { + //static::$parentPlaceholder[$section] = '##parent-placeholder-'.sha1($section).'##'; + $salt = static::parentPlaceholderSalt(); + + static::$parentPlaceholder[$section] = '##parent-placeholder-'.sha1($salt.$section).'##'; + } + + return static::$parentPlaceholder[$section]; + } + + /** + * Get the parent placeholder salt. + * + * @return string + */ + protected static function parentPlaceholderSalt() + { + if (! static::$parentPlaceholderSalt) { + return static::$parentPlaceholderSalt = Str::random(40); + } + + return static::$parentPlaceholderSalt; + } + + /** + * Check if section exists. + * + * @param string $name + * @return bool + */ + public function hasSection($name) + { + return array_key_exists($name, $this->sections); + } + + /** + * Get the contents of a section. + * + * @param string $name + * @param string $default + * @return mixed + */ + public function getSection($name, $default = null) + { + return $this->getSections()[$name] ?? $default; + } + + /** + * Get the entire array of sections. + * + * @return array + */ + public function getSections() + { + return $this->sections; + } + + /** + * Flush all of the sections. + * + * @return void + */ + public function flushSections() + { + $this->sections = []; + $this->sectionStack = []; + } +}