Skip to content
Snippets Groups Projects
Commit 060a04f2 authored by Michael Lee's avatar Michael Lee
Browse files

Upgrading drupal/core (9.3.15 => 9.3.16)

parent 81d0b2c6
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
composer.lock
+ 22
21
View file @ 060a04f2
......@@ -2967,16 +2967,16 @@
},
{
"name": "drupal/core",
"version": "9.3.15",
"version": "9.3.16",
"source": {
"type": "git",
"url": "https://github.com/drupal/core.git",
"reference": "c29310a4d08d5072d7f713da744c0831636b4779"
"reference": "eef5b91fa6689410325d569a0653878b2b1782ed"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/core/zipball/c29310a4d08d5072d7f713da744c0831636b4779",
"reference": "c29310a4d08d5072d7f713da744c0831636b4779",
"url": "https://api.github.com/repos/drupal/core/zipball/eef5b91fa6689410325d569a0653878b2b1782ed",
"reference": "eef5b91fa6689410325d569a0653878b2b1782ed",
"shasum": ""
},
"require": {
......@@ -2998,7 +2998,7 @@
"ext-spl": "*",
"ext-tokenizer": "*",
"ext-xml": "*",
"guzzlehttp/guzzle": "^6.5.6",
"guzzlehttp/guzzle": "^6.5.7",
"laminas/laminas-diactoros": "^2.1",
"laminas/laminas-feed": "^2.12",
"masterminds/html5": "^2.1",
......@@ -3218,9 +3218,9 @@
],
"description": "Drupal is an open source content management platform powering millions of websites and applications.",
"support": {
"source": "https://github.com/drupal/core/tree/9.3.15"
"source": "https://github.com/drupal/core/tree/9.3.16"
},
"time": "2022-06-01T15:45:43+00:00"
"time": "2022-06-10T19:08:28+00:00"
},
{
"name": "drupal/core-composer-scaffold",
......@@ -3274,16 +3274,16 @@
},
{
"name": "drupal/core-recommended",
"version": "9.3.15",
"version": "9.3.16",
"source": {
"type": "git",
"url": "https://github.com/drupal/core-recommended.git",
"reference": "36b1d9dbe4f946b3c19fb91831aa1994e1e38782"
"reference": "11ea8b32924c646b29d7d767e655ffedd2982092"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/core-recommended/zipball/36b1d9dbe4f946b3c19fb91831aa1994e1e38782",
"reference": "36b1d9dbe4f946b3c19fb91831aa1994e1e38782",
"url": "https://api.github.com/repos/drupal/core-recommended/zipball/11ea8b32924c646b29d7d767e655ffedd2982092",
"reference": "11ea8b32924c646b29d7d767e655ffedd2982092",
"shasum": ""
},
"require": {
......@@ -3292,9 +3292,9 @@
"doctrine/annotations": "1.13.2",
"doctrine/lexer": "1.2.1",
"doctrine/reflection": "1.2.2",
"drupal/core": "9.3.15",
"drupal/core": "9.3.16",
"egulias/email-validator": "3.1.2",
"guzzlehttp/guzzle": "6.5.6",
"guzzlehttp/guzzle": "6.5.7",
"guzzlehttp/promises": "1.5.1",
"guzzlehttp/psr7": "1.8.5",
"laminas/laminas-diactoros": "2.8.0",
......@@ -3354,9 +3354,9 @@
],
"description": "Locked core dependencies; require this project INSTEAD OF drupal/core.",
"support": {
"source": "https://github.com/drupal/core-recommended/tree/9.3.15"
"source": "https://github.com/drupal/core-recommended/tree/9.3.16"
},
"time": "2022-06-01T15:45:43+00:00"
"time": "2022-06-10T19:08:28+00:00"
},
{
"name": "drupal/crop",
......@@ -8755,16 +8755,16 @@
},
{
"name": "guzzlehttp/guzzle",
"version": "6.5.6",
"version": "6.5.7",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "f092dd734083473658de3ee4bef093ed77d2689c"
"reference": "724562fa861e21a4071c652c8a159934e4f05592"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c",
"reference": "f092dd734083473658de3ee4bef093ed77d2689c",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
"reference": "724562fa861e21a4071c652c8a159934e4f05592",
"shasum": ""
},
"require": {
......@@ -8850,7 +8850,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/6.5.6"
"source": "https://github.com/guzzle/guzzle/tree/6.5.7"
},
"funding": [
{
......@@ -8866,7 +8866,7 @@
"type": "tidelift"
}
],
"time": "2022-05-25T13:19:12+00:00"
"time": "2022-06-09T21:36:50+00:00"
},
{
"name": "guzzlehttp/promises",
......@@ -12785,6 +12785,7 @@
"type": "tidelift"
}
],
"abandoned": "symfony/error-handler",
"time": "2021-09-24T13:30:14+00:00"
},
{
......
vendor/composer/installed.json
+ 24
24
View file @ 060a04f2
......@@ -3053,17 +3053,17 @@
},
{
"name": "drupal/core",
"version": "9.3.15",
"version_normalized": "9.3.15.0",
"version": "9.3.16",
"version_normalized": "9.3.16.0",
"source": {
"type": "git",
"url": "https://github.com/drupal/core.git",
"reference": "c29310a4d08d5072d7f713da744c0831636b4779"
"reference": "eef5b91fa6689410325d569a0653878b2b1782ed"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/core/zipball/c29310a4d08d5072d7f713da744c0831636b4779",
"reference": "c29310a4d08d5072d7f713da744c0831636b4779",
"url": "https://api.github.com/repos/drupal/core/zipball/eef5b91fa6689410325d569a0653878b2b1782ed",
"reference": "eef5b91fa6689410325d569a0653878b2b1782ed",
"shasum": ""
},
"require": {
......@@ -3085,7 +3085,7 @@
"ext-spl": "*",
"ext-tokenizer": "*",
"ext-xml": "*",
"guzzlehttp/guzzle": "^6.5.6",
"guzzlehttp/guzzle": "^6.5.7",
"laminas/laminas-diactoros": "^2.1",
"laminas/laminas-feed": "^2.12",
"masterminds/html5": "^2.1",
......@@ -3230,7 +3230,7 @@
"drupal/workflows": "self.version",
"drupal/workspaces": "self.version"
},
"time": "2022-06-01T15:45:43+00:00",
"time": "2022-06-10T19:08:28+00:00",
"type": "drupal-core",
"extra": {
"drupal-scaffold": {
......@@ -3311,7 +3311,7 @@
],
"description": "Drupal is an open source content management platform powering millions of websites and applications.",
"support": {
"source": "https://github.com/drupal/core/tree/9.3.15"
"source": "https://github.com/drupal/core/tree/9.3.16"
},
"install-path": "../../web/core"
},
......@@ -3367,17 +3367,17 @@
},
{
"name": "drupal/core-recommended",
"version": "9.3.15",
"version_normalized": "9.3.15.0",
"version": "9.3.16",
"version_normalized": "9.3.16.0",
"source": {
"type": "git",
"url": "https://github.com/drupal/core-recommended.git",
"reference": "36b1d9dbe4f946b3c19fb91831aa1994e1e38782"
"reference": "11ea8b32924c646b29d7d767e655ffedd2982092"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/core-recommended/zipball/36b1d9dbe4f946b3c19fb91831aa1994e1e38782",
"reference": "36b1d9dbe4f946b3c19fb91831aa1994e1e38782",
"url": "https://api.github.com/repos/drupal/core-recommended/zipball/11ea8b32924c646b29d7d767e655ffedd2982092",
"reference": "11ea8b32924c646b29d7d767e655ffedd2982092",
"shasum": ""
},
"require": {
......@@ -3386,9 +3386,9 @@
"doctrine/annotations": "1.13.2",
"doctrine/lexer": "1.2.1",
"doctrine/reflection": "1.2.2",
"drupal/core": "9.3.15",
"drupal/core": "9.3.16",
"egulias/email-validator": "3.1.2",
"guzzlehttp/guzzle": "6.5.6",
"guzzlehttp/guzzle": "6.5.7",
"guzzlehttp/promises": "1.5.1",
"guzzlehttp/psr7": "1.8.5",
"laminas/laminas-diactoros": "2.8.0",
......@@ -3441,7 +3441,7 @@
"conflict": {
"webflo/drupal-core-strict": "*"
},
"time": "2022-06-01T15:45:43+00:00",
"time": "2022-06-10T19:08:28+00:00",
"type": "metapackage",
"notification-url": "https://packagist.org/downloads/",
"license": [
......@@ -3449,7 +3449,7 @@
],
"description": "Locked core dependencies; require this project INSTEAD OF drupal/core.",
"support": {
"source": "https://github.com/drupal/core-recommended/tree/9.3.15"
"source": "https://github.com/drupal/core-recommended/tree/9.3.16"
},
"install-path": null
},
......@@ -9081,17 +9081,17 @@
},
{
"name": "guzzlehttp/guzzle",
"version": "6.5.6",
"version_normalized": "6.5.6.0",
"version": "6.5.7",
"version_normalized": "6.5.7.0",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "f092dd734083473658de3ee4bef093ed77d2689c"
"reference": "724562fa861e21a4071c652c8a159934e4f05592"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c",
"reference": "f092dd734083473658de3ee4bef093ed77d2689c",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
"reference": "724562fa861e21a4071c652c8a159934e4f05592",
"shasum": ""
},
"require": {
......@@ -9109,7 +9109,7 @@
"suggest": {
"psr/log": "Required for using the Log middleware"
},
"time": "2022-05-25T13:19:12+00:00",
"time": "2022-06-09T21:36:50+00:00",
"type": "library",
"extra": {
"branch-alias": {
......@@ -9179,7 +9179,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/6.5.6"
"source": "https://github.com/guzzle/guzzle/tree/6.5.7"
},
"funding": [
{
......
vendor/composer/installed.php
+ 124
124
View file @ 060a04f2
This diff is collapsed.
vendor/guzzlehttp/guzzle/CHANGELOG.md
+ 5
0
View file @ 060a04f2
# Change Log
## 6.5.7 - 2022-06-09
* Fix failure to strip Authorization header on HTTP downgrade
* Fix failure to strip the Cookie header on change in host or HTTP downgrade
## 6.5.6 - 2022-05-25
* Fix cross-domain cookie leakage
......
vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
+ 32
6
View file @ 060a04f2
......@@ -141,7 +141,7 @@ function (ResponseInterface $response) use ($uri, $statusCode) {
}
/**
* Check for too many redirects
* Check for too many redirects.
*
* @return void
*
......@@ -190,7 +190,7 @@ public function modifyRequest(
$modify['body'] = '';
}
$uri = $this->redirectUri($request, $response, $protocols);
$uri = self::redirectUri($request, $response, $protocols);
if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) {
$idnOptions = ($options['idn_conversion'] === true) ? IDNA_DEFAULT : $options['idn_conversion'];
$uri = Utils::idnUriConvert($uri, $idnOptions);
......@@ -210,16 +210,42 @@ public function modifyRequest(
$modify['remove_headers'][] = 'Referer';
}
// Remove Authorization header if host is different.
if ($request->getUri()->getHost() !== $modify['uri']->getHost()) {
// Remove Authorization and Cookie headers if required.
if (self::shouldStripSensitiveHeaders($request->getUri(), $modify['uri'])) {
$modify['remove_headers'][] = 'Authorization';
$modify['remove_headers'][] = 'Cookie';
}
return Psr7\modify_request($request, $modify);
}
/**
* Set the appropriate URL on the request based on the location header
* Determine if we should strip sensitive headers from the request.
*
* We return true if either of the following conditions are true:
*
* 1. the host is different;
* 2. the scheme has changed, and now is non-https.
*
* @return bool
*/
private static function shouldStripSensitiveHeaders(
UriInterface $originalUri,
UriInterface $modifiedUri
) {
if (strcasecmp($originalUri->getHost(), $modifiedUri->getHost()) !== 0) {
return true;
}
if ($originalUri->getScheme() !== $modifiedUri->getScheme() && 'https' !== $modifiedUri->getScheme()) {
return true;
}
return false;
}
/**
* Set the appropriate URL on the request based on the location header.
*
* @param RequestInterface $request
* @param ResponseInterface $response
......@@ -227,7 +253,7 @@ public function modifyRequest(
*
* @return UriInterface
*/
private function redirectUri(
private static function redirectUri(
RequestInterface $request,
ResponseInterface $response,
array $protocols
......
web/core/composer.json
+ 1
1
View file @ 060a04f2
......@@ -36,7 +36,7 @@
"twig/twig": "^2.12.0",
"doctrine/reflection": "^1.1",
"doctrine/annotations": "^1.12",
"guzzlehttp/guzzle": "^6.5.6",
"guzzlehttp/guzzle": "^6.5.7",
"symfony-cmf/routing": "^2.1",
"laminas/laminas-feed": "^2.12",
"stack/builder": "^1.0",
......
web/core/lib/Drupal.php
+ 1
1
View file @ 060a04f2
......@@ -75,7 +75,7 @@ class Drupal {
/**
* The current system version.
*/
const VERSION = '9.3.15';
const VERSION = '9.3.16';
/**
* Core API compatibility.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment