From 166713175379463d8068a7379112c8fcb2e67dfb Mon Sep 17 00:00:00 2001
From: bcweaver <brianweaver@gmail.com>
Date: Thu, 17 Jan 2019 10:16:32 -0500
Subject: [PATCH] Hotfix update core:  8.6.6  -->  8.6.7

---
 composer.lock                                        | 10 +++++-----
 vendor/composer/installed.json                       | 12 ++++++------
 web/core/lib/Drupal.php                              |  2 +-
 .../Core/Security/PharExtensionInterceptor.php       | 12 +++++++++---
 4 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/composer.lock b/composer.lock
index a17af02b90..bec7d5c7b6 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2376,16 +2376,16 @@
         },
         {
             "name": "drupal/core",
-            "version": "8.6.6",
+            "version": "8.6.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/drupal/core.git",
-                "reference": "6736973f399a3a9ac8ecd41f3a159e1153f7ee39"
+                "reference": "e0a09bda1da7552204464894811a59387608c9f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/drupal/core/zipball/6736973f399a3a9ac8ecd41f3a159e1153f7ee39",
-                "reference": "6736973f399a3a9ac8ecd41f3a159e1153f7ee39",
+                "url": "https://api.github.com/repos/drupal/core/zipball/e0a09bda1da7552204464894811a59387608c9f9",
+                "reference": "e0a09bda1da7552204464894811a59387608c9f9",
                 "shasum": ""
             },
             "require": {
@@ -2614,7 +2614,7 @@
                 "GPL-2.0-or-later"
             ],
             "description": "Drupal is an open source content management platform powering millions of websites and applications.",
-            "time": "2019-01-15T17:41:52+00:00"
+            "time": "2019-01-16T23:30:03+00:00"
         },
         {
             "name": "drupal/crop",
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 0ce9ca1641..6d36966ae3 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -2455,17 +2455,17 @@
     },
     {
         "name": "drupal/core",
-        "version": "8.6.6",
-        "version_normalized": "8.6.6.0",
+        "version": "8.6.7",
+        "version_normalized": "8.6.7.0",
         "source": {
             "type": "git",
             "url": "https://github.com/drupal/core.git",
-            "reference": "6736973f399a3a9ac8ecd41f3a159e1153f7ee39"
+            "reference": "e0a09bda1da7552204464894811a59387608c9f9"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/drupal/core/zipball/6736973f399a3a9ac8ecd41f3a159e1153f7ee39",
-            "reference": "6736973f399a3a9ac8ecd41f3a159e1153f7ee39",
+            "url": "https://api.github.com/repos/drupal/core/zipball/e0a09bda1da7552204464894811a59387608c9f9",
+            "reference": "e0a09bda1da7552204464894811a59387608c9f9",
             "shasum": ""
         },
         "require": {
@@ -2638,7 +2638,7 @@
             "symfony/debug": "^3.4.0",
             "symfony/phpunit-bridge": "^3.4.3"
         },
-        "time": "2019-01-15T17:41:52+00:00",
+        "time": "2019-01-16T23:30:03+00:00",
         "type": "drupal-core",
         "extra": {
             "merge-plugin": {
diff --git a/web/core/lib/Drupal.php b/web/core/lib/Drupal.php
index 76dba3c8aa..a5aa5214f4 100644
--- a/web/core/lib/Drupal.php
+++ b/web/core/lib/Drupal.php
@@ -82,7 +82,7 @@ class Drupal {
   /**
    * The current system version.
    */
-  const VERSION = '8.6.6';
+  const VERSION = '8.6.7';
 
   /**
    * Core API compatibility.
diff --git a/web/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php b/web/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php
index a77e9f84c2..2e1a0cbc8b 100644
--- a/web/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php
+++ b/web/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php
@@ -22,7 +22,6 @@ class PharExtensionInterceptor implements Assertable {
    *
    * @param string $path
    *   The path of the phar file to check.
-   *
    * @param string $command
    *   The command being carried out.
    *
@@ -46,6 +45,8 @@ public function assert($path, $command) {
   }
 
   /**
+   * Determines if a path has a .phar extension or invoked execution.
+   *
    * @param string $path
    *   The path of the phar file to check.
    *
@@ -62,8 +63,13 @@ private function baseFileContainsPharExtension($path) {
     // not not have .phar extension then this should be allowed. For
     // example, some CLI tools recommend removing the extension.
     $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
-    $caller = array_pop($backtrace);
-    if (isset($caller['file']) && $baseFile === $caller['file']) {
+    // Find the last entry in the backtrace containing a 'file' key as
+    // sometimes the last caller is executed outside the scope of a file. For
+    // example, this occurs with shutdown functions.
+    do {
+      $caller = array_pop($backtrace);
+    } while (empty($caller['file']) && !empty($backtrace));
+    if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) {
       return TRUE;
     }
     $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION);
-- 
GitLab