From 9dbf7b43a280a4464ea6c9644d82a1731f9dba00 Mon Sep 17 00:00:00 2001 From: bach Date: Tue, 31 Oct 2023 16:08:23 +0100 Subject: [PATCH] updated drupal core to 9.5.11 --- composer.json | 2 +- composer.lock | 321 ++++++++++++------------- web/.htaccess | 4 +- web/sites/default/default.settings.php | 19 ++ 4 files changed, 181 insertions(+), 165 deletions(-) diff --git a/composer.json b/composer.json index 3b613ae7..d4f4df12 100644 --- a/composer.json +++ b/composer.json @@ -23,7 +23,7 @@ "drupal/config_ignore": "^2.3", "drupal/core-composer-scaffold": "^9.3", "drupal/core-project-message": "^9.3", - "drupal/core-recommended": "*", + "drupal/core-recommended": "^9.5.11", "drupal/geocoder": "^3.20", "drupal/geofield": "^1.22", "drupal/hreflang": "^1.9", diff --git a/composer.lock b/composer.lock index 17785a99..1260225f 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "28c16f4277226e2ced8f978b7699246a", + "content-hash": "01a9076215c2fd6b34cddbc1d67515f0", "packages": [ { "name": "ajgl/breakpoint-twig-extension", @@ -4051,16 +4051,16 @@ }, { "name": "drupal/core", - "version": "9.5.7", + "version": "9.5.11", "source": { "type": "git", "url": "https://github.com/drupal/core.git", - "reference": "bf51aa8ed6ab733fcaf60d0860aefd3918140fe3" + "reference": "8afcb233c2a71501b35fed2713167c37831d5c19" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/drupal/core/zipball/bf51aa8ed6ab733fcaf60d0860aefd3918140fe3", - "reference": "bf51aa8ed6ab733fcaf60d0860aefd3918140fe3", + "url": "https://api.github.com/repos/drupal/core/zipball/8afcb233c2a71501b35fed2713167c37831d5c19", + "reference": "8afcb233c2a71501b35fed2713167c37831d5c19", "shasum": "" }, "require": { @@ -4083,8 +4083,8 @@ "ext-tokenizer": "*", "ext-xml": "*", "guzzlehttp/guzzle": "^6.5.8 || ^7.4.5", - "laminas/laminas-diactoros": "^2.14", "laminas/laminas-feed": "^2.17", + "longwave/laminas-diactoros": "^2.14", "masterminds/html5": "^2.7", "pear/archive_tar": "^1.4.14", "php": ">=7.3.0", @@ -4212,9 +4212,9 @@ ], "description": "Drupal is an open source content management platform powering millions of websites and applications.", "support": { - "source": "https://github.com/drupal/core/tree/9.5.7" + "source": "https://github.com/drupal/core/tree/9.5.11" }, - "time": "2023-03-24T16:54:38+00:00" + "time": "2023-09-19T17:58:28+00:00" }, { "name": "drupal/core-composer-scaffold", @@ -4309,16 +4309,16 @@ }, { "name": "drupal/core-recommended", - "version": "9.5.7", + "version": "9.5.11", "source": { "type": "git", "url": "https://github.com/drupal/core-recommended.git", - "reference": "4b63b8220b166ad9eca7b5ea05e485cbe1f2b4a7" + "reference": "af3521be5376e333ddcdbd31c5a169f16423b46f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/drupal/core-recommended/zipball/4b63b8220b166ad9eca7b5ea05e485cbe1f2b4a7", - "reference": "4b63b8220b166ad9eca7b5ea05e485cbe1f2b4a7", + "url": "https://api.github.com/repos/drupal/core-recommended/zipball/af3521be5376e333ddcdbd31c5a169f16423b46f", + "reference": "af3521be5376e333ddcdbd31c5a169f16423b46f", "shasum": "" }, "require": { @@ -4327,15 +4327,12 @@ "doctrine/annotations": "~1.13.3", "doctrine/lexer": "~1.2.3", "doctrine/reflection": "~1.2.3", - "drupal/core": "9.5.7", + "drupal/core": "9.5.11", "egulias/email-validator": "~3.2.1", "guzzlehttp/guzzle": "~6.5.8", "guzzlehttp/promises": "~1.5.2", - "guzzlehttp/psr7": "~1.9.0", - "laminas/laminas-diactoros": "~2.14.0", - "laminas/laminas-escaper": "~2.9.0", - "laminas/laminas-feed": "~2.17.0", - "laminas/laminas-stdlib": "~3.11.0", + "guzzlehttp/psr7": "~1.9.1", + "longwave/laminas-diactoros": "~2.14.2", "masterminds/html5": "~2.7.6", "pear/archive_tar": "~1.4.14", "pear/console_getopt": "~v1.4.3", @@ -4389,9 +4386,9 @@ ], "description": "Core and its dependencies with known-compatible minor versions. Require this project INSTEAD OF drupal/core.", "support": { - "source": "https://github.com/drupal/core-recommended/tree/9.5.7" + "source": "https://github.com/drupal/core-recommended/tree/9.5.11" }, - "time": "2023-03-24T16:54:38+00:00" + "time": "2023-09-19T17:58:28+00:00" }, { "name": "drupal/cshs", @@ -11395,134 +11392,35 @@ }, "time": "2019-10-17T18:05:24+00:00" }, - { - "name": "laminas/laminas-diactoros", - "version": "2.14.0", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-diactoros.git", - "reference": "6cb35f61913f06b2c91075db00f67cfd78869e28" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-diactoros/zipball/6cb35f61913f06b2c91075db00f67cfd78869e28", - "reference": "6cb35f61913f06b2c91075db00f67cfd78869e28", - "shasum": "" - }, - "require": { - "php": "^7.3 || ~8.0.0 || ~8.1.0", - "psr/http-factory": "^1.0", - "psr/http-message": "^1.0" - }, - "conflict": { - "phpspec/prophecy": "<1.9.0", - "zendframework/zend-diactoros": "*" - }, - "provide": { - "psr/http-factory-implementation": "1.0", - "psr/http-message-implementation": "1.0" - }, - "require-dev": { - "ext-curl": "*", - "ext-dom": "*", - "ext-gd": "*", - "ext-libxml": "*", - "http-interop/http-factory-tests": "^0.9.0", - "laminas/laminas-coding-standard": "~2.3.0", - "php-http/psr7-integration-tests": "^1.1.1", - "phpspec/prophecy-phpunit": "^2.0", - "phpunit/phpunit": "^9.5", - "psalm/plugin-phpunit": "^0.17.0", - "vimeo/psalm": "^4.24.0" - }, - "type": "library", - "extra": { - "laminas": { - "config-provider": "Laminas\\Diactoros\\ConfigProvider", - "module": "Laminas\\Diactoros" - } - }, - "autoload": { - "files": [ - "src/functions/create_uploaded_file.php", - "src/functions/marshal_headers_from_sapi.php", - "src/functions/marshal_method_from_sapi.php", - "src/functions/marshal_protocol_version_from_sapi.php", - "src/functions/marshal_uri_from_sapi.php", - "src/functions/normalize_server.php", - "src/functions/normalize_uploaded_files.php", - "src/functions/parse_cookie_header.php", - "src/functions/create_uploaded_file.legacy.php", - "src/functions/marshal_headers_from_sapi.legacy.php", - "src/functions/marshal_method_from_sapi.legacy.php", - "src/functions/marshal_protocol_version_from_sapi.legacy.php", - "src/functions/marshal_uri_from_sapi.legacy.php", - "src/functions/normalize_server.legacy.php", - "src/functions/normalize_uploaded_files.legacy.php", - "src/functions/parse_cookie_header.legacy.php" - ], - "psr-4": { - "Laminas\\Diactoros\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "PSR HTTP Message implementations", - "homepage": "https://laminas.dev", - "keywords": [ - "http", - "laminas", - "psr", - "psr-17", - "psr-7" - ], - "support": { - "chat": "https://laminas.dev/chat", - "docs": "https://docs.laminas.dev/laminas-diactoros/", - "forum": "https://discourse.laminas.dev", - "issues": "https://github.com/laminas/laminas-diactoros/issues", - "rss": "https://github.com/laminas/laminas-diactoros/releases.atom", - "source": "https://github.com/laminas/laminas-diactoros" - }, - "funding": [ - { - "url": "https://funding.communitybridge.org/projects/laminas-project", - "type": "community_bridge" - } - ], - "time": "2022-07-28T12:23:48+00:00" - }, { "name": "laminas/laminas-escaper", - "version": "2.9.0", + "version": "2.13.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-escaper.git", - "reference": "891ad70986729e20ed2e86355fcf93c9dc238a5f" + "reference": "af459883f4018d0f8a0c69c7a209daef3bf973ba" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-escaper/zipball/891ad70986729e20ed2e86355fcf93c9dc238a5f", - "reference": "891ad70986729e20ed2e86355fcf93c9dc238a5f", + "url": "https://api.github.com/repos/laminas/laminas-escaper/zipball/af459883f4018d0f8a0c69c7a209daef3bf973ba", + "reference": "af459883f4018d0f8a0c69c7a209daef3bf973ba", "shasum": "" }, "require": { - "php": "^7.3 || ~8.0.0 || ~8.1.0" + "ext-ctype": "*", + "ext-mbstring": "*", + "php": "~8.1.0 || ~8.2.0 || ~8.3.0" }, "conflict": { "zendframework/zend-escaper": "*" }, "require-dev": { - "laminas/laminas-coding-standard": "~2.3.0", - "phpunit/phpunit": "^9.3", - "psalm/plugin-phpunit": "^0.12.2", - "vimeo/psalm": "^3.16" - }, - "suggest": { - "ext-iconv": "*", - "ext-mbstring": "*" + "infection/infection": "^0.27.0", + "laminas/laminas-coding-standard": "~2.5.0", + "maglnet/composer-require-checker": "^3.8.0", + "phpunit/phpunit": "^9.6.7", + "psalm/plugin-phpunit": "^0.18.4", + "vimeo/psalm": "^5.9" }, "type": "library", "autoload": { @@ -11554,20 +11452,20 @@ "type": "community_bridge" } ], - "time": "2021-09-02T17:10:53+00:00" + "time": "2023-10-10T08:35:13+00:00" }, { "name": "laminas/laminas-feed", - "version": "2.17.0", + "version": "2.22.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-feed.git", - "reference": "1ccb024ea615606ed1d676ba0fa3f22a398f3ac0" + "reference": "669792b819fca7274698147ad7a2ecc1b0a9b141" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-feed/zipball/1ccb024ea615606ed1d676ba0fa3f22a398f3ac0", - "reference": "1ccb024ea615606ed1d676ba0fa3f22a398f3ac0", + "url": "https://api.github.com/repos/laminas/laminas-feed/zipball/669792b819fca7274698147ad7a2ecc1b0a9b141", + "reference": "669792b819fca7274698147ad7a2ecc1b0a9b141", "shasum": "" }, "require": { @@ -11575,23 +11473,24 @@ "ext-libxml": "*", "laminas/laminas-escaper": "^2.9", "laminas/laminas-stdlib": "^3.6", - "php": "^7.3 || ~8.0.0 || ~8.1.0" + "php": "~8.1.0 || ~8.2.0 || ~8.3.0" }, "conflict": { "laminas/laminas-servicemanager": "<3.3", "zendframework/zend-feed": "*" }, "require-dev": { - "laminas/laminas-cache": "^2.7.2", - "laminas/laminas-coding-standard": "~2.2.1", - "laminas/laminas-db": "^2.13.3", - "laminas/laminas-http": "^2.15", - "laminas/laminas-servicemanager": "^3.7", - "laminas/laminas-validator": "^2.15", - "phpunit/phpunit": "^9.5.5", - "psalm/plugin-phpunit": "^0.13.0", - "psr/http-message": "^1.0.1", - "vimeo/psalm": "^4.1" + "laminas/laminas-cache": "^2.13.2 || ^3.11", + "laminas/laminas-cache-storage-adapter-memory": "^1.1.0 || ^2.2", + "laminas/laminas-coding-standard": "~2.5.0", + "laminas/laminas-db": "^2.18", + "laminas/laminas-http": "^2.18", + "laminas/laminas-servicemanager": "^3.21.0", + "laminas/laminas-validator": "^2.38", + "phpunit/phpunit": "^10.3.1", + "psalm/plugin-phpunit": "^0.18.4", + "psr/http-message": "^2.0", + "vimeo/psalm": "^5.14.1" }, "suggest": { "laminas/laminas-cache": "Laminas\\Cache component, for optionally caching feeds between requests", @@ -11611,11 +11510,13 @@ "license": [ "BSD-3-Clause" ], - "description": "provides functionality for consuming RSS and Atom feeds", + "description": "provides functionality for creating and consuming RSS and Atom feeds", "homepage": "https://laminas.dev", "keywords": [ + "atom", "feed", - "laminas" + "laminas", + "rss" ], "support": { "chat": "https://laminas.dev/chat", @@ -11631,34 +11532,34 @@ "type": "community_bridge" } ], - "time": "2022-03-24T10:26:04+00:00" + "time": "2023-10-11T20:16:37+00:00" }, { "name": "laminas/laminas-stdlib", - "version": "3.11.0", + "version": "3.18.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-stdlib.git", - "reference": "aad7d2b11ba0069ba0d9b40f6dde3c2fa664b57f" + "reference": "e85b29076c6216e7fc98e72b42dbe1bbc3b95ecf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-stdlib/zipball/aad7d2b11ba0069ba0d9b40f6dde3c2fa664b57f", - "reference": "aad7d2b11ba0069ba0d9b40f6dde3c2fa664b57f", + "url": "https://api.github.com/repos/laminas/laminas-stdlib/zipball/e85b29076c6216e7fc98e72b42dbe1bbc3b95ecf", + "reference": "e85b29076c6216e7fc98e72b42dbe1bbc3b95ecf", "shasum": "" }, "require": { - "php": "^7.3 || ~8.0.0 || ~8.1.0" + "php": "~8.1.0 || ~8.2.0 || ~8.3.0" }, "conflict": { "zendframework/zend-stdlib": "*" }, "require-dev": { - "laminas/laminas-coding-standard": "~2.3.0", - "phpbench/phpbench": "^1.0", - "phpunit/phpunit": "^9.3.7", - "psalm/plugin-phpunit": "^0.17.0", - "vimeo/psalm": "^4.7" + "laminas/laminas-coding-standard": "^2.5", + "phpbench/phpbench": "^1.2.14", + "phpunit/phpunit": "^10.3.3", + "psalm/plugin-phpunit": "^0.18.4", + "vimeo/psalm": "^5.15.0" }, "type": "library", "autoload": { @@ -11690,7 +11591,7 @@ "type": "community_bridge" } ], - "time": "2022-07-27T12:28:58+00:00" + "time": "2023-09-19T10:15:21+00:00" }, { "name": "league/container", @@ -11771,6 +11672,102 @@ ], "time": "2021-07-09T08:23:52+00:00" }, + { + "name": "longwave/laminas-diactoros", + "version": "2.14.2", + "source": { + "type": "git", + "url": "https://github.com/longwave/laminas-diactoros.git", + "reference": "ae4f0becf249ae8eea8f2f8f9fb927104e55a885" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/longwave/laminas-diactoros/zipball/ae4f0becf249ae8eea8f2f8f9fb927104e55a885", + "reference": "ae4f0becf249ae8eea8f2f8f9fb927104e55a885", + "shasum": "" + }, + "require": { + "php": "^7.3 || ~8.0.0 || ~8.1.0 || ~8.2.0", + "psr/http-factory": "^1.0", + "psr/http-message": "^1.0" + }, + "conflict": { + "phpspec/prophecy": "<1.9.0", + "zendframework/zend-diactoros": "*" + }, + "provide": { + "psr/http-factory-implementation": "1.0", + "psr/http-message-implementation": "1.0" + }, + "replace": { + "laminas/laminas-diactoros": "2.18.1" + }, + "require-dev": { + "ext-curl": "*", + "ext-dom": "*", + "ext-gd": "*", + "ext-libxml": "*", + "http-interop/http-factory-tests": "^0.9.0", + "laminas/laminas-coding-standard": "~2.3.0", + "php-http/psr7-integration-tests": "^1.1.1", + "phpspec/prophecy-phpunit": "^2.0", + "phpunit/phpunit": "^9.5", + "psalm/plugin-phpunit": "^0.17.0", + "vimeo/psalm": "^4.24.0" + }, + "type": "library", + "extra": { + "laminas": { + "config-provider": "Laminas\\Diactoros\\ConfigProvider", + "module": "Laminas\\Diactoros" + } + }, + "autoload": { + "files": [ + "src/functions/create_uploaded_file.php", + "src/functions/marshal_headers_from_sapi.php", + "src/functions/marshal_method_from_sapi.php", + "src/functions/marshal_protocol_version_from_sapi.php", + "src/functions/marshal_uri_from_sapi.php", + "src/functions/normalize_server.php", + "src/functions/normalize_uploaded_files.php", + "src/functions/parse_cookie_header.php", + "src/functions/create_uploaded_file.legacy.php", + "src/functions/marshal_headers_from_sapi.legacy.php", + "src/functions/marshal_method_from_sapi.legacy.php", + "src/functions/marshal_protocol_version_from_sapi.legacy.php", + "src/functions/marshal_uri_from_sapi.legacy.php", + "src/functions/normalize_server.legacy.php", + "src/functions/normalize_uploaded_files.legacy.php", + "src/functions/parse_cookie_header.legacy.php" + ], + "psr-4": { + "Laminas\\Diactoros\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "PSR HTTP Message implementations", + "homepage": "https://laminas.dev", + "keywords": [ + "http", + "laminas", + "psr", + "psr-17", + "psr-7" + ], + "support": { + "chat": "https://laminas.dev/chat", + "docs": "https://docs.laminas.dev/laminas-diactoros/", + "forum": "https://discourse.laminas.dev", + "issues": "https://github.com/laminas/laminas-diactoros/issues", + "rss": "https://github.com/laminas/laminas-diactoros/releases.atom", + "source": "https://github.com/laminas/laminas-diactoros" + }, + "time": "2023-04-26T21:27:14+00:00" + }, { "name": "lsolesen/pel", "version": "0.9.12", diff --git a/web/.htaccess b/web/.htaccess index 98ead1fb..1575c51f 100644 --- a/web/.htaccess +++ b/web/.htaccess @@ -158,12 +158,12 @@ AddEncoding gzip svgz # Serve gzip compressed CSS files if they exist and the client accepts gzip. RewriteCond %{HTTP:Accept-encoding} gzip RewriteCond %{REQUEST_FILENAME}\.gz -s - RewriteRule ^(.*css_[a-zA-Z0-9-_])\.css$ $1\.css\.gz [QSA] + RewriteRule ^(.*css_[a-zA-Z0-9-_]+)\.css$ $1\.css\.gz [QSA] # Serve gzip compressed JS files if they exist and the client accepts gzip. RewriteCond %{HTTP:Accept-encoding} gzip RewriteCond %{REQUEST_FILENAME}\.gz -s - RewriteRule ^(.*js_[a-zA-Z0-9-_])\.js$ $1\.js\.gz [QSA] + RewriteRule ^(.*js_[a-zA-Z0-9-_]+)\.js$ $1\.js\.gz [QSA] # Serve correct content types, and prevent double compression. RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1,E=no-brotli:1] diff --git a/web/sites/default/default.settings.php b/web/sites/default/default.settings.php index 5615be3d..20d78936 100644 --- a/web/sites/default/default.settings.php +++ b/web/sites/default/default.settings.php @@ -531,6 +531,25 @@ $settings['update_free_access'] = FALSE; */ # $settings['file_additional_public_schemes'] = ['example']; +/** + * File schemes whose paths should not be normalized: + * + * Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order + * to prevent unintended file access. For example, 'private://css/../image.png' + * is normalized to 'private://image.png' before checking access to the file. + * + * On Windows, Drupal also replaces '\' with '/' in URIs for the local + * filesystem. + * + * If file URIs with one or more scheme should not be normalized like this, then + * list the schemes here. For example, if 'porcelain://china/./plate.png' should + * not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to + * this array. In this case, make sure that the module providing the 'porcelain' + * scheme does not allow unintended file access when using '/../' to move up the + * directory tree. + */ +# $settings['file_sa_core_2023_005_schemes'] = ['porcelain']; + /** * Private file path: *