nextcloud · rullzer · Jan 15, 2019 · Jan 15, 2019
diff --git a/composer.json b/composer.json
@@ -33,7 +33,7 @@
 		"nikic/php-parser": "1.4.1",
 		"patchwork/jsqueeze": "^2.0",
 		"patchwork/utf8": "1.3.1",
-		"pear/archive_tar": "1.4.3",
+		"pear/archive_tar": "1.4.5",
 		"pear/pear-core-minimal": "^v1.10",
 		"phpseclib/phpseclib": "2.0.11",
 		"php-opencloud/openstack": "3.0.5",

diff --git a/composer.lock b/composer.lock
diff --git a/composer/ClassLoader.php b/composer/ClassLoader.php
@@ -279,7 +279,7 @@ public function isClassMapAuthoritative()
      */
     public function setApcuPrefix($apcuPrefix)
     {
-        $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
+        $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
     }
 
     /**

diff --git a/composer/installed.json b/composer/installed.json
@@ -1824,17 +1824,17 @@
     },
     {
         "name": "pear/archive_tar",
-        "version": "1.4.3",
-        "version_normalized": "1.4.3.0",
+        "version": "1.4.5",
+        "version_normalized": "1.4.5.0",
         "source": {
             "type": "git",
             "url": "https://github.com/pear/Archive_Tar.git",
-            "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb"
+            "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
-            "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
+            "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/ff716ca697c5e9e8593212cb785ffd03ee11b01f",
+            "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f",
             "shasum": ""
         },
         "require": {
@@ -1845,11 +1845,11 @@
             "phpunit/phpunit": "*"
         },
         "suggest": {
-            "ext-bz2": "bz2 compression support.",
-            "ext-xz": "lzma2 compression support.",
+            "ext-bz2": "Bz2 compression support.",
+            "ext-xz": "Lzma2 compression support.",
             "ext-zlib": "Gzip compression support."
         },
-        "time": "2017-06-11T17:28:11+00:00",
+        "time": "2019-01-02T21:45:13+00:00",
         "type": "library",
         "extra": {
             "branch-alias": {
@@ -1883,7 +1883,7 @@
                 "email": "mrook@php.net"
             }
         ],
-        "description": "Tar file management class",
+        "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
         "homepage": "https://github.com/pear/Archive_Tar",
         "keywords": [
             "archive",

diff --git a/pear/archive_tar/.gitignore b/pear/archive_tar/.gitignore
@@ -4,3 +4,7 @@ composer.phar
 vendor
 # IDE
 .idea
+# eclipse
+.buildpath
+.project
+.settings
diff --git a/pear/archive_tar/Archive/Tar.php b/pear/archive_tar/Archive/Tar.php
@@ -1337,10 +1337,22 @@ public function _writeHeader($p_filename, $p_stored_filename)
         if ($p_stored_filename == '') {
             $p_stored_filename = $p_filename;
         }
-        $v_reduce_filename = $this->_pathReduction($p_stored_filename);
 
-        if (strlen($v_reduce_filename) > 99) {
-            if (!$this->_writeLongHeader($v_reduce_filename)) {
+        $v_reduced_filename = $this->_pathReduction($p_stored_filename);
+
+        if (strlen($v_reduced_filename) > 99) {
+            if (!$this->_writeLongHeader($v_reduced_filename, false)) {
+                return false;
+            }
+        }
+
+        $v_linkname = '';
+        if (@is_link($p_filename)) {
+            $v_linkname = readlink($p_filename);
+        }
+
+        if (strlen($v_linkname) > 99) {
+            if (!$this->_writeLongHeader($v_linkname, true)) {
                 return false;
             }
         }
@@ -1349,14 +1361,10 @@ public function _writeHeader($p_filename, $p_stored_filename)
         $v_uid = sprintf("%07s", DecOct($v_info[4]));
         $v_gid = sprintf("%07s", DecOct($v_info[5]));
         $v_perms = sprintf("%07s", DecOct($v_info['mode'] & 000777));
-
         $v_mtime = sprintf("%011s", DecOct($v_info['mtime']));
 
-        $v_linkname = '';
-
         if (@is_link($p_filename)) {
             $v_typeflag = '2';
-            $v_linkname = readlink($p_filename);
             $v_size = sprintf("%011s", DecOct(0));
         } elseif (@is_dir($p_filename)) {
             $v_typeflag = "5";
@@ -1368,7 +1376,6 @@ public function _writeHeader($p_filename, $p_stored_filename)
         }
 
         $v_magic = 'ustar ';
-
         $v_version = ' ';
 
         if (function_exists('posix_getpwuid')) {
@@ -1383,14 +1390,12 @@ public function _writeHeader($p_filename, $p_stored_filename)
         }
 
         $v_devmajor = '';
-
         $v_devminor = '';
-
         $v_prefix = '';
 
         $v_binary_data_first = pack(
             "a100a8a8a8a12a12",
-            $v_reduce_filename,
+            $v_reduced_filename,
             $v_perms,
             $v_uid,
             $v_gid,
@@ -1430,7 +1435,7 @@ public function _writeHeader($p_filename, $p_stored_filename)
         $this->_writeBlock($v_binary_data_first, 148);
 
         // ----- Write the calculated checksum
-        $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+        $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
         $v_binary_data = pack("a8", $v_checksum);
         $this->_writeBlock($v_binary_data, 8);
 
@@ -1462,7 +1467,7 @@ public function _writeHeaderBlock(
         $p_filename = $this->_pathReduction($p_filename);
 
         if (strlen($p_filename) > 99) {
-            if (!$this->_writeLongHeader($p_filename)) {
+            if (!$this->_writeLongHeader($p_filename, false)) {
                 return false;
             }
         }
@@ -1558,36 +1563,31 @@ public function _writeHeaderBlock(
      * @param string $p_filename
      * @return bool
      */
-    public function _writeLongHeader($p_filename)
+    public function _writeLongHeader($p_filename, $is_link = false)
     {
-        $v_size = sprintf("%11s ", DecOct(strlen($p_filename)));
-
-        $v_typeflag = 'L';
-
+        $v_uid = sprintf("%07s", 0);
+        $v_gid = sprintf("%07s", 0);
+        $v_perms = sprintf("%07s", 0);
+        $v_size = sprintf("%'011s", DecOct(strlen($p_filename)));
+        $v_mtime = sprintf("%011s", 0);
+        $v_typeflag = ($is_link ? 'K' : 'L');
         $v_linkname = '';
-
-        $v_magic = '';
-
-        $v_version = '';
-
+        $v_magic = 'ustar ';
+        $v_version = ' ';
         $v_uname = '';
-
         $v_gname = '';
-
         $v_devmajor = '';
-
         $v_devminor = '';
-
         $v_prefix = '';
 
         $v_binary_data_first = pack(
             "a100a8a8a8a12a12",
             '././@LongLink',
-            0,
-            0,
-            0,
+            $v_perms,
+            $v_uid,
+            $v_gid,
             $v_size,
-            0
+            $v_mtime
         );
         $v_binary_data_last = pack(
             "a1a100a6a2a32a32a8a8a155a12",
@@ -1622,7 +1622,7 @@ public function _writeLongHeader($p_filename)
         $this->_writeBlock($v_binary_data_first, 148);
 
         // ----- Write the calculated checksum
-        $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+        $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
         $v_binary_data = pack("a8", $v_checksum);
         $this->_writeBlock($v_binary_data, 8);
 
@@ -1767,10 +1767,13 @@ private function _tarRecToSize($tar_size)
      */
     private function _maliciousFilename($file)
     {
-        if (strpos($file, '/../') !== false) {
+        if (strpos($file, 'phar://') === 0) {
             return true;
         }
-        if (strpos($file, '../') === 0) {
+        if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
+            return true;
+        }
+        if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
             return true;
         }
         return false;
@@ -1835,11 +1838,20 @@ private function _extractInString($p_filename)
                 continue;
             }
 
-            // ----- Look for long filename
-            if ($v_header['typeflag'] == 'L') {
-                if (!$this->_readLongHeader($v_header)) {
-                    return null;
-                }
+            switch ($v_header['typeflag']) {
+                case 'L': {
+                    if (!$this->_readLongHeader($v_header)) {
+                        return null;
+                    }
+                } break;
+
+                case 'K': {
+                    $v_link_header = $v_header;
+                    if (!$this->_readLongHeader($v_link_header)) {
+                        return null;
+                    }
+                    $v_header['link'] = $v_link_header['filename'];
+                } break;
             }
 
             if ($v_header['filename'] == $p_filename) {
@@ -1940,11 +1952,20 @@ public function _extractList(
                 continue;
             }
 
-            // ----- Look for long filename
-            if ($v_header['typeflag'] == 'L') {
-                if (!$this->_readLongHeader($v_header)) {
-                    return false;
-                }
+            switch ($v_header['typeflag']) {
+                case 'L': {
+                    if (!$this->_readLongHeader($v_header)) {
+                        return null;
+                    }
+                } break;
+
+                case 'K': {
+                    $v_link_header = $v_header;
+                    if (!$this->_readLongHeader($v_link_header)) {
+                        return null;
+                    }
+                    $v_header['link'] = $v_link_header['filename'];
+                } break;
             }
 
             // ignore extended / pax headers

diff --git a/pear/archive_tar/README.md b/pear/archive_tar/README.md
@@ -7,6 +7,7 @@ This package provides handling of tar files in PHP.
 It supports creating, listing, extracting and adding to tar files.
 Gzip support is available if PHP has the zlib extension built-in or
 loaded. Bz2 compression is also supported with the bz2 extension loaded.
+Also Lzma2 compressed archives are supported with xz extension.
 
 This package is hosted at http://pear.php.net/package/Archive_Tar
 

diff --git a/pear/archive_tar/composer.json b/pear/archive_tar/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "pear/archive_tar",
-    "description": "Tar file management class",
+    "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
     "type": "library",
     "keywords": [
         "archive",
@@ -28,8 +28,8 @@
     },
     "suggest": {
         "ext-zlib": "Gzip compression support.",
-        "ext-bz2": "bz2 compression support.",
-        "ext-xz": "lzma2 compression support."
+        "ext-bz2": "Bz2 compression support.",
+        "ext-xz": "Lzma2 compression support."
     },
     "autoload": {
         "psr-0": {
-Original file line number
+Diff line change
@@ Expand Up / @@ -279,7 +279,7 @@ public function isClassMapAuthoritative() @@
          */
         public function setApcuPrefix($apcuPrefix)
         {
-            $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
+            $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
         }
         /**
@@ Expand Down @@