diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01d9fb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ + +config_es.xml + +downloads/modules_check_list.json + +downloads/security_list_feed.xml diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..1ea75cf --- /dev/null +++ b/.htaccess @@ -0,0 +1,14 @@ +# Apache 2.2 + + + order allow,deny + deny from all + + +# Apache 2.4 + + + order allow,deny + deny from all + + diff --git a/LICENSE b/LICENSE index fbed336..5e4bd60 100644 --- a/LICENSE +++ b/LICENSE @@ -1,21 +1,47 @@ -MIT License - -Copyright (c) 2024 PrestaAlba - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +Academic Free License ("AFL") v. 3.0 + +This Academic Free License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following licensing notice adjacent to the copyright notice for the Original Work: + +Licensed under the Academic Free License version 3.0 + +1) Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following: + + a) to reproduce the Original Work in copies, either alone or as part of a collective work; + + b) to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work; + + c) to distribute or communicate copies of the Original Work and Derivative Works to the public, under any license of your choice that does not contradict the terms and conditions, including Licensor's reserved rights and remedies, in this Academic Free License; + + d) to perform the Original Work publicly; and + + e) to display the Original Work publicly. + +2) Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works. + +3) Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work. + +4) Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor's trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license. + +5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). + +6) Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. + +7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer. + +8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation. + +9) Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including "fair use" or "fair dealing"). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c). + +10) Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware. + +11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License. + +12) Attorneys' Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. + +13) Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. + +14) Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +15) Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. + +16) Modification of This License. This License is Copyright © 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Academic Free License" or "AFL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under " or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process. diff --git a/README.md b/README.md new file mode 100644 index 0000000..10e6b5e --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +[![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%205.6.1-8892BF.svg)](https://php.net/) +[![Minimum PrestaShop Compatibility](https://img.shields.io/badge/prestashop-%3E%3D%201.6-8892BF.svg)](https://doc.prestashop.com/pages/viewpage.action?pageId=54264853) +[![GitHub release](https://img.shields.io/github/v/release/prestaalba/fop_publishedvulnerabilityscan)](https://github.com/prestaalba/fop_publishedvulnerabilityscan/releases) + +# Friends of Presta Published Vulnerability Scan + +FOP Published Vulnerability Scan is a module for PrestaShop that scans your shop searching for any vulnerability published on the [FOP Security Advisories list](https://security.friendsofpresta.org/). + +## Install + +[Donwload a zip release](https://github.com/prestaalba/fop_publishedvulnerabilityscan/releases) and install it like any other module. + +## Use + +Go to the module configuration page in your PrestaShop backoffice. The module will do all the work by checking each of the modules in your shop against the published FOP Security Advisories list, then display a summary with the detected issues. To update the summary you just have to refresh the page. + +## Contribute + +Any contributions are very welcome :) + +## Verified compatibility + +| PrestaShop Version | Compatible | +| ------------------ | ---------- | +| 1.6.x | :interrobang: Not yet tested | +| 1.7.7.x | :heavy_check_mark: | +| 1.7.8.x | :heavy_check_mark: | +| 8.1.3.x | :heavy_check_mark: | + +## License + +This module is released under AFL license. diff --git a/classes/FopPvsTools.php b/classes/FopPvsTools.php new file mode 100644 index 0000000..8e8e989 --- /dev/null +++ b/classes/FopPvsTools.php @@ -0,0 +1,102 @@ + + * @copyright since 2009 Experto PrestaShop + * @license https://opensource.org/licenses/AFL-3.0 Academic Free License ("AFL") v. 3.0 + */ + +if (!defined('_PS_VERSION_')) { + exit; +} + +class FopPvsTools +{ + public static function processModulesCheckList($xml_security_list) + { + $modules_check_list = []; + + foreach ($xml_security_list as $entry) { + if ($entry->category['term'] == 'modules') { + $content = (string) $entry->content; + $matches = []; + if (!preg_match('/
  • Product<\/strong>:\s*([a-zA-Z0-9_-]+)<\/li>/U', $content, $matches) + || !isset($matches[1]) + ) { + continue; + } + $product = strtolower($matches[1]); + + if (preg_match('/
  • Impacted release<\/strong>: (<=|>=|<|>) ?(\d+\.\d+\.\d+) (&|and) (<=|>=|<|>) ?(\d+\.\d+\.\d+) .*<\/li>/U', $content, $matches)) { + if (count($matches) < 6) { + continue; + } else { + $min_operator = htmlspecialchars_decode($matches[1]); + $min_version = $matches[2]; + $max_operator = htmlspecialchars_decode($matches[4]); + $max_version = $matches[5]; + } + } elseif (preg_match('/
  • Impacted release<\/strong>: (<=|>=|<|>) ?(\d+\.\d+\.\d+).*<\/li>/U', $content, $matches)) { + if (count($matches) < 3) { + continue; + } else { + $min_operator = htmlspecialchars_decode($matches[1]); + $min_version = $matches[2]; + $max_operator = false; + $max_version = false; + } + } else { + $min_operator = false; + $min_version = false; + $max_operator = false; + $max_version = false; + } + + $modules_check_list[] = [ + 'module' => $product, + 'min_version' => [ + 'number' => $min_version, 'operator' => $min_operator, + ], + 'max_version' => [ + 'number' => $max_version, 'operator' => $max_operator, + ], + 'summary' => (string) $entry->summary, + 'url' => (string) $entry->id, + ]; + } + } + + return $modules_check_list; + } + + public static function getModulesIssueList($json_modules_check_list) + { + $modules_issues = []; + + $modules_on_disk_list = Module::getModulesOnDisk(); + $modules_list = []; + foreach ($modules_on_disk_list as $mod) { + $modules_list[$mod->name] = $mod->version; + } + + foreach ($json_modules_check_list as $module_check) { + if (isset($modules_list[$module_check->module])) { + if ((!$module_check->min_version->number || Tools::version_compare($modules_list[$module_check->module], $module_check->min_version->number, $module_check->min_version->operator)) + && (!$module_check->max_version->number || Tools::version_compare($modules_list[$module_check->module], $module_check->max_version->number, $module_check->max_version->operator)) + ) { + $modules_issues[] = $module_check; + } + } + } + + return $modules_issues; + } +} diff --git a/classes/index.php b/classes/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/classes/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..68ee4fd --- /dev/null +++ b/composer.json @@ -0,0 +1,29 @@ +{ + "name": "prestaalba/fop_publishedvulnerabilityscan", + "description": "Scans your shop searching for any vulnerability published on the FOP seecurity list.", + "authors": [ + { + "name": "Experto PrestaShop", + "homepage": "https://www.youtube.com/@ExpertoPrestaShop" + } + ], + "autoload": { + "classmap": [ + "classes" + ] + }, + "config": { + "prepend-autoloader": false, + "platform": { + "php": "5.6.1" + } + }, + "scripts": { + "post-update-cmd": [ + "@optimize-autoload -o --no-dev --ignore-platform-reqs" + ], + "optimize-autoload": "@composer dump-autoload -o --no-dev" + }, + "license": "AFL-3.0", + "type": "prestashop-module" +} \ No newline at end of file diff --git a/composer.lock b/composer.lock new file mode 100644 index 0000000..a59f900 --- /dev/null +++ b/composer.lock @@ -0,0 +1,21 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "a9d752e341e59459220365a4ec6063c5", + "packages": [], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "platform-overrides": { + "php": "5.6.1" + }, + "plugin-api-version": "2.6.0" +} diff --git a/downloads/.htaccess b/downloads/.htaccess new file mode 100644 index 0000000..1ea75cf --- /dev/null +++ b/downloads/.htaccess @@ -0,0 +1,14 @@ +# Apache 2.2 + + + order allow,deny + deny from all + + +# Apache 2.4 + + + order allow,deny + deny from all + + diff --git a/downloads/index.php b/downloads/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/downloads/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/fop_publishedvulnerabilityscan.php b/fop_publishedvulnerabilityscan.php new file mode 100644 index 0000000..4a2f854 --- /dev/null +++ b/fop_publishedvulnerabilityscan.php @@ -0,0 +1,158 @@ + + * @copyright since 2009 Experto PrestaShop + * @license https://opensource.org/licenses/AFL-3.0 Academic Free License ("AFL") v. 3.0 + */ + +if (!defined('_PS_VERSION_')) { + exit; +} + +require dirname(__FILE__) . '/vendor/autoload.php'; + +class Fop_PublishedVulnerabilityScan extends Module +{ + public function __construct() + { + $this->name = 'fop_publishedvulnerabilityscan'; + $this->tab = 'administration'; + $this->version = '1.0.0'; + $this->author = 'Experto PrestaShop'; + $this->need_instance = 1; + $this->bootstrap = true; + $this->multishop_context = Shop::CONTEXT_ALL; + + parent::__construct(); + + $this->displayName = $this->l('Friends Of Presta Published Vulnerability Scan'); + $this->description = $this->l('Scans your shop searching for any vulnerability published on the FOP security list.'); + + $this->ps_versions_compliancy = ['min' => '1.6', 'max' => _PS_VERSION_]; + } + + public function install() + { + $hooks = []; + if (version_compare(_PS_VERSION_, '1.7', '>=')) { + $hooks[] = 'actionAdminControllerSetMedia'; + } else { + $hooks[] = 'displayBackOfficeHeader'; + } + + return parent::install() && $this->registerHook($hooks); + } + + public function getContent() + { + $output = ''; + $file_path_security_list = $this->local_path . 'downloads/security_list_feed.xml'; + $file_path_modules_check_list = $this->local_path . 'downloads/modules_check_list.json'; + + if (!file_exists($file_path_security_list) + || Configuration::get('FOPPVS_LAST_LIST_DOWNLOAD') < strtotime('-24 hour') + ) { + if (Tools::copy('https://security.friendsofpresta.org/feed.xml', $file_path_security_list)) { + Configuration::updateValue('FOPPVS_LAST_LIST_DOWNLOAD', time()); + } else { + $output .= $this->displayError($this->l('Security list file cannot be downloaded.') . ' ' . $this->l('Try again later.')); + } + } + + if (file_exists($file_path_security_list)) { + if (!$xml = @simplexml_load_file($file_path_security_list)) { + @unlink($file_path_security_list); + $output .= $this->displayError($this->l('Security list data cannot be processed.') . ' ' . $this->l('Try again later.')); + } elseif (!file_exists($file_path_modules_check_list) + || Configuration::get('FOPPVS_LAST_LIST_PROCESSED') < strtotime($xml->updated) + ) { + if ($modules_check_list = FopPvsTools::processModulesCheckList($xml)) { + Configuration::updateValue('FOPPVS_LAST_LIST_PROCESSED', strtotime($xml->updated)); + file_put_contents($file_path_modules_check_list, json_encode($modules_check_list)); + + $output .= $this->displayConfirmation($this->l('New modules security list data processed.')); + } else { + @unlink($file_path_modules_check_list); + $output .= $this->displayError($this->l('Modules security list data cannot be processed.') . ' ' . $this->l('Try again later.')); + } + } + } + + if (!file_exists($file_path_modules_check_list)) { + $output .= $this->displayError($this->l('Security list data cannot be processed.') . ' ' . $this->l('Try again later.')); + } + + return $output . $this->renderForm(); + } + + public function renderForm() + { + $modules_issues = []; + $file_path_modules_check_list = $this->local_path . 'downloads/modules_check_list.json'; + if (file_exists($file_path_modules_check_list) + && $json_modules_check_list = @json_decode(Tools::file_get_contents($file_path_modules_check_list)) + ) { + $modules_issues = FopPvsTools::getModulesIssueList($json_modules_check_list); + } + $this->context->smarty->assign(['modules_issues' => $modules_issues]); + + $fields_form = [ + 'form' => [ + 'legend' => [ + 'title' => $this->l('Vulnerabilities'), + 'icon' => 'icon-exclamation', + ], + 'input' => [ + [ + 'type' => 'html', + 'html_content' => $this->context->smarty->fetch($this->local_path . 'views/templates/admin/modules_issues.tpl'), + 'name' => 'VULNERABILITIES_FOUND', + ], + ], + ], + ]; + + $helper = new HelperForm(); + $helper->show_toolbar = false; + $helper->table = $this->table; + $helper->default_form_language = (int) Configuration::get('PS_LANG_DEFAULT'); + $helper->allow_employee_form_lang = Configuration::get('PS_BO_ALLOW_EMPLOYEE_FORM_LANG') ? Configuration::get('PS_BO_ALLOW_EMPLOYEE_FORM_LANG') : 0; + $helper->identifier = $this->identifier; + $helper->currentIndex = $this->context->link->getAdminLink('AdminModules', false) . + '&configure=' . $this->name . + '&tab_module=' . $this->tab . + '&module_name=' . $this->name; + $helper->token = Tools::getAdminTokenLite('AdminModules'); + $helper->tpl_vars = [ + 'fields_value' => [], + 'languages' => $this->context->controller->getLanguages(), + 'id_language' => $this->context->language->id, + ]; + + return $helper->generateForm([$fields_form]); + } + + public function hookDisplayBackOfficeHeader() + { + return $this->hookActionAdminControllerSetMedia(); + } + + public function hookActionAdminControllerSetMedia() + { + $controller_name = $this->context->controller->controller_name; + + if ($controller_name == 'AdminModules' && Tools::getValue('configure') == $this->name) { + $this->context->controller->addCSS($this->_path . 'views/css/module_config.css'); + $this->context->controller->addJS($this->_path . 'views/js/module_config.js'); + } + } +} diff --git a/index.php b/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/logo.ico b/logo.ico new file mode 100644 index 0000000..6a0baeb Binary files /dev/null and b/logo.ico differ diff --git a/logo.png b/logo.png new file mode 100644 index 0000000..bd6ea63 Binary files /dev/null and b/logo.png differ diff --git a/translations/es.php b/translations/es.php new file mode 100644 index 0000000..2a7dc83 --- /dev/null +++ b/translations/es.php @@ -0,0 +1,16 @@ +fop_publishedvulnerabilityscan_d8bb75ba9f7fcdef6d59bfd4e6560cb7'] = 'Escaner de Vulnerabilidades Publicadas de Friends Of Presta'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_25f4344cc167a2a24c6d87df582b6828'] = 'Escanea su tienda en busca de cualquier vulnerabilidad publicada en la lista de seguridad FOP.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_ac21e5a9012757d66cc394b79064875e'] = 'El archivo con la lista de seguridad no pudo ser descargado.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_58e4666bfb017e07fe21b267f7a89632'] = 'Intente nuevamente mas tarde.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_7bd516279f352c5bfb9f3c770102012b'] = 'Los datos de la lista de seguridad no pudieron ser procesados.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_59c506267027d3c4e0881e218e9f3329'] = 'Nuevos datos procesados de la lista de seguridad de los módulos.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_e4281e4935944779c385cc8b06c7c032'] = 'Los datos de la lista de seguridad de los módulos no pudieron ser procesados.'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>fop_publishedvulnerabilityscan_535e2de9168013bbfc31965016086243'] = 'Vulnerabilidades'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>modules_issues_e55f75a29310d7b60f7ac1d390c8ae42'] = 'Módulo'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>modules_issues_abf8084353f219eec4e5e2783ab8536b'] = 'Resumen del problema'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>modules_issues_3ec365dd533ddb7ef3d1c111186ce872'] = 'Detalles'; +$_MODULE['<{fop_publishedvulnerabilityscan}prestashop>modules_issues_d879009e8b4be4c13b491d69c46f0024'] = 'No se encontraron problemas en su tienda según la lista de vulnerabilidades de seguridad publicada por Friend Of PrestaShop'; diff --git a/translations/index.php b/translations/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/translations/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/vendor/.htaccess b/vendor/.htaccess new file mode 100644 index 0000000..3de9e40 --- /dev/null +++ b/vendor/.htaccess @@ -0,0 +1,10 @@ +# Apache 2.2 + + Order deny,allow + Deny from all + + +# Apache 2.4 + + Require all denied + diff --git a/vendor/autoload.php b/vendor/autoload.php new file mode 100644 index 0000000..646d423 --- /dev/null +++ b/vendor/autoload.php @@ -0,0 +1,25 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer\Autoload; + +/** + * ClassLoader implements a PSR-0, PSR-4 and classmap class loader. + * + * $loader = new \Composer\Autoload\ClassLoader(); + * + * // register classes with namespaces + * $loader->add('Symfony\Component', __DIR__.'/component'); + * $loader->add('Symfony', __DIR__.'/framework'); + * + * // activate the autoloader + * $loader->register(); + * + * // to enable searching the include path (eg. for PEAR packages) + * $loader->setUseIncludePath(true); + * + * In this example, if you try to use a class in the Symfony\Component + * namespace or one of its children (Symfony\Component\Console for instance), + * the autoloader will first look for the class under the component/ + * directory, and it will then fallback to the framework/ directory if not + * found before giving up. + * + * This class is loosely based on the Symfony UniversalClassLoader. + * + * @author Fabien Potencier + * @author Jordi Boggiano + * @see https://www.php-fig.org/psr/psr-0/ + * @see https://www.php-fig.org/psr/psr-4/ + */ +class ClassLoader +{ + /** @var \Closure(string):void */ + private static $includeFile; + + /** @var string|null */ + private $vendorDir; + + // PSR-4 + /** + * @var array> + */ + private $prefixLengthsPsr4 = array(); + /** + * @var array> + */ + private $prefixDirsPsr4 = array(); + /** + * @var list + */ + private $fallbackDirsPsr4 = array(); + + // PSR-0 + /** + * List of PSR-0 prefixes + * + * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) + * + * @var array>> + */ + private $prefixesPsr0 = array(); + /** + * @var list + */ + private $fallbackDirsPsr0 = array(); + + /** @var bool */ + private $useIncludePath = false; + + /** + * @var array + */ + private $classMap = array(); + + /** @var bool */ + private $classMapAuthoritative = false; + + /** + * @var array + */ + private $missingClasses = array(); + + /** @var string|null */ + private $apcuPrefix; + + /** + * @var array + */ + private static $registeredLoaders = array(); + + /** + * @param string|null $vendorDir + */ + public function __construct($vendorDir = null) + { + $this->vendorDir = $vendorDir; + self::initializeIncludeClosure(); + } + + /** + * @return array> + */ + public function getPrefixes() + { + if (!empty($this->prefixesPsr0)) { + return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); + } + + return array(); + } + + /** + * @return array> + */ + public function getPrefixesPsr4() + { + return $this->prefixDirsPsr4; + } + + /** + * @return list + */ + public function getFallbackDirs() + { + return $this->fallbackDirsPsr0; + } + + /** + * @return list + */ + public function getFallbackDirsPsr4() + { + return $this->fallbackDirsPsr4; + } + + /** + * @return array Array of classname => path + */ + public function getClassMap() + { + return $this->classMap; + } + + /** + * @param array $classMap Class to filename map + * + * @return void + */ + public function addClassMap(array $classMap) + { + if ($this->classMap) { + $this->classMap = array_merge($this->classMap, $classMap); + } else { + $this->classMap = $classMap; + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, either + * appending or prepending to the ones previously set for this prefix. + * + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 root directories + * @param bool $prepend Whether to prepend the directories + * + * @return void + */ + public function add($prefix, $paths, $prepend = false) + { + $paths = (array) $paths; + if (!$prefix) { + if ($prepend) { + $this->fallbackDirsPsr0 = array_merge( + $paths, + $this->fallbackDirsPsr0 + ); + } else { + $this->fallbackDirsPsr0 = array_merge( + $this->fallbackDirsPsr0, + $paths + ); + } + + return; + } + + $first = $prefix[0]; + if (!isset($this->prefixesPsr0[$first][$prefix])) { + $this->prefixesPsr0[$first][$prefix] = $paths; + + return; + } + if ($prepend) { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $paths, + $this->prefixesPsr0[$first][$prefix] + ); + } else { + $this->prefixesPsr0[$first][$prefix] = array_merge( + $this->prefixesPsr0[$first][$prefix], + $paths + ); + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, either + * appending or prepending to the ones previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories + * @param bool $prepend Whether to prepend the directories + * + * @throws \InvalidArgumentException + * + * @return void + */ + public function addPsr4($prefix, $paths, $prepend = false) + { + $paths = (array) $paths; + if (!$prefix) { + // Register directories for the root namespace. + if ($prepend) { + $this->fallbackDirsPsr4 = array_merge( + $paths, + $this->fallbackDirsPsr4 + ); + } else { + $this->fallbackDirsPsr4 = array_merge( + $this->fallbackDirsPsr4, + $paths + ); + } + } elseif (!isset($this->prefixDirsPsr4[$prefix])) { + // Register directories for a new namespace. + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = $paths; + } elseif ($prepend) { + // Prepend directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $paths, + $this->prefixDirsPsr4[$prefix] + ); + } else { + // Append directories for an already registered namespace. + $this->prefixDirsPsr4[$prefix] = array_merge( + $this->prefixDirsPsr4[$prefix], + $paths + ); + } + } + + /** + * Registers a set of PSR-0 directories for a given prefix, + * replacing any others previously set for this prefix. + * + * @param string $prefix The prefix + * @param list|string $paths The PSR-0 base directories + * + * @return void + */ + public function set($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr0 = (array) $paths; + } else { + $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths; + } + } + + /** + * Registers a set of PSR-4 directories for a given namespace, + * replacing any others previously set for this namespace. + * + * @param string $prefix The prefix/namespace, with trailing '\\' + * @param list|string $paths The PSR-4 base directories + * + * @throws \InvalidArgumentException + * + * @return void + */ + public function setPsr4($prefix, $paths) + { + if (!$prefix) { + $this->fallbackDirsPsr4 = (array) $paths; + } else { + $length = strlen($prefix); + if ('\\' !== $prefix[$length - 1]) { + throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); + } + $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; + $this->prefixDirsPsr4[$prefix] = (array) $paths; + } + } + + /** + * Turns on searching the include path for class files. + * + * @param bool $useIncludePath + * + * @return void + */ + public function setUseIncludePath($useIncludePath) + { + $this->useIncludePath = $useIncludePath; + } + + /** + * Can be used to check if the autoloader uses the include path to check + * for classes. + * + * @return bool + */ + public function getUseIncludePath() + { + return $this->useIncludePath; + } + + /** + * Turns off searching the prefix and fallback directories for classes + * that have not been registered with the class map. + * + * @param bool $classMapAuthoritative + * + * @return void + */ + public function setClassMapAuthoritative($classMapAuthoritative) + { + $this->classMapAuthoritative = $classMapAuthoritative; + } + + /** + * Should class lookup fail if not found in the current class map? + * + * @return bool + */ + public function isClassMapAuthoritative() + { + return $this->classMapAuthoritative; + } + + /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + * + * @return void + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** + * Registers this instance as an autoloader. + * + * @param bool $prepend Whether to prepend the autoloader or not + * + * @return void + */ + public function register($prepend = false) + { + spl_autoload_register(array($this, 'loadClass'), true, $prepend); + + if (null === $this->vendorDir) { + return; + } + + if ($prepend) { + self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; + } else { + unset(self::$registeredLoaders[$this->vendorDir]); + self::$registeredLoaders[$this->vendorDir] = $this; + } + } + + /** + * Unregisters this instance as an autoloader. + * + * @return void + */ + public function unregister() + { + spl_autoload_unregister(array($this, 'loadClass')); + + if (null !== $this->vendorDir) { + unset(self::$registeredLoaders[$this->vendorDir]); + } + } + + /** + * Loads the given class or interface. + * + * @param string $class The name of the class + * @return true|null True if loaded, null otherwise + */ + public function loadClass($class) + { + if ($file = $this->findFile($class)) { + $includeFile = self::$includeFile; + $includeFile($file); + + return true; + } + + return null; + } + + /** + * Finds the path to the file where the class is defined. + * + * @param string $class The name of the class + * + * @return string|false The path if found, false otherwise + */ + public function findFile($class) + { + // class map lookup + if (isset($this->classMap[$class])) { + return $this->classMap[$class]; + } + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { + return false; + } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } + + $file = $this->findFileWithExtension($class, '.php'); + + // Search for Hack files if we are running on HHVM + if (false === $file && defined('HHVM_VERSION')) { + $file = $this->findFileWithExtension($class, '.hh'); + } + + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { + // Remember that this class does not exist. + $this->missingClasses[$class] = true; + } + + return $file; + } + + /** + * Returns the currently registered loaders keyed by their corresponding vendor directories. + * + * @return array + */ + public static function getRegisteredLoaders() + { + return self::$registeredLoaders; + } + + /** + * @param string $class + * @param string $ext + * @return string|false + */ + private function findFileWithExtension($class, $ext) + { + // PSR-4 lookup + $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext; + + $first = $class[0]; + if (isset($this->prefixLengthsPsr4[$first])) { + $subPath = $class; + while (false !== $lastPos = strrpos($subPath, '\\')) { + $subPath = substr($subPath, 0, $lastPos); + $search = $subPath . '\\'; + if (isset($this->prefixDirsPsr4[$search])) { + $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); + foreach ($this->prefixDirsPsr4[$search] as $dir) { + if (file_exists($file = $dir . $pathEnd)) { + return $file; + } + } + } + } + } + + // PSR-4 fallback dirs + foreach ($this->fallbackDirsPsr4 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) { + return $file; + } + } + + // PSR-0 lookup + if (false !== $pos = strrpos($class, '\\')) { + // namespaced class name + $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1) + . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR); + } else { + // PEAR-like class name + $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext; + } + + if (isset($this->prefixesPsr0[$first])) { + foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) { + if (0 === strpos($class, $prefix)) { + foreach ($dirs as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + } + } + } + + // PSR-0 fallback dirs + foreach ($this->fallbackDirsPsr0 as $dir) { + if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) { + return $file; + } + } + + // PSR-0 include paths. + if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { + return $file; + } + + return false; + } + + /** + * @return void + */ + private static function initializeIncludeClosure() + { + if (self::$includeFile !== null) { + return; + } + + /** + * Scope isolated include. + * + * Prevents access to $this/self from included files. + * + * @param string $file + * @return void + */ + self::$includeFile = \Closure::bind(static function($file) { + include $file; + }, null, null); + } +} diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php new file mode 100644 index 0000000..51e734a --- /dev/null +++ b/vendor/composer/InstalledVersions.php @@ -0,0 +1,359 @@ + + * Jordi Boggiano + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Composer; + +use Composer\Autoload\ClassLoader; +use Composer\Semver\VersionParser; + +/** + * This class is copied in every Composer installed project and available to all + * + * See also https://getcomposer.org/doc/07-runtime.md#installed-versions + * + * To require its presence, you can require `composer-runtime-api ^2.0` + * + * @final + */ +class InstalledVersions +{ + /** + * @var mixed[]|null + * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array}|array{}|null + */ + private static $installed; + + /** + * @var bool|null + */ + private static $canGetVendors; + + /** + * @var array[] + * @psalm-var array}> + */ + private static $installedByVendor = array(); + + /** + * Returns a list of all package names which are present, either by being installed, replaced or provided + * + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackages() + { + $packages = array(); + foreach (self::getInstalled() as $installed) { + $packages[] = array_keys($installed['versions']); + } + + if (1 === \count($packages)) { + return $packages[0]; + } + + return array_keys(array_flip(\call_user_func_array('array_merge', $packages))); + } + + /** + * Returns a list of all package names with a specific type e.g. 'library' + * + * @param string $type + * @return string[] + * @psalm-return list + */ + public static function getInstalledPackagesByType($type) + { + $packagesByType = array(); + + foreach (self::getInstalled() as $installed) { + foreach ($installed['versions'] as $name => $package) { + if (isset($package['type']) && $package['type'] === $type) { + $packagesByType[] = $name; + } + } + } + + return $packagesByType; + } + + /** + * Checks whether the given package is installed + * + * This also returns true if the package name is provided or replaced by another package + * + * @param string $packageName + * @param bool $includeDevRequirements + * @return bool + */ + public static function isInstalled($packageName, $includeDevRequirements = true) + { + foreach (self::getInstalled() as $installed) { + if (isset($installed['versions'][$packageName])) { + return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; + } + } + + return false; + } + + /** + * Checks whether the given package satisfies a version constraint + * + * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call: + * + * Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3') + * + * @param VersionParser $parser Install composer/semver to have access to this class and functionality + * @param string $packageName + * @param string|null $constraint A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package + * @return bool + */ + public static function satisfies(VersionParser $parser, $packageName, $constraint) + { + $constraint = $parser->parseConstraints((string) $constraint); + $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); + + return $provided->matches($constraint); + } + + /** + * Returns a version constraint representing all the range(s) which are installed for a given package + * + * It is easier to use this via isInstalled() with the $constraint argument if you need to check + * whether a given version of a package is installed, and not just whether it exists + * + * @param string $packageName + * @return string Version constraint usable with composer/semver + */ + public static function getVersionRanges($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + $ranges = array(); + if (isset($installed['versions'][$packageName]['pretty_version'])) { + $ranges[] = $installed['versions'][$packageName]['pretty_version']; + } + if (array_key_exists('aliases', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']); + } + if (array_key_exists('replaced', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']); + } + if (array_key_exists('provided', $installed['versions'][$packageName])) { + $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']); + } + + return implode(' || ', $ranges); + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['version'])) { + return null; + } + + return $installed['versions'][$packageName]['version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present + */ + public static function getPrettyVersion($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['pretty_version'])) { + return null; + } + + return $installed['versions'][$packageName]['pretty_version']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference + */ + public static function getReference($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + if (!isset($installed['versions'][$packageName]['reference'])) { + return null; + } + + return $installed['versions'][$packageName]['reference']; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @param string $packageName + * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path. + */ + public static function getInstallPath($packageName) + { + foreach (self::getInstalled() as $installed) { + if (!isset($installed['versions'][$packageName])) { + continue; + } + + return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null; + } + + throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed'); + } + + /** + * @return array + * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool} + */ + public static function getRootPackage() + { + $installed = self::getInstalled(); + + return $installed[0]['root']; + } + + /** + * Returns the raw installed.php data for custom implementations + * + * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. + * @return array[] + * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} + */ + public static function getRawData() + { + @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED); + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + self::$installed = include __DIR__ . '/installed.php'; + } else { + self::$installed = array(); + } + } + + return self::$installed; + } + + /** + * Returns the raw data of all installed.php which are currently loaded for custom implementations + * + * @return array[] + * @psalm-return list}> + */ + public static function getAllRawData() + { + return self::getInstalled(); + } + + /** + * Lets you reload the static array from another file + * + * This is only useful for complex integrations in which a project needs to use + * this class but then also needs to execute another project's autoloader in process, + * and wants to ensure both projects have access to their version of installed.php. + * + * A typical case would be PHPUnit, where it would need to make sure it reads all + * the data it needs from this class, then call reload() with + * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure + * the project in which it runs can then also use this class safely, without + * interference between PHPUnit's dependencies and the project's dependencies. + * + * @param array[] $data A vendor/composer/installed.php data set + * @return void + * + * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $data + */ + public static function reload($data) + { + self::$installed = $data; + self::$installedByVendor = array(); + } + + /** + * @return array[] + * @psalm-return list}> + */ + private static function getInstalled() + { + if (null === self::$canGetVendors) { + self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders'); + } + + $installed = array(); + + if (self::$canGetVendors) { + foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { + if (isset(self::$installedByVendor[$vendorDir])) { + $installed[] = self::$installedByVendor[$vendorDir]; + } elseif (is_file($vendorDir.'/composer/installed.php')) { + /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $required */ + $required = require $vendorDir.'/composer/installed.php'; + $installed[] = self::$installedByVendor[$vendorDir] = $required; + if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { + self::$installed = $installed[count($installed) - 1]; + } + } + } + } + + if (null === self::$installed) { + // only require the installed.php file if this file is loaded from its dumped location, + // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 + if (substr(__DIR__, -8, 1) !== 'C') { + /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array} $required */ + $required = require __DIR__ . '/installed.php'; + self::$installed = $required; + } else { + self::$installed = array(); + } + } + + if (self::$installed !== array()) { + $installed[] = self::$installed; + } + + return $installed; + } +} diff --git a/vendor/composer/LICENSE b/vendor/composer/LICENSE new file mode 100644 index 0000000..f27399a --- /dev/null +++ b/vendor/composer/LICENSE @@ -0,0 +1,21 @@ + +Copyright (c) Nils Adermann, Jordi Boggiano + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php new file mode 100644 index 0000000..2a1712a --- /dev/null +++ b/vendor/composer/autoload_classmap.php @@ -0,0 +1,11 @@ + $vendorDir . '/composer/InstalledVersions.php', + 'FopPvsTools' => $baseDir . '/classes/FopPvsTools.php', +); diff --git a/vendor/composer/autoload_namespaces.php b/vendor/composer/autoload_namespaces.php new file mode 100644 index 0000000..15a2ff3 --- /dev/null +++ b/vendor/composer/autoload_namespaces.php @@ -0,0 +1,9 @@ +register(false); + + return $loader; + } +} diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php new file mode 100644 index 0000000..13843d2 --- /dev/null +++ b/vendor/composer/autoload_static.php @@ -0,0 +1,21 @@ + __DIR__ . '/..' . '/composer/InstalledVersions.php', + 'FopPvsTools' => __DIR__ . '/../..' . '/classes/FopPvsTools.php', + ); + + public static function getInitializer(ClassLoader $loader) + { + return \Closure::bind(function () use ($loader) { + $loader->classMap = ComposerStaticInit3350d8dba8fb767e273a1b373fef1900::$classMap; + + }, null, ClassLoader::class); + } +} diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json new file mode 100644 index 0000000..87fda74 --- /dev/null +++ b/vendor/composer/installed.json @@ -0,0 +1,5 @@ +{ + "packages": [], + "dev": true, + "dev-package-names": [] +} diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php new file mode 100644 index 0000000..46ca285 --- /dev/null +++ b/vendor/composer/installed.php @@ -0,0 +1,23 @@ + array( + 'name' => 'prestaalba/fop_publishedvulnerabilityscan', + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => NULL, + 'type' => 'prestashop-module', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'dev' => true, + ), + 'versions' => array( + 'prestaalba/fop_publishedvulnerabilityscan' => array( + 'pretty_version' => '1.0.0+no-version-set', + 'version' => '1.0.0.0', + 'reference' => NULL, + 'type' => 'prestashop-module', + 'install_path' => __DIR__ . '/../../', + 'aliases' => array(), + 'dev_requirement' => false, + ), + ), +); diff --git a/views/index.php b/views/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/views/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/views/templates/admin/index.php b/views/templates/admin/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/views/templates/admin/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit; diff --git a/views/templates/admin/modules_issues.tpl b/views/templates/admin/modules_issues.tpl new file mode 100644 index 0000000..38c11a4 --- /dev/null +++ b/views/templates/admin/modules_issues.tpl @@ -0,0 +1,43 @@ +{** + * Friends Of Presta Published Vulnerability Scan + * + * NOTICE OF LICENSE + * + * This source file is subject to the Academic Free License (AFL 3.0) + * that is bundled with this package in the file docs/licenses/LICENSE.txt. + * It is also available through the world-wide-web at this URL: + * https://opensource.org/licenses/afl-3.0.php + * + * @author Experto PrestaShop + * @copyright since 2009 Experto PrestaShop + * @license https://opensource.org/licenses/AFL-3.0 Academic Free License ("AFL") v. 3.0 + *} + +{if count($modules_issues)} + + + + + + + + + + {foreach from=$modules_issues item=issue} + + + + + + {/foreach} + +
    {l s='Module' mod='fop_publishedvulnerabilityscan'}{l s='Issue summary' mod='fop_publishedvulnerabilityscan'}{l s='Details' mod='fop_publishedvulnerabilityscan'}
    {$issue->module|escape:'html':'UTF-8'}{$issue->summary|escape:'html':'UTF-8'} + + + +
    +{else} +

    + {l s='Not issues found on your shop according to Friend Of PrestaShop published security vulnerabilities list' mod='fop_publishedvulnerabilityscan'}: https://security.friendsofpresta.org/ +

    +{/if} \ No newline at end of file diff --git a/views/templates/index.php b/views/templates/index.php new file mode 100644 index 0000000..a28f0a4 --- /dev/null +++ b/views/templates/index.php @@ -0,0 +1,36 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); +header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + +header('Cache-Control: no-store, no-cache, must-revalidate'); +header('Cache-Control: post-check=0, pre-check=0', false); +header('Pragma: no-cache'); + +header('Location: ../'); + +exit;