Headline
CVE-2022-31372: chore: update PHP integration to 7.28.1 · wiris/moodle-filter_wiris@037ce9c
Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.
@@ -1,10 +1,9 @@ <?php
class com_wiris_util_json_JSon extends com_wiris_util_json_StringParser { class com_wiris_util_json_JSon { public function __construct() { if(!php_Boot::$skip_constructor) { parent::__construct(); }} ; } public function newLine($depth, $sb) { $sb->add(“\x0D\x0A”); $i = null; @@ -21,195 +20,6 @@ public function newLine($depth, $sb) { public function setAddNewLines($addNewLines) { $this->addNewLines = $addNewLines; } public function decodeArray() { $v = new _hx_array(array()); $this->nextToken(); $this->skipBlanks(); if($this->c === 93) { $this->nextToken(); return $v; } while($this->c !== 93) { $o = $this->localDecode(); $v->push($o); $this->skipBlanks(); if($this->c === 44) { $this->nextToken(); $this->skipBlanks(); } else { if($this->c !== 93) { throw new HException(“Expected ‘,’ or ']'.”); } } unset($o); } $this->nextToken(); return $v; } public function decodeHash() { $h = new Hash(); $this->nextToken(); $this->skipBlanks(); if($this->c === 125) { $this->nextToken(); return $h; } while($this->c !== 125) { $key = $this->decodeString(); $this->skipBlanks(); if($this->c !== 58) { throw new HException(“Expected ':’.”); } $this->nextToken(); $this->skipBlanks(); $o = $this->localDecode(); $h->set($key, $o); $this->skipBlanks(); if($this->c === 44) { $this->nextToken(); $this->skipBlanks(); } else { if($this->c !== 125) { throw new HException("Expected ‘,’ or '}’. " . $this->getPositionRepresentation()); } } unset($o,$key); } $this->nextToken(); return $h; } public function decodeNumber() { $sb = new StringBuf(); $hex = false; $floating = false; do { $sb->add(com_wiris_util_json_JSon_0($this, $floating, $hex, $sb)); $this->nextToken(); if($this->c === 120) { $hex = true; $sb->add(com_wiris_util_json_JSon_1($this, $floating, $hex, $sb)); $this->nextToken(); } if($this->c === 46 || $this->c === 69 || $this->c === 101) { $floating = true; } } while($this->c >= 48 && $this->c <= 58 || $hex && $this->isHexDigit($this->c) || $floating && ($this->c === 46 || $this->c === 69 || $this->c === 101 || $this->c === 43 || $this->c === 45)); if($floating) { return Std::parseFloat($sb->b); } else { return Std::parseInt($sb->b); } } public function decodeString() { $sb = new StringBuf(); $d = $this->c; $this->nextToken(); while($this->c !== $d) { if($this->c === 92) { $this->nextToken(); if($this->c === 110) { $sb->add(“\x0A”); } else { if($this->c === 114) { $sb->add(“\x0D”); } else { if($this->c === 34) { $sb->add(“\"”); } else { if($this->c === 39) { $sb->add(“’”); } else { if($this->c === 116) { $sb->add(“\x09”); } else { if($this->c === 92) { $sb->add(“\\”); } else { if($this->c === 117) { $this->nextToken(); $code = com_wiris_util_json_JSon_2($this, $d, $sb); $this->nextToken(); $code .= com_wiris_util_json_JSon_3($this, $code, $d, $sb); $this->nextToken(); $code .= com_wiris_util_json_JSon_4($this, $code, $d, $sb); $this->nextToken(); $code .= com_wiris_util_json_JSon_5($this, $code, $d, $sb); $dec = Std::parseInt(“0x” . $code); $sb->add(com_wiris_util_json_JSon_6($this, $code, $d, $dec, $sb)); unset($dec,$code); } else { throw new HException(“Unknown scape sequence '\\” . com_wiris_util_json_JSon_7($this, $d, $sb) . “’”); } } } } } } } } else { $sb->add(com_wiris_util_json_JSon_8($this, $d, $sb)); } $this->nextToken(); } $this->nextToken(); return $sb->b; } public function decodeBooleanOrNull() { $sb = new StringBuf(); while(com_wiris_util_xml_WCharacterBase::isLetter($this->c)) { $sb->b .= chr($this->c); $this->nextToken(); } $word = $sb->b; if($word === “true”) { return true; } else { if($word === “false”) { return false; } else { if($word === “null”) { return null; } else { throw new HException(“Unrecognized keyword \"” . $word . “\".”); } } } } public function localDecode() { $this->skipBlanks(); if($this->c === 123) { return $this->decodeHash(); } else { if($this->c === 91) { return $this->decodeArray(); } else { if($this->c === 34) { return $this->decodeString(); } else { if($this->c === 39) { return $this->decodeString(); } else { if($this->c === 45 || $this->c >= 48 && $this->c <= 58) { return $this->decodeNumber(); } else { if($this->c === 116 || $this->c === 102 || $this->c === 110) { return $this->decodeBooleanOrNull(); } else { throw new HException("Unrecognized char " . _hx_string_rec($this->c, “”)); } } } } } } } public function localDecodeString($str) { $this->init($str); return $this->localDecode(); } public function encodeIntegerFormat($sb, $i) { $sb->add($i->toString()); } public function encodeLong($sb, $i) { $sb->add(“” . Std::string($i)); } @@ -361,17 +171,13 @@ public function encodeImpl($sb, $o) { if(Std::is($o, _hx_qtype(“haxe.Int64”))) { $this->encodeLong($sb, $o); } else { if(Std::is($o, _hx_qtype(“com.wiris.util.json.JSonIntegerFormat”))) { $this->encodeIntegerFormat($sb, $o); if(com_wiris_system_TypeTools::isBool($o)) { $this->encodeBoolean($sb, com_wiris_system_TypeTools::toBool($o)); } else { if(Std::is($o, _hx_qtype(“Bool”))) { $this->encodeBoolean($sb, $o); if(Std::is($o, _hx_qtype(“Float”))) { $this->encodeFloat($sb, $o); } else { if(Std::is($o, _hx_qtype(“Float”))) { $this->encodeFloat($sb, $o); } else { throw new HException("Impossible to convert to json object of type " . Std::string(Type::getClass($o))); } throw new HException("Impossible to convert to json object of type " . Std::string(Type::getClass($o))); } } } @@ -403,15 +209,19 @@ public function __call($m, $a) { else throw new HException(‘Unable to call «’.$m.’»’); } static function sb() { $»args = func_get_args(); return call_user_func_array(self::$sb, $»args); } static $sb; static function encode($o) { $js = new com_wiris_util_json_JSon(); return $js->encodeObject($o); } static function decode($str) { $json = new com_wiris_util_json_JSon(); return $json->localDecodeString($str); try { return com_wiris_util_json_parser_JsonParse::parse($str); }catch(Exception $»e) { $_ex_ = ($»e instanceof HException) ? $»e->e : $»e; if(($e = $_ex_) instanceof com_wiris_system_Exception){ throw new HException($e->getMessage()); } else throw $»e;; } } static function getDepth($o) { if(com_wiris_system_TypeTools::isHash($o)) { @@ -502,66 +312,3 @@ static function isJson($json) { } function __toString() { return 'com.wiris.util.json.JSon’; } } function com_wiris_util_json_JSon_0(&$»this, &$floating, &$hex, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_1(&$»this, &$floating, &$hex, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_2(&$»this, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_3(&$»this, &$code, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_4(&$»this, &$code, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_5(&$»this, &$code, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_6(&$»this, &$code, &$d, &$dec, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($dec); return $s->toString(); } } function com_wiris_util_json_JSon_7(&$»this, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } } function com_wiris_util_json_JSon_8(&$»this, &$d, &$sb) { { $s = new haxe_Utf8(null); $s->addChar($»this->c); return $s->toString(); } }