Fix #1960 update guzzlehttp/guzzle to 6.5.7

2026-01-03 16:51:40 +09:00 · 2022-06-10 15:52:04 +09:00 · 2022-06-10 15:52:04 +09:00 · 2f964f7409
commit 2f964f7409
parent d4ffe761c5
8 changed files with 62 additions and 31 deletions
--- a/composer.lock
+++ b/composer.lock
@ -438,16 +438,16 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "6.5.6",
+            "version": "6.5.7",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "f092dd734083473658de3ee4bef093ed77d2689c"
+                "reference": "724562fa861e21a4071c652c8a159934e4f05592"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c",
-                "reference": "f092dd734083473658de3ee4bef093ed77d2689c",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
+                "reference": "724562fa861e21a4071c652c8a159934e4f05592",
                "shasum": ""
            },
            "require": {
@ -533,7 +533,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/6.5.6"
+                "source": "https://github.com/guzzle/guzzle/tree/6.5.7"
            },
            "funding": [
                {
@ -549,7 +549,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-05-25T13:19:12+00:00"
+            "time": "2022-06-09T21:36:50+00:00"
        },
        {
            "name": "guzzlehttp/promises",
--- a/vendor/composer/InstalledVersions.php
+++ b/vendor/composer/InstalledVersions.php
@ -29,7 +29,7 @@ private static $installed = array (
    'aliases' => 
    array (
    ),
-    'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729',
+    'reference' => 'd4ffe761c58924530ae083ba84e2daf5b709c2a6',
    'name' => 'rhymix/rhymix',
  ),
  'versions' => 
@ -99,12 +99,12 @@ private static $installed = array (
    ),
    'guzzlehttp/guzzle' => 
    array (
-      'pretty_version' => '6.5.6',
-      'version' => '6.5.6.0',
+      'pretty_version' => '6.5.7',
+      'version' => '6.5.7.0',
      'aliases' => 
      array (
      ),
-      'reference' => 'f092dd734083473658de3ee4bef093ed77d2689c',
+      'reference' => '724562fa861e21a4071c652c8a159934e4f05592',
    ),
    'guzzlehttp/promises' => 
    array (
@ -228,7 +228,7 @@ private static $installed = array (
      'aliases' => 
      array (
      ),
-      'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729',
+      'reference' => 'd4ffe761c58924530ae083ba84e2daf5b709c2a6',
    ),
    'rmccue/requests' => 
    array (
--- a/vendor/composer/autoload_files.php
+++ b/vendor/composer/autoload_files.php
@ -16,6 +16,6 @@ return array(
    'def43f6c87e4f8dfd0c9e1b1bab14fe8' => $vendorDir . '/symfony/polyfill-iconv/bootstrap.php',
    '8170285c807a9f24f165f37b15bc9a36' => $vendorDir . '/defuse/php-encryption/Crypto.php',
    '2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
-    '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
    '2c102faa651ef8ea5874edb585946bce' => $vendorDir . '/swiftmailer/swiftmailer/lib/swift_required.php',
+    '37a3dc5111fe8f707ab4c132ef1dbc62' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
 );
--- a/vendor/composer/autoload_static.php
+++ b/vendor/composer/autoload_static.php
@ -17,8 +17,8 @@ class ComposerStaticInit1e37ff09eb6590c7436f139ffd9070de
        'def43f6c87e4f8dfd0c9e1b1bab14fe8' => __DIR__ . '/..' . '/symfony/polyfill-iconv/bootstrap.php',
        '8170285c807a9f24f165f37b15bc9a36' => __DIR__ . '/..' . '/defuse/php-encryption/Crypto.php',
        '2cffec82183ee1cea088009cef9a6fc3' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
-        '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
        '2c102faa651ef8ea5874edb585946bce' => __DIR__ . '/..' . '/swiftmailer/swiftmailer/lib/swift_required.php',
+        '37a3dc5111fe8f707ab4c132ef1dbc62' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
    );

    public static $prefixLengthsPsr4 = array (
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@ -445,17 +445,17 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "6.5.6",
-            "version_normalized": "6.5.6.0",
+            "version": "6.5.7",
+            "version_normalized": "6.5.7.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "f092dd734083473658de3ee4bef093ed77d2689c"
+                "reference": "724562fa861e21a4071c652c8a159934e4f05592"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c",
-                "reference": "f092dd734083473658de3ee4bef093ed77d2689c",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
+                "reference": "724562fa861e21a4071c652c8a159934e4f05592",
                "shasum": ""
            },
            "require": {
@ -473,7 +473,7 @@
            "suggest": {
                "psr/log": "Required for using the Log middleware"
            },
-            "time": "2022-05-25T13:19:12+00:00",
+            "time": "2022-06-09T21:36:50+00:00",
            "type": "library",
            "extra": {
                "branch-alias": {
@ -543,7 +543,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/6.5.6"
+                "source": "https://github.com/guzzle/guzzle/tree/6.5.7"
            },
            "funding": [
                {
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@ -6,7 +6,7 @@
    'aliases' => 
    array (
    ),
-    'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729',
+    'reference' => 'd4ffe761c58924530ae083ba84e2daf5b709c2a6',
    'name' => 'rhymix/rhymix',
  ),
  'versions' => 
@ -76,12 +76,12 @@
    ),
    'guzzlehttp/guzzle' => 
    array (
-      'pretty_version' => '6.5.6',
-      'version' => '6.5.6.0',
+      'pretty_version' => '6.5.7',
+      'version' => '6.5.7.0',
      'aliases' => 
      array (
      ),
-      'reference' => 'f092dd734083473658de3ee4bef093ed77d2689c',
+      'reference' => '724562fa861e21a4071c652c8a159934e4f05592',
    ),
    'guzzlehttp/promises' => 
    array (
@ -205,7 +205,7 @@
      'aliases' => 
      array (
      ),
-      'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729',
+      'reference' => 'd4ffe761c58924530ae083ba84e2daf5b709c2a6',
    ),
    'rmccue/requests' => 
    array (
--- a/vendor/guzzlehttp/guzzle/CHANGELOG.md
+++ b/vendor/guzzlehttp/guzzle/CHANGELOG.md
@ -1,5 +1,10 @@
 # Change Log

+## 6.5.7 - 2022-06-09
+
+* Fix failure to strip Authorization header on HTTP downgrade
+* Fix failure to strip the Cookie header on change in host or HTTP downgrade
+
 ## 6.5.6 - 2022-05-25

 * Fix cross-domain cookie leakage
--- a/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
+++ b/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
@ -141,7 +141,7 @@ class RedirectMiddleware
    }

    /**
-     * Check for too many redirects
+     * Check for too many redirects.
     *
     * @return void
     *
@ -190,7 +190,7 @@ class RedirectMiddleware
            $modify['body'] = '';
        }

-        $uri = $this->redirectUri($request, $response, $protocols);
+        $uri = self::redirectUri($request, $response, $protocols);
        if (isset($options['idn_conversion']) && ($options['idn_conversion'] !== false)) {
            $idnOptions = ($options['idn_conversion'] === true) ? IDNA_DEFAULT : $options['idn_conversion'];
            $uri = Utils::idnUriConvert($uri, $idnOptions);
@ -210,16 +210,42 @@ class RedirectMiddleware
            $modify['remove_headers'][] = 'Referer';
        }

-        // Remove Authorization header if host is different.
-        if ($request->getUri()->getHost() !== $modify['uri']->getHost()) {
+        // Remove Authorization and Cookie headers if required.
+        if (self::shouldStripSensitiveHeaders($request->getUri(), $modify['uri'])) {
            $modify['remove_headers'][] = 'Authorization';
+            $modify['remove_headers'][] = 'Cookie';
        }

        return Psr7\modify_request($request, $modify);
    }

    /**
-     * Set the appropriate URL on the request based on the location header
+     * Determine if we should strip sensitive headers from the request.
+     *
+     * We return true if either of the following conditions are true:
+     *
+     * 1. the host is different;
+     * 2. the scheme has changed, and now is non-https.
+     *
+     * @return bool
+     */
+    private static function shouldStripSensitiveHeaders(
+        UriInterface $originalUri,
+        UriInterface $modifiedUri
+    ) {
+        if (strcasecmp($originalUri->getHost(), $modifiedUri->getHost()) !== 0) {
+            return true;
+        }
+
+        if ($originalUri->getScheme() !== $modifiedUri->getScheme() && 'https' !== $modifiedUri->getScheme()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Set the appropriate URL on the request based on the location header.
     *
     * @param RequestInterface  $request
     * @param ResponseInterface $response
@ -227,7 +253,7 @@ class RedirectMiddleware
     *
     * @return UriInterface
     */
-    private function redirectUri(
+    private static function redirectUri(
        RequestInterface $request,
        ResponseInterface $response,
        array $protocols