From b51142c72400b55673c7c9eae8303452f73e20c8 Mon Sep 17 00:00:00 2001 From: Hunter Perrin Date: Thu, 20 Jul 2017 14:55:07 -0700 Subject: [PATCH] Restrict using the Entity class from front end. --- composer.json | 2 +- composer.lock | 109 +++++++++++++++++++++++++------------------------- src/Nymph.php | 2 +- src/REST.php | 3 +- 4 files changed, 58 insertions(+), 58 deletions(-) diff --git a/composer.json b/composer.json index eab98c4..8a8baff 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "sciactive/nymph-server", "description": "Powerful object data storage and querying for collaborative web apps.", - "version": "1.5.4", + "version": "1.6.0", "time": "2017-06-18", "homepage": "http://nymph.io/", "type": "library", diff --git a/composer.lock b/composer.lock index 5847609..456c721 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "ebd6c505b21ee7bcbc726b9ca07a9f14", - "content-hash": "6b4c184ad178f1ea43a60f402c31970b", + "content-hash": "7dc725ea14a5c15336cf98734fde8baf", "packages": [ { "name": "sciactive/requirephp", @@ -51,7 +50,7 @@ "service location", "service locator" ], - "time": "2015-02-19 00:00:00" + "time": "2015-02-19T00:00:00+00:00" } ], "packages-dev": [ @@ -107,7 +106,7 @@ "constructor", "instantiate" ], - "time": "2015-06-14 21:17:01" + "time": "2015-06-14T21:17:01+00:00" }, { "name": "myclabs/deep-copy", @@ -149,7 +148,7 @@ "object", "object graph" ], - "time": "2017-04-12 18:52:22" + "time": "2017-04-12T18:52:22+00:00" }, { "name": "phar-io/manifest", @@ -204,7 +203,7 @@ } ], "description": "Component for reading phar.io manifest information from a PHP Archive (PHAR)", - "time": "2017-03-05 18:14:27" + "time": "2017-03-05T18:14:27+00:00" }, { "name": "phar-io/version", @@ -251,7 +250,7 @@ } ], "description": "Library for handling version information and constraints", - "time": "2017-03-05 17:38:23" + "time": "2017-03-05T17:38:23+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -305,26 +304,26 @@ "reflection", "static analysis" ], - "time": "2015-12-27 11:43:31" + "time": "2015-12-27T11:43:31+00:00" }, { "name": "phpdocumentor/reflection-docblock", - "version": "3.1.1", + "version": "3.2.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e" + "reference": "46f7e8bb075036c92695b15a1ddb6971c751e585" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/8331b5efe816ae05461b7ca1e721c01b46bafb3e", - "reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/46f7e8bb075036c92695b15a1ddb6971c751e585", + "reference": "46f7e8bb075036c92695b15a1ddb6971c751e585", "shasum": "" }, "require": { "php": ">=5.5", "phpdocumentor/reflection-common": "^1.0@dev", - "phpdocumentor/type-resolver": "^0.2.0", + "phpdocumentor/type-resolver": "^0.4.0", "webmozart/assert": "^1.0" }, "require-dev": { @@ -350,24 +349,24 @@ } ], "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", - "time": "2016-09-30 07:12:33" + "time": "2017-07-15T11:38:20+00:00" }, { "name": "phpdocumentor/type-resolver", - "version": "0.2.1", + "version": "0.4.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/TypeResolver.git", - "reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb" + "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb", - "reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/9c977708995954784726e25d0cd1dddf4e65b0f7", + "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7", "shasum": "" }, "require": { - "php": ">=5.5", + "php": "^5.5 || ^7.0", "phpdocumentor/reflection-common": "^1.0" }, "require-dev": { @@ -397,7 +396,7 @@ "email": "me@mikevanriel.com" } ], - "time": "2016-11-25 06:54:22" + "time": "2017-07-14T14:27:02+00:00" }, { "name": "phpspec/prophecy", @@ -460,7 +459,7 @@ "spy", "stub" ], - "time": "2017-03-02 20:05:34" + "time": "2017-03-02T20:05:34+00:00" }, { "name": "phpunit/php-code-coverage", @@ -524,7 +523,7 @@ "testing", "xunit" ], - "time": "2017-04-21 08:03:57" + "time": "2017-04-21T08:03:57+00:00" }, { "name": "phpunit/php-file-iterator", @@ -571,7 +570,7 @@ "filesystem", "iterator" ], - "time": "2016-10-03 07:40:28" + "time": "2016-10-03T07:40:28+00:00" }, { "name": "phpunit/php-text-template", @@ -612,7 +611,7 @@ "keywords": [ "template" ], - "time": "2015-06-21 13:50:34" + "time": "2015-06-21T13:50:34+00:00" }, { "name": "phpunit/php-timer", @@ -661,7 +660,7 @@ "keywords": [ "timer" ], - "time": "2017-02-26 11:10:40" + "time": "2017-02-26T11:10:40+00:00" }, { "name": "phpunit/php-token-stream", @@ -710,20 +709,20 @@ "keywords": [ "tokenizer" ], - "time": "2017-02-27 10:12:30" + "time": "2017-02-27T10:12:30+00:00" }, { "name": "phpunit/phpunit", - "version": "6.2.2", + "version": "6.2.3", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "f2786490399836d2a544a34785c4a8d3ab32cf0e" + "reference": "fa5711d0559fc4b64deba0702be52d41434cbcb7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f2786490399836d2a544a34785c4a8d3ab32cf0e", - "reference": "f2786490399836d2a544a34785c4a8d3ab32cf0e", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/fa5711d0559fc4b64deba0702be52d41434cbcb7", + "reference": "fa5711d0559fc4b64deba0702be52d41434cbcb7", "shasum": "" }, "require": { @@ -794,20 +793,20 @@ "testing", "xunit" ], - "time": "2017-06-13 14:07:07" + "time": "2017-07-03T15:54:24+00:00" }, { "name": "phpunit/phpunit-mock-objects", - "version": "4.0.1", + "version": "4.0.2", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git", - "reference": "eabce450df194817a7d7e27e19013569a903a2bf" + "reference": "d8833b396dce9162bb2eb5d59aee5a3ab3cfa5b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/eabce450df194817a7d7e27e19013569a903a2bf", - "reference": "eabce450df194817a7d7e27e19013569a903a2bf", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/d8833b396dce9162bb2eb5d59aee5a3ab3cfa5b4", + "reference": "d8833b396dce9162bb2eb5d59aee5a3ab3cfa5b4", "shasum": "" }, "require": { @@ -853,7 +852,7 @@ "mock", "xunit" ], - "time": "2017-03-03 06:30:20" + "time": "2017-06-30T08:15:21+00:00" }, { "name": "sciactive/hookphp", @@ -903,7 +902,7 @@ "interception", "method hooking" ], - "time": "2017-06-17 00:00:00" + "time": "2017-06-17T00:00:00+00:00" }, { "name": "sebastian/code-unit-reverse-lookup", @@ -948,7 +947,7 @@ ], "description": "Looks up which function or method a line of code belongs to", "homepage": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/", - "time": "2017-03-04 06:30:41" + "time": "2017-03-04T06:30:41+00:00" }, { "name": "sebastian/comparator", @@ -1012,7 +1011,7 @@ "compare", "equality" ], - "time": "2017-03-03 06:26:08" + "time": "2017-03-03T06:26:08+00:00" }, { "name": "sebastian/diff", @@ -1064,20 +1063,20 @@ "keywords": [ "diff" ], - "time": "2017-05-22 07:24:03" + "time": "2017-05-22T07:24:03+00:00" }, { "name": "sebastian/environment", - "version": "3.0.3", + "version": "3.1.0", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/environment.git", - "reference": "02b6b2c7aefe2cdb1185b8dbf8718b0bcedf3ab3" + "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/02b6b2c7aefe2cdb1185b8dbf8718b0bcedf3ab3", - "reference": "02b6b2c7aefe2cdb1185b8dbf8718b0bcedf3ab3", + "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/cd0871b3975fb7fc44d11314fd1ee20925fce4f5", + "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5", "shasum": "" }, "require": { @@ -1089,7 +1088,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "3.0.x-dev" + "dev-master": "3.1.x-dev" } }, "autoload": { @@ -1114,7 +1113,7 @@ "environment", "hhvm" ], - "time": "2017-05-18 10:10:00" + "time": "2017-07-01T08:51:00+00:00" }, { "name": "sebastian/exporter", @@ -1181,7 +1180,7 @@ "export", "exporter" ], - "time": "2017-04-03 13:19:02" + "time": "2017-04-03T13:19:02+00:00" }, { "name": "sebastian/global-state", @@ -1232,7 +1231,7 @@ "keywords": [ "global state" ], - "time": "2017-04-27 15:39:26" + "time": "2017-04-27T15:39:26+00:00" }, { "name": "sebastian/object-enumerator", @@ -1279,7 +1278,7 @@ ], "description": "Traverses array structures and object graphs to enumerate all referenced objects", "homepage": "https://github.com/sebastianbergmann/object-enumerator/", - "time": "2017-03-12 15:17:29" + "time": "2017-03-12T15:17:29+00:00" }, { "name": "sebastian/object-reflector", @@ -1324,7 +1323,7 @@ ], "description": "Allows reflection of object attributes, including inherited and non-public ones", "homepage": "https://github.com/sebastianbergmann/object-reflector/", - "time": "2017-03-29 09:07:27" + "time": "2017-03-29T09:07:27+00:00" }, { "name": "sebastian/recursion-context", @@ -1377,7 +1376,7 @@ ], "description": "Provides functionality to recursively process PHP variables", "homepage": "http://www.github.com/sebastianbergmann/recursion-context", - "time": "2017-03-03 06:23:57" + "time": "2017-03-03T06:23:57+00:00" }, { "name": "sebastian/resource-operations", @@ -1419,7 +1418,7 @@ ], "description": "Provides a list of PHP built-in functions that operate on resources", "homepage": "https://www.github.com/sebastianbergmann/resource-operations", - "time": "2015-07-28 20:34:47" + "time": "2015-07-28T20:34:47+00:00" }, { "name": "sebastian/version", @@ -1462,7 +1461,7 @@ ], "description": "Library that helps with managing the version number of Git-hosted PHP projects", "homepage": "https://github.com/sebastianbergmann/version", - "time": "2016-10-03 07:35:21" + "time": "2016-10-03T07:35:21+00:00" }, { "name": "theseer/tokenizer", @@ -1502,7 +1501,7 @@ } ], "description": "A small library for converting tokenized PHP source code into XML and potentially other formats", - "time": "2017-04-07 12:08:54" + "time": "2017-04-07T12:08:54+00:00" }, { "name": "webmozart/assert", @@ -1552,7 +1551,7 @@ "check", "validate" ], - "time": "2016-11-23 20:04:58" + "time": "2016-11-23T20:04:58+00:00" } ], "aliases": [], diff --git a/src/Nymph.php b/src/Nymph.php index 01cc384..c4fd0d7 100644 --- a/src/Nymph.php +++ b/src/Nymph.php @@ -26,7 +26,7 @@ * @link http://nymph.io/ */ class Nymph { - const VERSION = '1.5.4'; + const VERSION = '1.6.0'; public static function __callStatic($name, $args) { return call_user_func_array(array(RequirePHP::_('Nymph'), $name), $args); diff --git a/src/REST.php b/src/REST.php index 411d91e..c694a05 100644 --- a/src/REST.php +++ b/src/REST.php @@ -366,7 +366,8 @@ public static function translateSelector($selector) { } protected function loadEntity($entityData) { - if (!class_exists($entityData['class'])) { + if (!class_exists($entityData['class']) || $entityData['class'] === 'Entity') { + // Don't let clients use the `Entity` class, since it has no validity/AC checks. return false; } if ((int) $entityData['guid'] > 0) {