upgrade to yii framework 1.1.18

see https://github.com/yiisoft/yii/blob/master/CHANGELOG

web/framework-1.1.17/vendors/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php

@@ -1,39 +0,0 @@
-<?php
-
-class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
-{
-
-    public $name = 'YouTube';
-
-    public function preFilter($html, $config, $context) {
-        $pre_regex = '#<object[^>]+>.+?'.
-            'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s';
-        $pre_replace = '<span class="youtube-embed">\1</span>';
-        return preg_replace($pre_regex, $pre_replace, $html);
-    }
-
-    public function postFilter($html, $config, $context) {
-        $post_regex = '#<span class="youtube-embed">((?:v|cp)/[A-Za-z0-9\-_=]+)</span>#';
-        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
-    }
-
-    protected function armorUrl($url) {
-        return str_replace('--', '-&#45;', $url);
-    }
-
-    protected function postFilterCallback($matches) {
-        $url = $this->armorUrl($matches[1]);
-        return '<object width="425" height="350" type="application/x-shockwave-flash" '.
-            'data="http://www.youtube.com/'.$url.'">'.
-            '<param name="movie" value="http://www.youtube.com/'.$url.'"></param>'.
-            '<!--[if IE]>'.
-            '<embed src="http://www.youtube.com/'.$url.'"'.
-            'type="application/x-shockwave-flash"'.
-            'wmode="transparent" width="425" height="350" />'.
-            '<![endif]-->'.
-            '</object>';
-
-    }
-}
-
-// vim: et sw=4 sts=4

web/framework/YiiBase.php

@@ -80,7 +80,7 @@ class YiiBase
 	 */
 	public static function getVersion()
 	{
-		return '1.1.17';
+		return '1.1.18';
 	}
 
 	/**
@@ -179,6 +179,7 @@ class YiiBase
 	 */
 	public static function createComponent($config)
 	{
+		$args = func_get_args();
 		if(is_string($config))
 		{
 			$type=$config;
@@ -197,7 +198,6 @@ class YiiBase
 
 		if(($n=func_num_args())>1)
 		{
-			$args=func_get_args();
 			if($n===2)
 				$object=new $type($args[1]);
 			elseif($n===3)

web/framework/base/CApplication.php

@@ -133,7 +133,7 @@ abstract class CApplication extends CModule
 	{
 		Yii::setApplication($this);
 
-		// set basePath at early as possible to avoid trouble
+		// set basePath as early as possible to avoid trouble
 		if(is_string($config))
 			$config=require($config);
 		if(isset($config['basePath']))
@@ -400,7 +400,7 @@ abstract class CApplication extends CModule
 	/**
 	 * Returns the locale instance.
 	 * @param string $localeID the locale ID (e.g. en_US). If null, the {@link getLanguage application language ID} will be used.
-	 * @return an instance of CLocale
+	 * @return CLocale an instance of CLocale
 	 */
 	public function getLocale($localeID=null)
 	{
@@ -572,7 +572,7 @@ abstract class CApplication extends CModule
 	public function createAbsoluteUrl($route,$params=array(),$schema='',$ampersand='&')
 	{
 		$url=$this->createUrl($route,$params,$ampersand);
-		if(strpos($url,'http')===0)
+		if(strpos($url,'http')===0 || strpos($url,'//')===0)
 			return $url;
 		else
 			return $this->getRequest()->getHostInfo($schema).$url;

web/framework/base/CComponent.php

@@ -609,8 +609,15 @@ class CComponent
 		if(is_string($_expression_))
 		{
 			extract($_data_);
+			try
+			{
 				return eval('return ' . $_expression_ . ';');
 			}
+			catch (ParseError $e)
+			{
+				return false;
+			}
+		}
 		else
 		{
 			$_data_[]=$this;

web/framework/base/CModule.php

@@ -71,7 +71,7 @@ abstract class CModule extends CComponent
 		$this->_id=$id;
 		$this->_parentModule=$parent;
 
-		// set basePath at early as possible to avoid trouble
+		// set basePath as early as possible to avoid trouble
 		if(is_string($config))
 			$config=require($config);
 		if(isset($config['basePath']))

web/framework/base/CSecurityManager.php

@@ -614,4 +614,35 @@ class CSecurityManager extends CApplicationComponent
 			$diff|=(ord($actual[$i])^ord($expected[$i%$expectedLength]));
 		return $diff===0;
 	}
+
+	/**
+	 * Masks a token to make it uncompressible.
+	 * Applies a random mask to the token and prepends the mask used to the result making the string always unique.
+	 * Used to mitigate BREACH attack by randomizing how token is outputted on each request.
+	 * @param string $token An unmasked token.
+	 * @return string A masked token.
+	 * @since 1.1.18
+	 */
+	public function maskToken($token)
+	{
+		// The number of bytes in a mask is always equal to the number of bytes in a token.
+		$mask=$this->generateRandomString($this->strlen($token));
+		return strtr(base64_encode($mask.($mask^$token)),'+/','-_');
+	}
+
+	/**
+	 * Unmasks a token previously masked by `maskToken`.
+	 * @param string $maskedToken A masked token.
+	 * @return string An unmasked token, or an empty string in case of token format is invalid.
+	 * @since 1.1.18
+	 */
+	public function unmaskToken($maskedToken)
+	{
+		$decoded=base64_decode(strtr($maskedToken,'-_','+/'));
+		$length=$this->strlen($decoded)/2;
+		// Check if the masked token has an even length.
+		if(!is_int($length))
+			return '';
+		return $this->substr($decoded,$length,$length)^$this->substr($decoded,0,$length);
+	}
 }

web/framework/base/CStatePersister.php

@@ -105,7 +105,8 @@ class CStatePersister extends CApplicationComponent implements IStatePersister
 	 * Loads content from file using a shared lock to avoid data corruption when reading
 	 * the file while it is being written by save()
 	 *
-	 * @return string file contents
+	 * @param string $filename file name
+	 * @return bool|string file contents
 	 * @since 1.1.17
 	 */
 	protected function getContent($filename)

web/framework/caching/CFileCache.php

@@ -130,7 +130,7 @@ class CFileCache extends CCache
 	{
 		$cacheFile=$this->getCacheFile($key);
 		if(($time=$this->filemtime($cacheFile))>time())
-			return @file_get_contents($cacheFile,false,null,$this->embedExpiry ? 10 : -1);
+			return @file_get_contents($cacheFile,false,null,$this->embedExpiry ? 10 : null);
 		elseif($time>0)
 			@unlink($cacheFile);
 		return false;

web/framework/caching/CRedisCache.php

@@ -95,8 +95,11 @@ class CRedisCache extends CCache
 			$this->executeCommand('SELECT',array($this->database));
 		}
 		else
+		{
+			$this->_socket = null;
 			throw new CException('Failed to connect to redis: '.$errorDescription,(int)$errorNumber);
 		}
+	}
 
 	/**
 	 * Executes a redis command.

web/framework/cli/commands/MessageCommand.php

@@ -147,7 +147,15 @@ EOD;
 				else
 					$category=substr($matches[$i][1],1,-1);
 				$message=$matches[$i][2];
-				$messages[$category][]=eval("return $message;");  // use eval to eliminate quote escape
+				try
+				{
+					$evalResult = eval("return $message;");  // use eval to eliminate quote escape
+				}
+				catch (ParseError $e)
+				{
+					$evalResult = false;
+				}
+				$messages[$category][] = $evalResult;
 			}
 		}
 		return $messages;

web/framework/cli/commands/ShellCommand.php

@@ -125,7 +125,18 @@ EOD;
 					$_command_->run($_args_);
 				}
 				else
-					echo eval($_line_.';');
+				{
+					try
+					{
+						$evalResult = eval($_line_ . ';');
+					}
+					catch (ParseError $e)
+					{
+						$evalResult = false;
+					}
+
+					echo $evalResult;
+				}
 			}
 			catch(Exception $e)
 			{