Fix CVE-2021-43808 issue in laravel/framework

Author: freescout-help-desk

composer.json

@@ -140,6 +140,9 @@
             "Illuminate\\Cache\\Console\\": "overrides/laravel/framework/src/Illuminate/Cache/Console/",
             "Dotenv\\": "overrides/vlucas/phpdotenv/src/",
             "Illuminate\\View\\": "overrides/laravel/framework/src/Illuminate/View/",
+            "Illuminate\\View\\Compilers\\": "overrides/laravel/framework/src/Illuminate/View/Compilers/",
+            "Illuminate\\View\\Compilers\\Concerns\\": "overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/",
+            "Illuminate\\View\\Concerns\\": "overrides/laravel/framework/src/Illuminate/View/Concerns/",
             "Symfony\\Component\\Routing\\": "overrides/symfony/routing/",
             "Symfony\\Component\\VarDumper\\Cloner\\": "overrides/symfony/var-dumper/Cloner/",
             "Symfony\\Component\\VarDumper\\Dumper\\": "overrides/symfony/var-dumper/Dumper/",
@@ -252,6 +255,9 @@
             "vendor/laravel/framework/src/Illuminate/Cache/Console/ClearCommand.php",
             "vendor/vlucas/phpdotenv/src/Loader.php",
             "vendor/laravel/framework/src/Illuminate/View/View.php",
+            "vendor/laravel/framework/src/Illuminate/View/Compilers/Compiler.php",
+            "vendor/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php",
+            "vendor/laravel/framework/src/Illuminate/View/Concerns/ManagesLayouts.php",
             "vendor/symfony/routing/Route.php",
             "vendor/symfony/routing/CompiledRoute.php",
             "vendor/symfony/var-dumper/Cloner/Data.php",

overrides/laravel/framework/src/Illuminate/View/Compilers/Compiler.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace Illuminate\View\Compilers;
+
+use InvalidArgumentException;
+use Illuminate\Filesystem\Filesystem;
+
+abstract class Compiler
+{
+    /**
+     * The Filesystem instance.
+     *
+     * @var \Illuminate\Filesystem\Filesystem
+     */
+    protected $files;
+
+    /**
+     * Get the cache path for the compiled views.
+     *
+     * @var string
+     */
+    protected $cachePath;
+
+    /**
+     * Create a new compiler instance.
+     *
+     * @param  \Illuminate\Filesystem\Filesystem  $files
+     * @param  string  $cachePath
+     * @return void
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct(Filesystem $files, $cachePath)
+    {
+        if (! $cachePath) {
+            throw new InvalidArgumentException('Please provide a valid cache path.');
+        }
+
+        $this->files = $files;
+        $this->cachePath = $cachePath;
+    }
+
+    /**
+     * Get the path to the compiled version of a view.
+     *
+     * @param  string  $path
+     * @return string
+     */
+    public function getCompiledPath($path)
+    {
+        return $this->cachePath.'/'.sha1('v2'.$path).'.php';
+    }
+
+    /**
+     * Determine if the view at the given path is expired.
+     *
+     * @param  string  $path
+     * @return bool
+     */
+    public function isExpired($path)
+    {
+        $compiled = $this->getCompiledPath($path);
+
+        // If the compiled file doesn't exist we will indicate that the view is expired
+        // so that it can be re-compiled. Else, we will verify the last modification
+        // of the views is less than the modification times of the compiled views.
+        if (! $this->files->exists($compiled)) {
+            return true;
+        }
+
+        return $this->files->lastModified($path) >=
+               $this->files->lastModified($compiled);
+    }
+}

overrides/laravel/framework/src/Illuminate/View/Compilers/Concerns/CompilesLayouts.php

@@ -0,0 +1,118 @@
+<?php
+
+namespace Illuminate\View\Compilers\Concerns;
+
+trait CompilesLayouts
+{
+    /**
+     * The name of the last section that was started.
+     *
+     * @var string
+     */
+    protected $lastSection;
+
+    /**
+     * Compile the extends statements into valid PHP.
+     *
+     * @param  string  $expression
+     * @return string
+     */
+    protected function compileExtends($expression)
+    {
+        $expression = $this->stripParentheses($expression);
+
+        $echo = "<?php echo \$__env->make({$expression}, array_except(get_defined_vars(), array('__data', '__path')))->render(); ?>";
+
+        $this->footer[] = $echo;
+
+        return '';
+    }
+
+    /**
+     * Compile the section statements into valid PHP.
+     *
+     * @param  string  $expression
+     * @return string
+     */
+    protected function compileSection($expression)
+    {
+        $this->lastSection = trim($expression, "()'\" ");
+
+        return "<?php \$__env->startSection{$expression}; ?>";
+    }
+
+    /**
+     * Replace the @parent directive to a placeholder.
+     *
+     * @return string
+     */
+    protected function compileParent()
+    {
+        //return ViewFactory::parentPlaceholder($this->lastSection ?: '');
+
+        $escapedLastSection = strtr($this->lastSection, ['\\' => '\\\\', "'" => "\\'"]);
+
+        return "<?php echo \Illuminate\View\Factory::parentPlaceholder('{$escapedLastSection}'); ?>";
+    }
+
+    /**
+     * Compile the yield statements into valid PHP.
+     *
+     * @param  string  $expression
+     * @return string
+     */
+    protected function compileYield($expression)
+    {
+        return "<?php echo \$__env->yieldContent{$expression}; ?>";
+    }
+
+    /**
+     * Compile the show statements into valid PHP.
+     *
+     * @return string
+     */
+    protected function compileShow()
+    {
+        return '<?php echo $__env->yieldSection(); ?>';
+    }
+
+    /**
+     * Compile the append statements into valid PHP.
+     *
+     * @return string
+     */
+    protected function compileAppend()
+    {
+        return '<?php $__env->appendSection(); ?>';
+    }
+
+    /**
+     * Compile the overwrite statements into valid PHP.
+     *
+     * @return string
+     */
+    protected function compileOverwrite()
+    {
+        return '<?php $__env->stopSection(true); ?>';
+    }
+
+    /**
+     * Compile the stop statements into valid PHP.
+     *
+     * @return string
+     */
+    protected function compileStop()
+    {
+        return '<?php $__env->stopSection(); ?>';
+    }
+
+    /**
+     * Compile the end-section statements into valid PHP.
+     *
+     * @return string
+     */
+    protected function compileEndsection()
+    {
+        return '<?php $__env->stopSection(); ?>';
+    }
+}