public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Do not prohibit http for old provider URLs on .org in case they are used

pull/7904/head
Jordi Boggiano 2018-12-04 17:27:23 +01:00
parent b47330adf1
commit 137c32e72e
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Composer/Util/Http/CurlDownloader.php
View File

@ -114,8 +114,10 @@ class CurlDownloader
$originalOptions = $options; $originalOptions = $options;
// check URL can be accessed (i.e. is not insecure) // check URL can be accessed (i.e. is not insecure), but allow insecure Packagist calls to $hashed providers as file integrity is verified with sha256
$this->config->prohibitUrlByConfig($url, $this->io); if (!preg_match('{^http://(repo\.)?packagist\.org/p/}', $url) || (false === strpos($url, '$') && false === strpos($url, '%24'))) {
$this->config->prohibitUrlByConfig($url, $this->io);
}
$curlHandle = curl_init(); $curlHandle = curl_init();
$headerHandle = fopen('php://temp/maxmemory:32768', 'w+b'); $headerHandle = fopen('php://temp/maxmemory:32768', 'w+b');