1
0
Fork 0

Merge branch '1.10'

pull/10150/head
Jordi Boggiano 2021-10-05 09:43:00 +02:00
commit 18e24976c1
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
3 changed files with 9 additions and 3 deletions

View File

@ -328,6 +328,11 @@
* Fixed package ordering when autoloading and especially when loading plugins, to make sure dependencies are loaded before their dependents * Fixed package ordering when autoloading and especially when loading plugins, to make sure dependencies are loaded before their dependents
* Fixed suggest output being very spammy, it now is only one line long and shows more rarely * Fixed suggest output being very spammy, it now is only one line long and shows more rarely
* Fixed conflict rules like e.g. >=5 from matching dev-master, as it is not normalized to 9999999-dev internally anymore * Fixed conflict rules like e.g. >=5 from matching dev-master, as it is not normalized to 9999999-dev internally anymore
=======
### [1.10.23] 2021-10-05
* Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
>>>>>>> 1.10
### [1.10.22] 2021-04-27 ### [1.10.22] 2021-04-27
@ -1300,6 +1305,7 @@
[2.0.0-alpha3]: https://github.com/composer/composer/compare/2.0.0-alpha2...2.0.0-alpha3 [2.0.0-alpha3]: https://github.com/composer/composer/compare/2.0.0-alpha2...2.0.0-alpha3
[2.0.0-alpha2]: https://github.com/composer/composer/compare/2.0.0-alpha1...2.0.0-alpha2 [2.0.0-alpha2]: https://github.com/composer/composer/compare/2.0.0-alpha1...2.0.0-alpha2
[2.0.0-alpha1]: https://github.com/composer/composer/compare/1.10.7...2.0.0-alpha1 [2.0.0-alpha1]: https://github.com/composer/composer/compare/1.10.7...2.0.0-alpha1
[1.10.23]: https://github.com/composer/composer/compare/1.10.22...1.10.23
[1.10.22]: https://github.com/composer/composer/compare/1.10.21...1.10.22 [1.10.22]: https://github.com/composer/composer/compare/1.10.21...1.10.22
[1.10.21]: https://github.com/composer/composer/compare/1.10.20...1.10.21 [1.10.21]: https://github.com/composer/composer/compare/1.10.20...1.10.21
[1.10.20]: https://github.com/composer/composer/compare/1.10.19...1.10.20 [1.10.20]: https://github.com/composer/composer/compare/1.10.19...1.10.20

View File

@ -469,7 +469,7 @@ class ProcessExecutor
if ('\\' !== \DIRECTORY_SEPARATOR) { if ('\\' !== \DIRECTORY_SEPARATOR) {
return "'".str_replace("'", "'\\''", $argument)."'"; return "'".str_replace("'", "'\\''", $argument)."'";
} }
if (str_contains($argument, "\0")) { if (false !== strpos($argument, "\0")) {
$argument = str_replace("\0", '?', $argument); $argument = str_replace("\0", '?', $argument);
} }
if (!preg_match('/[\/()%!^"<>&|\s]/', $argument)) { if (!preg_match('/[\/()%!^"<>&|\s]/', $argument)) {
@ -477,7 +477,7 @@ class ProcessExecutor
} }
$argument = preg_replace('/(\\\\+)$/', '$1$1', $argument); $argument = preg_replace('/(\\\\+)$/', '$1$1', $argument);
return '"'.str_replace(['"', '^', '%', '!', "\n"], ['""', '"^^"', '"^%"', '"^!"', '!LF!'], $argument).'"'; return '"'.str_replace(array('"', '^', '%', '!', "\n"), array('""', '"^^"', '"^%"', '"^!"', '!LF!'), $argument).'"';
} }
/** /**

View File

@ -47,7 +47,7 @@ class SvnTest extends TestCase
return array( return array(
array('http://till:test@svn.example.org/', $this->getCmd(" --username 'till' --password 'test' ")), array('http://till:test@svn.example.org/', $this->getCmd(" --username 'till' --password 'test' ")),
array('http://svn.apache.org/', ''), array('http://svn.apache.org/', ''),
array('svn://johndoe@example.org', $this->getCmd(" --username 'johndoe' --password '' ")), array('svn://johndoe@example.org', $this->getCmd(" --username 'johndoe' --password \"\" ")),
); );
} }