From 9f58c3d6e3a1304d6297e6fc2269e518575954d7 Mon Sep 17 00:00:00 2001 From: msarca Date: Mon, 25 Apr 2016 21:55:23 +0300 Subject: [PATCH 1/3] Fixed a bug that prevented interactive authentication to work properly --- src/Composer/Repository/Vcs/GitLabDriver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Repository/Vcs/GitLabDriver.php b/src/Composer/Repository/Vcs/GitLabDriver.php index 8642c2d42..7e743b8a5 100644 --- a/src/Composer/Repository/Vcs/GitLabDriver.php +++ b/src/Composer/Repository/Vcs/GitLabDriver.php @@ -326,7 +326,7 @@ class GitLabDriver extends VcsDriver return $this->attemptCloneFallback(); } $this->io->writeError('Failed to download ' . $this->owner . '/' . $this->repository . ':' . $e->getMessage() . ''); - $gitLabUtil->authorizeOAuthInteractively($this->originUrl, 'Your credentials are required to fetch private repository metadata ('.$this->url.')'); + $gitLabUtil->authorizeOAuthInteractively($this->scheme, $this->originUrl, 'Your credentials are required to fetch private repository metadata ('.$this->url.')'); return parent::getContents($url); From 3a03b51ae324af0c886edcc25e3313787bd3cf68 Mon Sep 17 00:00:00 2001 From: Derek Marcotte Date: Mon, 25 Apr 2016 15:08:09 -0400 Subject: [PATCH 2/3] fix command injection from the environment when run as root --- src/Composer/Console/Application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php index 720982012..2d583f4b5 100644 --- a/src/Composer/Console/Application.php +++ b/src/Composer/Console/Application.php @@ -146,7 +146,7 @@ class Application extends BaseApplication if ($commandName !== 'self-update' && $commandName !== 'selfupdate') { $io->writeError('Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted'); } - if ($uid = getenv('SUDO_UID')) { + if ($uid = (int) getenv('SUDO_UID')) { // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on // ref. https://github.com/composer/composer/issues/5119 Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1"); From b93ea0e5407b5b09bd9527946c7ac9519fd81d60 Mon Sep 17 00:00:00 2001 From: Bilal Amarni Date: Wed, 27 Apr 2016 10:02:49 +0200 Subject: [PATCH 3/3] [doc] add a command helper for the global bin dir --- doc/03-cli.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/doc/03-cli.md b/doc/03-cli.md index 81c0b2938..4496d18f6 100644 --- a/doc/03-cli.md +++ b/doc/03-cli.md @@ -234,17 +234,21 @@ directory. This is merely a helper to manage a project stored in a central location that can hold CLI tools or Composer plugins that you want to have available everywhere. -This can be used to install CLI utilities globally and if you add -`$COMPOSER_HOME/vendor/bin` to your `$PATH` environment variable. Here is an -example: +This can be used to install CLI utilities globally. Here is an example: ```sh -php composer.phar global require fabpot/php-cs-fixer:dev-master +php composer.phar global require fabpot/php-cs-fixer ``` -Now the `php-cs-fixer` binary is available globally (assuming you adjusted -your PATH). If you wish to update the binary later on you can just run a -global update: +Now the `php-cs-fixer` binary is available globally. Just make sure your global +[vendor binaries](articles/vendor-binaries.md) directory is in your `$PATH` +environment variable, you can get its location with the following command : + +```sh +php composer.phar global config bin-dir --absolute +``` + +If you wish to update the binary later on you can just run a global update: ```sh php composer.phar global update