public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Lock down include wrappers to avoid abuse from third parties (#11015)

pull/11043/head
Jordi Boggiano 2022-08-31 13:07:23 +03:00 committed by GitHub
parent c5932d810f
commit 39de9899a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 69 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/Composer/Autoload/AutoloadGenerator.php
View File

@ -1007,9 +1007,16 @@ REGISTER_LOADER;
if ($useIncludeFiles) { if ($useIncludeFiles) {
$file .= <<<INCLUDE_FILES $file .= <<<INCLUDE_FILES
\$includeFiles = \Composer\Autoload\ComposerStaticInit$suffix::\$files; \$filesToLoad = \Composer\Autoload\ComposerStaticInit$suffix::\$files;
foreach (\$includeFiles as \$fileIdentifier => \$file) { \$requireFile = static function (\$fileIdentifier, \$file) {
composerRequire$suffix(\$fileIdentifier, \$file); if (empty(\$GLOBALS['__composer_autoload_files'][\$fileIdentifier])) {
\$GLOBALS['__composer_autoload_files'][\$fileIdentifier] = true;
require \$file;
}
};
foreach (\$filesToLoad as \$fileIdentifier => \$file) {
(\$requireFile)(\$fileIdentifier, \$file);
} }
@ -1024,27 +1031,6 @@ METHOD_FOOTER;
$file .= $targetDirLoader; $file .= $targetDirLoader;
if ($useIncludeFiles) {
return $file . <<<FOOTER
}
/**
* @param string \$fileIdentifier
* @param string \$file
* @return void
*/
function composerRequire$suffix(\$fileIdentifier, \$file)
{
if (empty(\$GLOBALS['__composer_autoload_files'][\$fileIdentifier])) {
\$GLOBALS['__composer_autoload_files'][\$fileIdentifier] = true;
require \$file;
}
}
FOOTER;
}
return $file . <<<FOOTER return $file . <<<FOOTER
} }
@ -1109,9 +1095,10 @@ HEADER;
} }
foreach ((array) $loader as $prop => $value) { foreach ((array) $loader as $prop => $value) {
if ($value && 0 === strpos($prop, $prefix)) { if (!is_array($value) || \count($value) === 0 || !str_starts_with($prop, $prefix)) {
$maps[substr($prop, $prefixLen)] = $value; continue;
} }
$maps[substr($prop, $prefixLen)] = $value;
} }
foreach ($maps as $prop => $value) { foreach ($maps as $prop => $value) {

31
src/Composer/Autoload/ClassLoader.php
View File

@ -42,6 +42,9 @@ namespace Composer\Autoload;
*/ */
class ClassLoader class ClassLoader
{ {
/** @var \Closure(string):void */
private $includeFile;
/** @var ?string */ /** @var ?string */
private $vendorDir; private $vendorDir;
@ -106,6 +109,18 @@ class ClassLoader
public function __construct($vendorDir = null) public function __construct($vendorDir = null)
{ {
$this->vendorDir = $vendorDir; $this->vendorDir = $vendorDir;
/**
* Scope isolated include.
*
* Prevents access to $this/self from included files.
*
* @param string $file
* @return void
*/
$this->includeFile = static function($file) {
include $file;
};
} }
/** /**
@ -425,7 +440,7 @@ class ClassLoader
public function loadClass($class) public function loadClass($class)
{ {
if ($file = $this->findFile($class)) { if ($file = $this->findFile($class)) {
includeFile($file); ($this->includeFile)($file);
return true; return true;
} }
@ -556,17 +571,3 @@ class ClassLoader
return false; return false;
} }
} }
/**
* Scope isolated include.
*
* Prevents access to $this/self from included files.
*
* @param string $file
* @return void
* @private
*/
function includeFile($file)
{
include $file;
}

25
tests/Composer/Test/Autoload/Fixtures/autoload_real_files_by_dependency.php
View File

@ -31,25 +31,18 @@ class ComposerAutoloaderInitFilesAutoloadOrder
$loader->register(true); $loader->register(true);
$includeFiles = \Composer\Autoload\ComposerStaticInitFilesAutoloadOrder::$files; $filesToLoad = \Composer\Autoload\ComposerStaticInitFilesAutoloadOrder::$files;
foreach ($includeFiles as $fileIdentifier => $file) { $requireFile = static function ($fileIdentifier, $file) {
composerRequireFilesAutoloadOrder($fileIdentifier, $file);
}
return $loader;
}
}
/**
* @param string $fileIdentifier
* @param string $file
* @return void
*/
function composerRequireFilesAutoloadOrder($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file; require $file;
} }
};
foreach ($filesToLoad as $fileIdentifier => $file) {
($requireFile)($fileIdentifier, $file);
}
return $loader;
}
} }

25
tests/Composer/Test/Autoload/Fixtures/autoload_real_functions.php
View File

@ -31,25 +31,18 @@ class ComposerAutoloaderInitFilesAutoload
$loader->register(true); $loader->register(true);
$includeFiles = \Composer\Autoload\ComposerStaticInitFilesAutoload::$files; $filesToLoad = \Composer\Autoload\ComposerStaticInitFilesAutoload::$files;
foreach ($includeFiles as $fileIdentifier => $file) { $requireFile = static function ($fileIdentifier, $file) {
composerRequireFilesAutoload($fileIdentifier, $file);
}
return $loader;
}
}
/**
* @param string $fileIdentifier
* @param string $file
* @return void
*/
function composerRequireFilesAutoload($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file; require $file;
} }
};
foreach ($filesToLoad as $fileIdentifier => $file) {
($requireFile)($fileIdentifier, $file);
}
return $loader;
}
} }

25
tests/Composer/Test/Autoload/Fixtures/autoload_real_functions_with_include_paths.php
View File

@ -35,25 +35,18 @@ class ComposerAutoloaderInitFilesAutoload
$loader->register(true); $loader->register(true);
$includeFiles = \Composer\Autoload\ComposerStaticInitFilesAutoload::$files; $filesToLoad = \Composer\Autoload\ComposerStaticInitFilesAutoload::$files;
foreach ($includeFiles as $fileIdentifier => $file) { $requireFile = static function ($fileIdentifier, $file) {
composerRequireFilesAutoload($fileIdentifier, $file);
}
return $loader;
}
}
/**
* @param string $fileIdentifier
* @param string $file
* @return void
*/
function composerRequireFilesAutoload($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true; $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file; require $file;
} }
};
foreach ($filesToLoad as $fileIdentifier => $file) {
($requireFile)($fileIdentifier, $file);
}
return $loader;
}
} }

27
tests/Composer/Test/Autoload/Fixtures/autoload_real_target_dir.php
View File

@ -33,9 +33,16 @@ class ComposerAutoloaderInitTargetDir
$loader->register(true); $loader->register(true);
$includeFiles = \Composer\Autoload\ComposerStaticInitTargetDir::$files; $filesToLoad = \Composer\Autoload\ComposerStaticInitTargetDir::$files;
foreach ($includeFiles as $fileIdentifier => $file) { $requireFile = static function ($fileIdentifier, $file) {
composerRequireTargetDir($fileIdentifier, $file); if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file;
}
};
foreach ($filesToLoad as $fileIdentifier => $file) {
($requireFile)($fileIdentifier, $file);
} }
return $loader; return $loader;
@ -59,17 +66,3 @@ class ComposerAutoloaderInitTargetDir
} }
} }
} }
/**
* @param string $fileIdentifier
* @param string $file
* @return void
*/
function composerRequireTargetDir($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file;
}
}