From 3a03b51ae324af0c886edcc25e3313787bd3cf68 Mon Sep 17 00:00:00 2001
From: Derek Marcotte <derek.marcotte@experiencepoint.com>
Date: Mon, 25 Apr 2016 15:08:09 -0400
Subject: [PATCH] fix command injection from the environment when run as root

---
 src/Composer/Console/Application.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Composer/Console/Application.php b/src/Composer/Console/Application.php
index 720982012..2d583f4b5 100644
--- a/src/Composer/Console/Application.php
+++ b/src/Composer/Console/Application.php
@@ -146,7 +146,7 @@ class Application extends BaseApplication
                     if ($commandName !== 'self-update' && $commandName !== 'selfupdate') {
                         $io->writeError('<warning>Running composer as root/super user is highly discouraged as packages, plugins and scripts cannot always be trusted</warning>');
                     }
-                    if ($uid = getenv('SUDO_UID')) {
+                    if ($uid = (int) getenv('SUDO_UID')) {
                         // Silently clobber any sudo credentials on the invoking user to avoid privilege escalations later on
                         // ref. https://github.com/composer/composer/issues/5119
                         Silencer::call('exec', "sudo -u \\#{$uid} sudo -K > /dev/null 2>&1");