Fix access_token param being incorrectly added on github requests after a redirection, fixes #5099

src/Composer/Util/RemoteFilesystem.php

@@ -233,7 +233,10 @@ class RemoteFilesystem
         $origFileUrl = $fileUrl;
 
         if (isset($options['github-token'])) {
+            // only add the access_token if it is actually a github URL (in case we were redirected to S3)
+            if (preg_match('{^https?://([a-z0-9-]+\.)*github\.com/}', $fileUrl)) {
                 $fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];
+            }
             unset($options['github-token']);
         }