public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Merge pull request #7971 from johnstevenson/safe-junctions 

Only use junctions if they can be safely removed
pull/7978/head
Jordi Boggiano 2019-02-12 11:20:39 +01:00 committed by GitHub
parent 603fe500f9 6212eadcb0
commit 4d26198dde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/Composer/Downloader/PathDownloader.php
View File

@ -82,6 +82,12 @@ class PathDownloader extends FileDownloader implements VcsCapableDownloaderInter
$allowedStrategies = array(self::STRATEGY_MIRROR); $allowedStrategies = array(self::STRATEGY_MIRROR);
} }
// Check we can use junctions safely if we are on Windows
if (Platform::isWindows() && self::STRATEGY_SYMLINK === $currentStrategy && !$this->safeJunctions()) {
$currentStrategy = self::STRATEGY_MIRROR;
$allowedStrategies = array(self::STRATEGY_MIRROR);
}
$fileSystem = new Filesystem(); $fileSystem = new Filesystem();
$this->filesystem->removeDirectory($path); $this->filesystem->removeDirectory($path);
@ -172,4 +178,28 @@ class PathDownloader extends FileDownloader implements VcsCapableDownloaderInter
return $packageVersion['commit']; return $packageVersion['commit'];
} }
} }
/**
* Returns true if junctions can be safely used on Windows
*
* A PHP bug makes junction detection fragile, leading to possible data loss
* when removing a package. See https://bugs.php.net/bug.php?id=77552
*
* For safety we require a minimum version of Windows 7, so we can call the
* system rmdir which can detect junctions and not delete target content.
*
* @return bool
*/
private function safeJunctions()
{
// Bug fixed in 7.3.3 and 7.2.16
if (PHP_VERSION_ID >= 70303 || (PHP_VERSION_ID >= 70216 && PHP_VERSION_ID < 70300)) {
return true;
}
// Windows 7 is version 6.1
return function_exists('proc_open') &&
(PHP_WINDOWS_VERSION_MAJOR > 6 ||
(PHP_WINDOWS_VERSION_MAJOR === 6 && PHP_WINDOWS_VERSION_MINOR >= 1));
}
} }

17
src/Composer/Util/Filesystem.php
View File

@ -650,12 +650,17 @@ class Filesystem
* *
* We test if the path is a directory and not an ordinary link, then check * We test if the path is a directory and not an ordinary link, then check
* that the mode value returned from lstat (which gives the status of the * that the mode value returned from lstat (which gives the status of the
* link itself) is not a directory. * link itself) is not a directory, by replicating the POSIX S_ISDIR test.
* *
* This relies on the fact that PHP does not set this value because there is * This logic works because PHP does not set the mode value for a junction,
* no universal file type flag for a junction or a mount point. However a * since there is no universal file type flag for it. Unfortunately an
* bug in PHP can cause a random value to be returned and this could result * uninitialized variable in PHP prior to 7.2.16 and 7.3.3 may cause a
* in a junction not being detected: https://bugs.php.net/bug.php?id=77552 * random value to be returned. See https://bugs.php.net/bug.php?id=77552
*
* If this random value passes the S_ISDIR test, then a junction will not be
* detected and a recursive delete operation could lead to loss of data in
* the target directory. Note that Windows rmdir can handle this situation
* and will only delete the junction (from Windows 7 onwards).
* *
* @param string $junction Path to check. * @param string $junction Path to check.
* @return bool * @return bool
@ -673,7 +678,7 @@ class Filesystem
clearstatcache(true, $junction); clearstatcache(true, $junction);
$stat = lstat($junction); $stat = lstat($junction);
// S_IFDIR is 0x4000, S_IFMT is the 0xF000 bitmask // S_ISDIR test (S_IFDIR is 0x4000, S_IFMT is 0xF000 bitmask)
return $stat ? 0x4000 !== ($stat['mode'] & 0xF000) : false; return $stat ? 0x4000 !== ($stat['mode'] & 0xF000) : false;
} }