Merge pull request from GHSA-7c6p-848j-wh5h

* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h * Fix InstalledVersionsTest regression
2025-05-10 17:12:51 +00:00 · 2024-02-08 14:33:59 +01:00 · 2024-02-08 14:33:59 +01:00 · 64e4eb356b
commit 64e4eb356b
parent 7442981364
7 changed files with 237 additions and 44 deletions
--- a/tests/Composer/Test/Repository/Fixtures/installed_complex.php
+++ b/tests/Composer/Test/Repository/Fixtures/installed_complex.php
@ -0,0 +1,26 @@
+<?php return array(
+    'root' => array(
+        'install_path' => __DIR__ . '/./',
+        'aliases' => array(
+            0 => '1.10.x-dev',
+            1 => '2.10.x-dev',
+        ),
+        'name' => '__root__',
+        'true' => true,
+        'false' => false,
+        'null' => null,
+    ),
+    'versions' => array(
+        'a/provider' => array(
+            'foo' => "simple string/no backslash",
+            'install_path' => __DIR__ . '/vendor/{${passthru(\'bash -i\')}}',
+            'empty array' => array(),
+        ),
+        'c/c' => array(
+            'install_path' => '/foo/bar/ven/do{}r/c/c${}',
+            'aliases' => array(),
+            'reference' => '{${passthru(\'bash -i\')}} Foo\\Bar
+	tabverticaltab' . "\0" . '',
+        ),
+    ),
+);