public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Merge branch '2.3'

pull/10933/head
Jordi Boggiano 2022-07-01 12:15:30 +02:00
parent 1812862d5e 726669084b
commit 796d2bae08
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
6 changed files with 64 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGELOG.md
View File

@ -1,3 +1,13 @@
### [2.3.8] 2022-07-01
* Fixed support for `cache-read-only` where the filesystem is not writable (#10906)
* Fixed type error when using `allow-plugins: true` (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
* Fixed type errors (#10904, #10897)
### [2.3.7] 2022-06-06
* Fixed a few PHPStan ConfigReturnTypeExtension bugs
@ -94,6 +104,15 @@
* Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
* Performance improvement in pool optimization step (#10585)
### [2.2.15] 2022-07-01
* Fixed support for `cache-read-only` where the filesystem is not writable (#10906)
* Fixed type error when using `allow-plugins: true` (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
### [2.2.14] 2022-06-06
* Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
@ -1542,6 +1561,7 @@
* Initial release
[2.3.8]: https://github.com/composer/composer/compare/2.3.7...2.3.8
[2.3.7]: https://github.com/composer/composer/compare/2.3.6...2.3.7
[2.3.6]: https://github.com/composer/composer/compare/2.3.5...2.3.6
[2.3.5]: https://github.com/composer/composer/compare/2.3.4...2.3.5
@ -1552,6 +1572,7 @@
[2.3.0]: https://github.com/composer/composer/compare/2.3.0-RC2...2.3.0
[2.3.0-RC2]: https://github.com/composer/composer/compare/2.3.0-RC1...2.3.0-RC2
[2.3.0-RC1]: https://github.com/composer/composer/compare/2.2.9...2.3.0-RC1
[2.2.15]: https://github.com/composer/composer/compare/2.2.14...2.2.15
[2.2.14]: https://github.com/composer/composer/compare/2.2.13...2.2.14
[2.2.13]: https://github.com/composer/composer/compare/2.2.12...2.2.13
[2.2.12]: https://github.com/composer/composer/compare/2.2.11...2.2.12

3
doc/06-config.md
View File

@ -26,8 +26,7 @@ helper is available:
## allow-plugins
Defaults to `null` (allow all plugins implicitly) for backwards compatibility until July 2022.
At that point the default will become `{}` and plugins will not load anymore unless allowed.
Defaults to `{}` which does not allow any plugins to be loaded.
As of Composer 2.2.0, the `allow-plugins` option adds a layer of security
allowing you to restrict which Composer plugins are able to execute code during

15
src/Composer/Cache.php
View File

@ -98,10 +98,13 @@ class Cache
$this->enabled = true;
if (
(!is_dir($this->root) && !Silencer::call('mkdir', $this->root, 0777, true))
|| !is_writable($this->root)
!$this->readOnly
&& (
(!is_dir($this->root) && !Silencer::call('mkdir', $this->root, 0777, true))
|| !is_writable($this->root)
)
) {
$this->io->writeError('<warning>Cannot create cache directory ' . $this->root . ', or directory is not writable. Proceeding without cache</warning>');
$this->io->writeError('<warning>Cannot create cache directory ' . $this->root . ', or directory is not writable. Proceeding without cache. See also cache-read-only config if your filesystem is read-only.</warning>');
$this->enabled = false;
}
}
@ -262,7 +265,7 @@ class Cache
*/
public function remove(string $file)
{
if ($this->isEnabled()) {
if ($this->isEnabled() && !$this->readOnly) {
$file = Preg::replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) {
return $this->filesystem->unlink($this->root . $file);
@ -277,7 +280,7 @@ class Cache
*/
public function clear()
{
if ($this->isEnabled()) {
if ($this->isEnabled() && !$this->readOnly) {
$this->filesystem->emptyDirectory($this->root);
return true;
@ -311,7 +314,7 @@ class Cache
*/
public function gc(int $ttl, int $maxSize)
{
if ($this->isEnabled()) {
if ($this->isEnabled() && !$this->readOnly) {
$expire = new \DateTime();
$expire->modify('-'.$ttl.' seconds');

2
src/Composer/Command/InitCommand.php
View File

@ -343,7 +343,7 @@ EOT
return;
}
$value = $value ?: $author;
$author = $this->parseAuthorString($value);
$author = $this->parseAuthorString($value ?? '');
if ($author['email'] === null) {
return $author['name'];

9
src/Composer/Config.php
View File

@ -34,7 +34,7 @@ class Config
public static $defaultConfig = array(
'process-timeout' => 300,
'use-include-path' => false,
'allow-plugins' => null, // null for BC for now, will become array() after July 2022
'allow-plugins' => array(),
'use-parent-dir' => 'prompt',
'preferred-install' => 'dist',
'notify-on-install' => true,
@ -120,11 +120,6 @@ class Config
// load defaults
$this->config = static::$defaultConfig;
// TODO after July 2022 remove this and update the default value above in self::$defaultConfig + remove note from 06-config.md
if (strtotime('2022-07-01') < time()) {
$this->config['allow-plugins'] = array();
}
$this->repositories = static::$defaultRepositories;
$this->useEnvironment = (bool) $useEnvironment;
$this->baseDir = is_string($baseDir) && '' !== $baseDir ? $baseDir : null;
@ -186,7 +181,7 @@ class Config
if (in_array($key, array('bitbucket-oauth', 'github-oauth', 'gitlab-oauth', 'gitlab-token', 'http-basic', 'bearer'), true) && isset($this->config[$key])) {
$this->config[$key] = array_merge($this->config[$key], $val);
$this->setSourceOfConfigValue($val, $key, $source);
} elseif (in_array($key, array('allow-plugins'), true) && isset($this->config[$key]) && is_array($this->config[$key])) {
} elseif (in_array($key, array('allow-plugins'), true) && isset($this->config[$key]) && is_array($this->config[$key]) && is_array($val)) {
// merging $val first to get the local config on top of the global one, then appending the global config,
// then merging local one again to make sure the values from local win over global ones for keys present in both
$this->config[$key] = array_merge($val, $this->config[$key], $val);

30
tests/Composer/Test/ConfigTest.php
View File

@ -408,4 +408,34 @@ class ConfigTest extends TestCase
$this->assertCount(0, $value);
}
}
public function testMergesPluginConfig()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => array('some/plugin' => true))));
$this->assertEquals(array('some/plugin' => true), $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => array('another/plugin' => true))));
$this->assertEquals(array('some/plugin' => true, 'another/plugin' => true), $config->get('allow-plugins'));
}
public function testOverridesGlobalBooleanPluginsConfig()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => true)));
$this->assertEquals(true, $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => array('another/plugin' => true))));
$this->assertEquals(array('another/plugin' => true), $config->get('allow-plugins'));
}
public function testAllowsAllPluginsFromLocalBoolean()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => array('some/plugin' => true))));
$this->assertEquals(array('some/plugin' => true), $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => true)));
$this->assertEquals(true, $config->get('allow-plugins'));
}
}