1
0
Fork 0

Merge branch '2.3'

pull/10933/head
Jordi Boggiano 2022-07-01 12:15:30 +02:00
commit 796d2bae08
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
6 changed files with 64 additions and 16 deletions

View File

@ -1,3 +1,13 @@
### [2.3.8] 2022-07-01
* Fixed support for `cache-read-only` where the filesystem is not writable (#10906)
* Fixed type error when using `allow-plugins: true` (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
* Fixed type errors (#10904, #10897)
### [2.3.7] 2022-06-06 ### [2.3.7] 2022-06-06
* Fixed a few PHPStan ConfigReturnTypeExtension bugs * Fixed a few PHPStan ConfigReturnTypeExtension bugs
@ -94,6 +104,15 @@
* Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592) * Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
* Performance improvement in pool optimization step (#10585) * Performance improvement in pool optimization step (#10585)
### [2.2.15] 2022-07-01
* Fixed support for `cache-read-only` where the filesystem is not writable (#10906)
* Fixed type error when using `allow-plugins: true` (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
### [2.2.14] 2022-06-06 ### [2.2.14] 2022-06-06
* Fixed handling of broken symlinks when checking whether a package is still installed (#6708) * Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
@ -1542,6 +1561,7 @@
* Initial release * Initial release
[2.3.8]: https://github.com/composer/composer/compare/2.3.7...2.3.8
[2.3.7]: https://github.com/composer/composer/compare/2.3.6...2.3.7 [2.3.7]: https://github.com/composer/composer/compare/2.3.6...2.3.7
[2.3.6]: https://github.com/composer/composer/compare/2.3.5...2.3.6 [2.3.6]: https://github.com/composer/composer/compare/2.3.5...2.3.6
[2.3.5]: https://github.com/composer/composer/compare/2.3.4...2.3.5 [2.3.5]: https://github.com/composer/composer/compare/2.3.4...2.3.5
@ -1552,6 +1572,7 @@
[2.3.0]: https://github.com/composer/composer/compare/2.3.0-RC2...2.3.0 [2.3.0]: https://github.com/composer/composer/compare/2.3.0-RC2...2.3.0
[2.3.0-RC2]: https://github.com/composer/composer/compare/2.3.0-RC1...2.3.0-RC2 [2.3.0-RC2]: https://github.com/composer/composer/compare/2.3.0-RC1...2.3.0-RC2
[2.3.0-RC1]: https://github.com/composer/composer/compare/2.2.9...2.3.0-RC1 [2.3.0-RC1]: https://github.com/composer/composer/compare/2.2.9...2.3.0-RC1
[2.2.15]: https://github.com/composer/composer/compare/2.2.14...2.2.15
[2.2.14]: https://github.com/composer/composer/compare/2.2.13...2.2.14 [2.2.14]: https://github.com/composer/composer/compare/2.2.13...2.2.14
[2.2.13]: https://github.com/composer/composer/compare/2.2.12...2.2.13 [2.2.13]: https://github.com/composer/composer/compare/2.2.12...2.2.13
[2.2.12]: https://github.com/composer/composer/compare/2.2.11...2.2.12 [2.2.12]: https://github.com/composer/composer/compare/2.2.11...2.2.12

View File

@ -26,8 +26,7 @@ helper is available:
## allow-plugins ## allow-plugins
Defaults to `null` (allow all plugins implicitly) for backwards compatibility until July 2022. Defaults to `{}` which does not allow any plugins to be loaded.
At that point the default will become `{}` and plugins will not load anymore unless allowed.
As of Composer 2.2.0, the `allow-plugins` option adds a layer of security As of Composer 2.2.0, the `allow-plugins` option adds a layer of security
allowing you to restrict which Composer plugins are able to execute code during allowing you to restrict which Composer plugins are able to execute code during

View File

@ -98,10 +98,13 @@ class Cache
$this->enabled = true; $this->enabled = true;
if ( if (
(!is_dir($this->root) && !Silencer::call('mkdir', $this->root, 0777, true)) !$this->readOnly
|| !is_writable($this->root) && (
(!is_dir($this->root) && !Silencer::call('mkdir', $this->root, 0777, true))
|| !is_writable($this->root)
)
) { ) {
$this->io->writeError('<warning>Cannot create cache directory ' . $this->root . ', or directory is not writable. Proceeding without cache</warning>'); $this->io->writeError('<warning>Cannot create cache directory ' . $this->root . ', or directory is not writable. Proceeding without cache. See also cache-read-only config if your filesystem is read-only.</warning>');
$this->enabled = false; $this->enabled = false;
} }
} }
@ -262,7 +265,7 @@ class Cache
*/ */
public function remove(string $file) public function remove(string $file)
{ {
if ($this->isEnabled()) { if ($this->isEnabled() && !$this->readOnly) {
$file = Preg::replace('{[^'.$this->allowlist.']}i', '-', $file); $file = Preg::replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
return $this->filesystem->unlink($this->root . $file); return $this->filesystem->unlink($this->root . $file);
@ -277,7 +280,7 @@ class Cache
*/ */
public function clear() public function clear()
{ {
if ($this->isEnabled()) { if ($this->isEnabled() && !$this->readOnly) {
$this->filesystem->emptyDirectory($this->root); $this->filesystem->emptyDirectory($this->root);
return true; return true;
@ -311,7 +314,7 @@ class Cache
*/ */
public function gc(int $ttl, int $maxSize) public function gc(int $ttl, int $maxSize)
{ {
if ($this->isEnabled()) { if ($this->isEnabled() && !$this->readOnly) {
$expire = new \DateTime(); $expire = new \DateTime();
$expire->modify('-'.$ttl.' seconds'); $expire->modify('-'.$ttl.' seconds');

View File

@ -343,7 +343,7 @@ EOT
return; return;
} }
$value = $value ?: $author; $value = $value ?: $author;
$author = $this->parseAuthorString($value); $author = $this->parseAuthorString($value ?? '');
if ($author['email'] === null) { if ($author['email'] === null) {
return $author['name']; return $author['name'];

View File

@ -34,7 +34,7 @@ class Config
public static $defaultConfig = array( public static $defaultConfig = array(
'process-timeout' => 300, 'process-timeout' => 300,
'use-include-path' => false, 'use-include-path' => false,
'allow-plugins' => null, // null for BC for now, will become array() after July 2022 'allow-plugins' => array(),
'use-parent-dir' => 'prompt', 'use-parent-dir' => 'prompt',
'preferred-install' => 'dist', 'preferred-install' => 'dist',
'notify-on-install' => true, 'notify-on-install' => true,
@ -120,11 +120,6 @@ class Config
// load defaults // load defaults
$this->config = static::$defaultConfig; $this->config = static::$defaultConfig;
// TODO after July 2022 remove this and update the default value above in self::$defaultConfig + remove note from 06-config.md
if (strtotime('2022-07-01') < time()) {
$this->config['allow-plugins'] = array();
}
$this->repositories = static::$defaultRepositories; $this->repositories = static::$defaultRepositories;
$this->useEnvironment = (bool) $useEnvironment; $this->useEnvironment = (bool) $useEnvironment;
$this->baseDir = is_string($baseDir) && '' !== $baseDir ? $baseDir : null; $this->baseDir = is_string($baseDir) && '' !== $baseDir ? $baseDir : null;
@ -186,7 +181,7 @@ class Config
if (in_array($key, array('bitbucket-oauth', 'github-oauth', 'gitlab-oauth', 'gitlab-token', 'http-basic', 'bearer'), true) && isset($this->config[$key])) { if (in_array($key, array('bitbucket-oauth', 'github-oauth', 'gitlab-oauth', 'gitlab-token', 'http-basic', 'bearer'), true) && isset($this->config[$key])) {
$this->config[$key] = array_merge($this->config[$key], $val); $this->config[$key] = array_merge($this->config[$key], $val);
$this->setSourceOfConfigValue($val, $key, $source); $this->setSourceOfConfigValue($val, $key, $source);
} elseif (in_array($key, array('allow-plugins'), true) && isset($this->config[$key]) && is_array($this->config[$key])) { } elseif (in_array($key, array('allow-plugins'), true) && isset($this->config[$key]) && is_array($this->config[$key]) && is_array($val)) {
// merging $val first to get the local config on top of the global one, then appending the global config, // merging $val first to get the local config on top of the global one, then appending the global config,
// then merging local one again to make sure the values from local win over global ones for keys present in both // then merging local one again to make sure the values from local win over global ones for keys present in both
$this->config[$key] = array_merge($val, $this->config[$key], $val); $this->config[$key] = array_merge($val, $this->config[$key], $val);

View File

@ -408,4 +408,34 @@ class ConfigTest extends TestCase
$this->assertCount(0, $value); $this->assertCount(0, $value);
} }
} }
public function testMergesPluginConfig()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => array('some/plugin' => true))));
$this->assertEquals(array('some/plugin' => true), $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => array('another/plugin' => true))));
$this->assertEquals(array('some/plugin' => true, 'another/plugin' => true), $config->get('allow-plugins'));
}
public function testOverridesGlobalBooleanPluginsConfig()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => true)));
$this->assertEquals(true, $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => array('another/plugin' => true))));
$this->assertEquals(array('another/plugin' => true), $config->get('allow-plugins'));
}
public function testAllowsAllPluginsFromLocalBoolean()
{
$config = new Config(false);
$config->merge(array('config' => array('allow-plugins' => array('some/plugin' => true))));
$this->assertEquals(array('some/plugin' => true), $config->get('allow-plugins'));
$config->merge(array('config' => array('allow-plugins' => true)));
$this->assertEquals(true, $config->get('allow-plugins'));
}
} }