public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Fix secure-http check to avoid bypass using emojis

2.2
Jordi Boggiano 2024-06-10 14:48:02 +02:00
parent b93fc6ca43
commit 7a1e02d1a3
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Composer/Config.php
View File

@ -587,8 +587,8 @@ class Config
*/ */
public function prohibitUrlByConfig($url, IOInterface $io = null) public function prohibitUrlByConfig($url, IOInterface $io = null)
{ {
// Return right away if the URL is malformed or custom (see issue #5173) // Return right away if the URL is malformed or custom (see issue #5173), but only for non-HTTP(S) URLs
if (false === filter_var($url, FILTER_VALIDATE_URL)) { if (false === filter_var($url, FILTER_VALIDATE_URL) && !Preg::isMatch('{^https?://}', $url)) {
return; return;
} }

1
tests/Composer/Test/ConfigTest.php
View File

@ -298,6 +298,7 @@ class ConfigTest extends TestCase
'http://packagist.org', 'http://packagist.org',
'http://10.1.0.1/satis', 'http://10.1.0.1/satis',
'http://127.0.0.1/satis', 'http://127.0.0.1/satis',
'http://💛@example.org',
'svn://localhost/trunk', 'svn://localhost/trunk',
'svn://will.not.resolve/trunk', 'svn://will.not.resolve/trunk',
'svn://192.168.0.1/trunk', 'svn://192.168.0.1/trunk',