From 8564dd8daca9c4da9ff4393eb154a6fac464478f Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Fri, 23 Oct 2020 13:27:46 +0200
Subject: [PATCH] Allow Url::sanitize to escape URLs without scheme

---
 src/Composer/Util/Url.php            | 6 +++---
 tests/Composer/Test/Util/UrlTest.php | 9 +++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Composer/Util/Url.php b/src/Composer/Util/Url.php
index 2da171556..0dcc8319a 100644
--- a/src/Composer/Util/Url.php
+++ b/src/Composer/Util/Url.php
@@ -109,12 +109,12 @@ class Url
         // e.g. https://api.github.com/repositories/9999999999?access_token=github_token
         $url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url);
 
-        $url = preg_replace_callback('{://(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
+        $url = preg_replace_callback('{(?P<prefix>://|^)(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
             if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) {
-                return '://***:***@';
+                return $m['prefix'].'***:***@';
             }
 
-            return '://'.$m['user'].':***@';
+            return $m['prefix'].$m['user'].':***@';
         }, $url);
 
         return $url;
diff --git a/tests/Composer/Test/Util/UrlTest.php b/tests/Composer/Test/Util/UrlTest.php
index 8eb33f851..2e40ee03e 100644
--- a/tests/Composer/Test/Util/UrlTest.php
+++ b/tests/Composer/Test/Util/UrlTest.php
@@ -70,6 +70,7 @@ class UrlTest extends TestCase
     public static function sanitizeProvider()
     {
         return array(
+            // with scheme
             array('https://foo:***@example.org/', 'https://foo:bar@example.org/'),
             array('https://foo@example.org/', 'https://foo@example.org/'),
             array('https://example.org/', 'https://example.org/'),
@@ -77,6 +78,14 @@ class UrlTest extends TestCase
             array('https://foo:***@example.org:123/', 'https://foo:bar@example.org:123/'),
             array('https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'),
             array('https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'),
+            // without scheme
+            array('foo:***@example.org/', 'foo:bar@example.org/'),
+            array('foo@example.org/', 'foo@example.org/'),
+            array('example.org/', 'example.org/'),
+            array('***:***@example.org', '10a8f08e8d7b7b9:foo@example.org'),
+            array('foo:***@example.org:123/', 'foo:bar@example.org:123/'),
+            array('example.org/foo/bar?access_token=***', 'example.org/foo/bar?access_token=abcdef'),
+            array('example.org/foo/bar?foo=bar&access_token=***', 'example.org/foo/bar?foo=bar&access_token=abcdef'),
         );
     }
 }