public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Allow Url::sanitize to escape URLs without scheme

pull/9324/head
Jordi Boggiano 2020-10-23 13:27:46 +02:00
parent 8feb83b22b
commit 8564dd8dac
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Composer/Util/Url.php
View File

@ -109,12 +109,12 @@ class Url
// e.g. https://api.github.com/repositories/9999999999?access_token=github_token // e.g. https://api.github.com/repositories/9999999999?access_token=github_token
$url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url); $url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url);
$url = preg_replace_callback('{://(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) { $url = preg_replace_callback('{(?P<prefix>://|^)(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) { if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) {
return '://***:***@'; return $m['prefix'].'***:***@';
} }
return '://'.$m['user'].':***@'; return $m['prefix'].$m['user'].':***@';
}, $url); }, $url);
return $url; return $url;

9
tests/Composer/Test/Util/UrlTest.php
View File

@ -70,6 +70,7 @@ class UrlTest extends TestCase
public static function sanitizeProvider() public static function sanitizeProvider()
{ {
return array( return array(
// with scheme
array('https://foo:***@example.org/', 'https://foo:bar@example.org/'), array('https://foo:***@example.org/', 'https://foo:bar@example.org/'),
array('https://foo@example.org/', 'https://foo@example.org/'), array('https://foo@example.org/', 'https://foo@example.org/'),
array('https://example.org/', 'https://example.org/'), array('https://example.org/', 'https://example.org/'),
@ -77,6 +78,14 @@ class UrlTest extends TestCase
array('https://foo:***@example.org:123/', 'https://foo:bar@example.org:123/'), array('https://foo:***@example.org:123/', 'https://foo:bar@example.org:123/'),
array('https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'), array('https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'),
array('https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'), array('https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'),
// without scheme
array('foo:***@example.org/', 'foo:bar@example.org/'),
array('foo@example.org/', 'foo@example.org/'),
array('example.org/', 'example.org/'),
array('***:***@example.org', '10a8f08e8d7b7b9:foo@example.org'),
array('foo:***@example.org:123/', 'foo:bar@example.org:123/'),
array('example.org/foo/bar?access_token=***', 'example.org/foo/bar?access_token=abcdef'),
array('example.org/foo/bar?foo=bar&access_token=***', 'example.org/foo/bar?foo=bar&access_token=abcdef'),
); );
} }
} }