diff --git a/src/Composer/Command/CreateProjectCommand.php b/src/Composer/Command/CreateProjectCommand.php index 9e1502486..eb6c2b396 100644 --- a/src/Composer/Command/CreateProjectCommand.php +++ b/src/Composer/Command/CreateProjectCommand.php @@ -47,7 +47,8 @@ class CreateProjectCommand extends Command new InputArgument('version', InputArgument::OPTIONAL, 'Version, will defaults to latest'), new InputOption('prefer-source', null, InputOption::VALUE_NONE, 'Forces installation from package sources when possible, including VCS information.'), new InputOption('repository-url', null, InputOption::VALUE_REQUIRED, 'Pick a different repository url to look for the package.'), - new InputOption('dev', null, InputOption::VALUE_NONE, 'Whether to install dependencies for development.') + new InputOption('dev', null, InputOption::VALUE_NONE, 'Whether to install dependencies for development.'), + new InputOption('disable-custom-installers', null, InputOption::VALUE_NONE, 'Whether to disable custom installers.'), )) ->setHelp(<<create-project command creates a new project from a given @@ -79,11 +80,12 @@ EOT $input->getArgument('version'), $input->getOption('prefer-source'), $input->getOption('dev'), - $input->getOption('repository-url') + $input->getOption('repository-url'), + $input->getOption('disable-custom-installers') ); } - public function installProject(IOInterface $io, $packageName, $directory = null, $version = null, $preferSource = false, $installDevPackages = false, $repositoryUrl = null) + public function installProject(IOInterface $io, $packageName, $directory = null, $version = null, $preferSource = false, $installDevPackages = false, $repositoryUrl = null, $disableCustomInstallers = false) { $dm = $this->createDownloadManager($io); if ($preferSource) { @@ -120,6 +122,11 @@ EOT } $io->write('Installing ' . $package->getName() . ' (' . VersionParser::formatVersion($package, false) . ')', true); + + if ($disableCustomInstallers) { + $io->write('Custom installers have been disabled.'); + } + if (0 === strpos($package->getPrettyVersion(), 'dev-') && in_array($package->getSourceType(), array('git', 'hg'))) { $package->setSourceReference(substr($package->getPrettyVersion(), 4)); } @@ -138,10 +145,14 @@ EOT $composer = Factory::create($io); $installer = Installer::create($io, $composer); - $installer - ->setPreferSource($preferSource) - ->setDevMode($installDevPackages) - ->run(); + $installer->setPreferSource($preferSource) + ->setDevMode($installDevPackages); + + if ($disableCustomInstallers) { + $installer->disableCustomInstallers(); + } + + $installer->run(); } protected function createDownloadManager(IOInterface $io) diff --git a/src/Composer/Installer.php b/src/Composer/Installer.php index 8c0669511..a52055a67 100644 --- a/src/Composer/Installer.php +++ b/src/Composer/Installer.php @@ -722,4 +722,16 @@ class Installer return $this; } + + /** + * Disables custom installers. + * + * Call this if you want to ensure that third-party code never gets + * executed. The default is to automatically install, and execute + * custom third-party installers. + */ + public function disableCustomInstallers() + { + $this->installationManager->disableCustomInstallers(); + } } diff --git a/src/Composer/Installer/InstallationManager.php b/src/Composer/Installer/InstallationManager.php index 6ac4fca50..e013673f5 100644 --- a/src/Composer/Installer/InstallationManager.php +++ b/src/Composer/Installer/InstallationManager.php @@ -46,6 +46,24 @@ class InstallationManager $this->cache = array(); } + /** + * Disables custom installers. + * + * We prevent any custom installers from being instantiated by simply + * deactivating the installer for them. This ensure that no third-party + * code is ever executed. + */ + public function disableCustomInstallers() + { + foreach ($this->installers as $i => $installer) { + if ( ! $installer instanceof InstallerInstaller) { + continue; + } + + unset($this->installers[$i]); + } + } + /** * Returns installer for a specific package type. *