From 397fa05c5b41c4ddeec8fb3eac0f13717d959e4a Mon Sep 17 00:00:00 2001 From: "H. Westphal" Date: Sat, 14 Apr 2012 16:14:08 +0200 Subject: [PATCH] Validate the integrity of the downloaded phar before overwriting --- src/Composer/Command/SelfUpdateCommand.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Composer/Command/SelfUpdateCommand.php b/src/Composer/Command/SelfUpdateCommand.php index 721e44461..931c9ea17 100644 --- a/src/Composer/Command/SelfUpdateCommand.php +++ b/src/Composer/Command/SelfUpdateCommand.php @@ -48,8 +48,17 @@ EOT $remoteFilename = 'http://getcomposer.org/composer.phar'; $localFilename = $_SERVER['argv'][0]; + $tempFilename = $localFilename.'temp'; - $rfs->copy('getcomposer.org', $remoteFilename, $localFilename); + $rfs->copy('getcomposer.org', $remoteFilename, $tempFilename); + + try { + $phar = new \Phar($tempFilename); + rename($tempFilename, $localFilename); + } catch (\UnexpectedValueException $e) { + unlink($tempFilename); + $output->writeln("The download is corrupt. Please re-run the self-update command."); + } } else { $output->writeln("You are using the latest composer version."); }