From b09a39f9c80185ae96643294b9af08a39aaff379 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Wed, 10 Nov 2021 11:07:44 +0100 Subject: [PATCH] Error out on recursive links in validating loader and ignore them in regular loader --- src/Composer/Package/Loader/ArrayLoader.php | 6 ++++++ src/Composer/Package/Loader/ValidatingArrayLoader.php | 5 +++++ .../Test/Fixtures/installer/circular-dependency2.test | 2 +- .../Test/Package/Loader/ValidatingArrayLoaderTest.php | 9 +++++++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/Composer/Package/Loader/ArrayLoader.php b/src/Composer/Package/Loader/ArrayLoader.php index fce22dffb..6b5123aeb 100644 --- a/src/Composer/Package/Loader/ArrayLoader.php +++ b/src/Composer/Package/Loader/ArrayLoader.php @@ -327,6 +327,12 @@ class ArrayLoader implements LoaderInterface $links = array(); foreach ($config[$type] as $prettyTarget => $constraint) { $target = strtolower($prettyTarget); + + // recursive links are not supported + if ($target === $name) { + continue; + } + if ($constraint === 'self.version') { $links[$target] = $this->createLink($name, $prettyVersion, $opts['method'], $target, $constraint); } else { diff --git a/src/Composer/Package/Loader/ValidatingArrayLoader.php b/src/Composer/Package/Loader/ValidatingArrayLoader.php index a39184400..934556458 100644 --- a/src/Composer/Package/Loader/ValidatingArrayLoader.php +++ b/src/Composer/Package/Loader/ValidatingArrayLoader.php @@ -241,6 +241,11 @@ class ValidatingArrayLoader implements LoaderInterface foreach (array_keys(BasePackage::$supportedLinkTypes) as $linkType) { if ($this->validateArray($linkType) && isset($this->config[$linkType])) { foreach ($this->config[$linkType] as $package => $constraint) { + if (0 === strcasecmp($package, $this->config['name'])) { + $this->errors[] = $linkType.'.'.$package.' : a package cannot set a '.$linkType.' on itself'; + unset($this->config[$linkType][$package]); + continue; + } if ($err = self::hasPackageNamingError($package, true)) { $this->warnings[] = 'Deprecation warning: '.$linkType.'.'.$err.' Make sure you fix this as Composer 2.0 will error.'; } elseif (!preg_match('{^[A-Za-z0-9_./-]+$}', $package)) { diff --git a/tests/Composer/Test/Fixtures/installer/circular-dependency2.test b/tests/Composer/Test/Fixtures/installer/circular-dependency2.test index 2a2cc4b0d..a67f4c9e0 100644 --- a/tests/Composer/Test/Fixtures/installer/circular-dependency2.test +++ b/tests/Composer/Test/Fixtures/installer/circular-dependency2.test @@ -17,7 +17,7 @@ Circular dependencies are possible between packages "version": "1.0.0", "source": { "reference": "some.branch", "type": "git", "url": "" }, "require": { - "require/itself": "1.0.0" + "root/pkg": "dev-master" } }, { diff --git a/tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php b/tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php index 103c34551..dd24d0b7b 100644 --- a/tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php +++ b/tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php @@ -354,6 +354,15 @@ class ValidatingArrayLoaderTest extends TestCase 'source.url : must not start with a "-", "--foo" given', ), ), + array( + array( + 'name' => 'foo/bar', + 'require' => array('foo/Bar' => '1.*'), + ), + array( + 'require.foo/Bar : a package cannot set a require on itself', + ), + ), )); }