1
0
Fork 0

Validate licenses correctly even when proprietary is combined with some other license, fixes #9144

pull/9170/head
Jordi Boggiano 2020-08-25 08:58:43 +02:00
parent 45246aca22
commit b847c4dc3a
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 20 additions and 18 deletions

View File

@ -111,25 +111,27 @@ class ValidatingArrayLoader implements LoaderInterface
if (is_array($this->config['license']) || is_string($this->config['license'])) {
$licenses = (array) $this->config['license'];
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
foreach ($licenses as $key => $license) {
if ('proprietary' === $license) {
unset($licenses[$key]);
}
}
$licenseValidator = new SpdxLicenses();
if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) {
$this->warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($this->config['license'])
);
} elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) {
$this->warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($this->config['license'])
);
foreach ($licenses as $license) {
// replace proprietary by MIT for validation purposes since it's not a valid SPDX identifier, but is accepted by composer
if ('proprietary' === $license) {
continue;
}
$licenseToValidate = str_replace('proprietary', 'MIT', $license);
if (!$licenseValidator->validate($licenseToValidate)) {
if ($licenseValidator->validate(trim($licenseToValidate))) {
$this->warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($license)
);
} else {
$this->warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($license)
);
}
}
}
}
}