From c53729793b65c4971937da28d0a9c50a4e5e5dcf Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sun, 21 Oct 2012 18:01:53 +0200 Subject: [PATCH] Make sure the global config file is only readable by the owner --- src/Composer/Command/ConfigCommand.php | 1 + src/Composer/Config/JsonConfigSource.php | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/src/Composer/Command/ConfigCommand.php b/src/Composer/Command/ConfigCommand.php index bf1b8377b..acedf558a 100644 --- a/src/Composer/Command/ConfigCommand.php +++ b/src/Composer/Command/ConfigCommand.php @@ -110,6 +110,7 @@ EOT if ($input->getOption('global') && !$this->configFile->exists()) { touch($this->configFile->getPath()); $this->configFile->write(array('config' => new \ArrayObject)); + chmod($this->configFile->getPath(), 0600); } if (!$this->configFile->exists()) { diff --git a/src/Composer/Config/JsonConfigSource.php b/src/Composer/Config/JsonConfigSource.php index 4e116cc60..4293763b6 100644 --- a/src/Composer/Config/JsonConfigSource.php +++ b/src/Composer/Config/JsonConfigSource.php @@ -70,6 +70,8 @@ class JsonConfigSource implements ConfigSourceInterface } $manipulator = new JsonManipulator($contents); + $newFile = !$this->file->exists(); + // try to update cleanly if (call_user_func_array(array($manipulator, $method), $args)) { file_put_contents($this->file->getPath(), $manipulator->getContents()); @@ -80,5 +82,9 @@ class JsonConfigSource implements ConfigSourceInterface call_user_func_array($fallback, $args); $this->file->write($config); } + + if ($newFile) { + chmod($this->file->getPath(), 0600); + } } }