Exempt custom URLs from secure-http checks, refs #5173
parent
9d2db57f65
commit
d5158d943f
|
@ -407,19 +407,14 @@ class Config
|
||||||
*/
|
*/
|
||||||
public function prohibitUrlByConfig($url)
|
public function prohibitUrlByConfig($url)
|
||||||
{
|
{
|
||||||
if (!$this->get('secure-http')) {
|
// Return right away if check is disabled, or if the URL is malformed or custom (see issue #5173)
|
||||||
|
if (!$this->get('secure-http') || false === filter_var($url, FILTER_VALIDATE_URL)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Parse the URL into its separate parts
|
// Extract scheme and throw exception on known insecure protocols
|
||||||
$parsed = parse_url($url);
|
$scheme = parse_url($url, PHP_URL_SCHEME);
|
||||||
if (false === $parsed || !isset($parsed['scheme'])) {
|
if (in_array($scheme, array('http', 'git', 'ftp', 'svn'))) {
|
||||||
// If the URL is malformed or does not contain a usable scheme it's not going to work anyway
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Throw exception on known insecure protocols
|
|
||||||
if (in_array($parsed['scheme'], array('http', 'git', 'ftp', 'svn'))) {
|
|
||||||
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
|
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -250,6 +250,8 @@ class ConfigTest extends \PHPUnit_Framework_TestCase
|
||||||
'\\myserver\myplace.git',
|
'\\myserver\myplace.git',
|
||||||
'file://myserver.localhost/mygit.git',
|
'file://myserver.localhost/mygit.git',
|
||||||
'file://example.org/mygit.git',
|
'file://example.org/mygit.git',
|
||||||
|
'git:Department/Repo.git',
|
||||||
|
'ssh://[user@]host.xz[:port]/path/to/repo.git/',
|
||||||
);
|
);
|
||||||
|
|
||||||
return array_combine($urls, array_map(function ($e) { return array($e); }, $urls));
|
return array_combine($urls, array_map(function ($e) { return array($e); }, $urls));
|
||||||
|
|
Loading…
Reference in New Issue