1
0
Fork 0

Exempt custom URLs from secure-http checks, refs #5173

pull/5203/merge
Niels Keurentjes 2016-04-16 00:13:07 +02:00 committed by Jordi Boggiano
parent 9d2db57f65
commit d5158d943f
2 changed files with 7 additions and 10 deletions

View File

@ -407,19 +407,14 @@ class Config
*/
public function prohibitUrlByConfig($url)
{
if (!$this->get('secure-http')) {
// Return right away if check is disabled, or if the URL is malformed or custom (see issue #5173)
if (!$this->get('secure-http') || false === filter_var($url, FILTER_VALIDATE_URL)) {
return;
}
// Parse the URL into its separate parts
$parsed = parse_url($url);
if (false === $parsed || !isset($parsed['scheme'])) {
// If the URL is malformed or does not contain a usable scheme it's not going to work anyway
return;
}
// Throw exception on known insecure protocols
if (in_array($parsed['scheme'], array('http', 'git', 'ftp', 'svn'))) {
// Extract scheme and throw exception on known insecure protocols
$scheme = parse_url($url, PHP_URL_SCHEME);
if (in_array($scheme, array('http', 'git', 'ftp', 'svn'))) {
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
}

View File

@ -250,6 +250,8 @@ class ConfigTest extends \PHPUnit_Framework_TestCase
'\\myserver\myplace.git',
'file://myserver.localhost/mygit.git',
'file://example.org/mygit.git',
'git:Department/Repo.git',
'ssh://[user@]host.xz[:port]/path/to/repo.git/',
);
return array_combine($urls, array_map(function ($e) { return array($e); }, $urls));