public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Fix bin proxies to use output buffering instead of the eval hack, as the __FILE__ and __DIR__ replacement is not safe when done in strings/nowdocs/..

pull/10231/head
Jordi Boggiano 2021-10-27 11:16:24 +02:00
parent 44a2aa9be4
commit e1dbd65aff
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Composer/Installer/BinaryInstaller.php
View File

@ -271,21 +271,27 @@ class BinaryInstaller
/** /**
* Proxy PHP file generated by Composer * Proxy PHP file generated by Composer
* *
* This file includes the referenced bin path ($binPath) using eval to remove the shebang if present * This file includes the referenced bin path ($binPath) using ob_start to remove the shebang if present
* to prevent the shebang from being output on PHP<8
* *
* @generated * @generated
*/ */
\$binPath = realpath(__DIR__ . "/" . $binPathExported); \$binPath = realpath(__DIR__ . "/" . $binPathExported);
if (PHP_VERSION_ID >= 80000) {
include \$binPath;
exit(0);
}
\$contents = file_get_contents(\$binPath); \$contents = file_get_contents(\$binPath);
\$contents = preg_replace('{^#!/.+\\r?\\n<\\?(php)?}', '', \$contents, 1, \$replaced); \$contents = preg_replace('{^#!/.+\\r?\\n<\\?(php)?}', '', \$contents, 1, \$replaced);
if (\$replaced) { if (\$replaced) {
\$contents = strtr(\$contents, array( ob_start(function (\$buffer, \$phase) {
'__FILE__' => var_export(\$binPath, true), return (PHP_OUTPUT_HANDLER_START & \$phase) && '#!' === substr(\$buffer, 0, 2) ? '' : \$buffer;
'__DIR__' => var_export(dirname(\$binPath), true), }, 1);
));
eval(\$contents); include \$binPath;
exit(0); exit(0);
} }
include \$binPath; include \$binPath;