public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Fix bin proxies to use output buffering instead of the eval hack, as the __FILE__ and __DIR__ replacement is not safe when done in strings/nowdocs/..

pull/10231/head
Jordi Boggiano 2021-10-27 11:16:24 +02:00
parent 44a2aa9be4
commit e1dbd65aff
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Composer/Installer/BinaryInstaller.php
View File

@ -271,21 +271,27 @@ class BinaryInstaller
/**
* Proxy PHP file generated by Composer
*
* This file includes the referenced bin path ($binPath) using eval to remove the shebang if present
* This file includes the referenced bin path ($binPath) using ob_start to remove the shebang if present
* to prevent the shebang from being output on PHP<8
*
* @generated
*/
\$binPath = realpath(__DIR__ . "/" . $binPathExported);
if (PHP_VERSION_ID >= 80000) {
include \$binPath;
exit(0);
}
\$contents = file_get_contents(\$binPath);
\$contents = preg_replace('{^#!/.+\\r?\\n<\\?(php)?}', '', \$contents, 1, \$replaced);
if (\$replaced) {
\$contents = strtr(\$contents, array(
'__FILE__' => var_export(\$binPath, true),
'__DIR__' => var_export(dirname(\$binPath), true),
));
ob_start(function (\$buffer, \$phase) {
return (PHP_OUTPUT_HANDLER_START & \$phase) && '#!' === substr(\$buffer, 0, 2) ? '' : \$buffer;
}, 1);
eval(\$contents);
include \$binPath;
exit(0);
}
include \$binPath;