Merge branch '1.0'

src/Composer/Config.php

@@ -407,19 +407,14 @@ class Config
      */
     public function prohibitUrlByConfig($url)
     {
-        if (!$this->get('secure-http')) {
+        // Return right away if check is disabled, or if the URL is malformed or custom (see issue #5173)
+        if (!$this->get('secure-http') || false === filter_var($url, FILTER_VALIDATE_URL)) {
             return;
         }
 
-        // Parse the URL into its separate parts
+        // Extract scheme and throw exception on known insecure protocols
-        $parsed = parse_url($url);
+        $scheme = parse_url($url, PHP_URL_SCHEME);
-        if (false === $parsed || !isset($parsed['scheme'])) {
+        if (in_array($scheme, array('http', 'git', 'ftp', 'svn'))) {
-            // If the URL is malformed or does not contain a usable scheme it's not going to work anyway
-            return;
-        }
-
-        // Throw exception on known insecure protocols
-        if (in_array($parsed['scheme'], array('http', 'git', 'ftp', 'svn'))) {
             throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
         }
     }

tests/Composer/Test/ConfigTest.php

@@ -250,6 +250,8 @@ class ConfigTest extends \PHPUnit_Framework_TestCase
             '\\myserver\myplace.git',
             'file://myserver.localhost/mygit.git',
             'file://example.org/mygit.git',
+            'git:Department/Repo.git',
+            'ssh://[user@]host.xz[:port]/path/to/repo.git/',
         );
 
         return array_combine($urls, array_map(function ($e) { return array($e); }, $urls));