public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Merge remote-tracking branch 'frederikbosch/patch-1'

pull/3302/head
Jordi Boggiano 2014-09-24 19:17:30 +01:00
parent 91ac3e1426 d1d40502bf
commit e61e62908e
16 changed files with 67 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Composer/Command/HomeCommand.php
View File

@ -18,6 +18,7 @@ use Composer\Package\CompletePackageInterface;
use Composer\Package\Loader\InvalidPackageException; use Composer\Package\Loader\InvalidPackageException;
use Composer\Repository\CompositeRepository; use Composer\Repository\CompositeRepository;
use Composer\Repository\RepositoryInterface; use Composer\Repository\RepositoryInterface;
use Composer\Util\ProcessExecutor;
use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
@ -120,7 +121,7 @@ EOT
*/ */
private function openBrowser($url) private function openBrowser($url)
{ {
$url = escapeshellarg($url); $url = ProcessExecutor::escape($url);
if (defined('PHP_WINDOWS_VERSION_MAJOR')) { if (defined('PHP_WINDOWS_VERSION_MAJOR')) {
return passthru('start "web" explorer "' . $url . '"'); return passthru('start "web" explorer "' . $url . '"');

3
src/Composer/Command/InitCommand.php
View File

@ -20,6 +20,7 @@ use Composer\Package\Version\VersionSelector;
use Composer\Repository\CompositeRepository; use Composer\Repository\CompositeRepository;
use Composer\Repository\PlatformRepository; use Composer\Repository\PlatformRepository;
use Composer\Package\Version\VersionParser; use Composer\Package\Version\VersionParser;
use Composer\Util\ProcessExecutor;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Output\OutputInterface;
@ -438,7 +439,7 @@ EOT
$finder = new ExecutableFinder(); $finder = new ExecutableFinder();
$gitBin = $finder->find('git'); $gitBin = $finder->find('git');
$cmd = new Process(sprintf('%s config -l', escapeshellarg($gitBin))); $cmd = new Process(sprintf('%s config -l', ProcessExecutor::escape($gitBin)));
$cmd->run(); $cmd->run();
if ($cmd->isSuccessful()) { if ($cmd->isSuccessful()) {

24
src/Composer/Downloader/GitDownloader.php
View File

@ -48,7 +48,11 @@ class GitDownloader extends VcsDownloader
$this->io->write(" Cloning ".$ref); $this->io->write(" Cloning ".$ref);
$commandCallable = function ($url) use ($ref, $path, $command) { $commandCallable = function ($url) use ($ref, $path, $command) {
return sprintf($command, escapeshellarg($url), escapeshellarg($path), escapeshellarg($ref)); return sprintf(
$command,
ProcessExecutor::escape($url),
ProcessExecutor::escape($path),
ProcessExecutor::escape($ref));
}; };
$this->gitUtil->runCommand($commandCallable, $url, $path, true); $this->gitUtil->runCommand($commandCallable, $url, $path, true);
@ -78,7 +82,7 @@ class GitDownloader extends VcsDownloader
$command = 'git remote set-url composer %s && git fetch composer && git fetch --tags composer'; $command = 'git remote set-url composer %s && git fetch composer && git fetch --tags composer';
$commandCallable = function ($url) use ($command) { $commandCallable = function ($url) use ($command) {
return sprintf($command, escapeshellarg($url)); return sprintf($command, ProcessExecutor::escape ($url));
}; };
$this->gitUtil->runCommand($commandCallable, $url, $path); $this->gitUtil->runCommand($commandCallable, $url, $path);
@ -225,7 +229,7 @@ class GitDownloader extends VcsDownloader
&& $branches && $branches
&& preg_match('{^\s+composer/'.preg_quote($reference).'$}m', $branches) && preg_match('{^\s+composer/'.preg_quote($reference).'$}m', $branches)
) { ) {
$command = sprintf('git checkout -B %s %s && git reset --hard %2$s', escapeshellarg($branch), escapeshellarg('composer/'.$reference)); $command = sprintf('git checkout -B %s %s && git reset --hard %2$s', ProcessExecutor::escape($branch), ProcessExecutor::escape('composer/'.$reference));
if (0 === $this->process->execute($command, $output, $path)) { if (0 === $this->process->execute($command, $output, $path)) {
return; return;
} }
@ -238,19 +242,19 @@ class GitDownloader extends VcsDownloader
$branch = 'v' . $branch; $branch = 'v' . $branch;
} }
$command = sprintf('git checkout %s', escapeshellarg($branch)); $command = sprintf('git checkout %s', ProcessExecutor::escape($branch));
$fallbackCommand = sprintf('git checkout -B %s %s', escapeshellarg($branch), escapeshellarg('composer/'.$branch)); $fallbackCommand = sprintf('git checkout -B %s %s', ProcessExecutor::escape($branch), ProcessExecutor::escape('composer/'.$branch));
if (0 === $this->process->execute($command, $output, $path) if (0 === $this->process->execute($command, $output, $path)
|| 0 === $this->process->execute($fallbackCommand, $output, $path) || 0 === $this->process->execute($fallbackCommand, $output, $path)
) { ) {
$command = sprintf('git reset --hard %s', escapeshellarg($reference)); $command = sprintf('git reset --hard %s', ProcessExecutor::escape($reference));
if (0 === $this->process->execute($command, $output, $path)) { if (0 === $this->process->execute($command, $output, $path)) {
return; return;
} }
} }
} }
$command = sprintf($template, escapeshellarg($gitRef)); $command = sprintf($template, ProcessExecutor::escape($gitRef));
if (0 === $this->process->execute($command, $output, $path)) { if (0 === $this->process->execute($command, $output, $path)) {
return; return;
} }
@ -269,7 +273,7 @@ class GitDownloader extends VcsDownloader
foreach ($this->process->splitLines($output) as $line) { foreach ($this->process->splitLines($output) as $line) {
if (preg_match('{^composer/'.preg_quote($branch).'(?:\.x)?$}i', trim($line))) { if (preg_match('{^composer/'.preg_quote($branch).'(?:\.x)?$}i', trim($line))) {
// find the previous commit by date in the given branch // find the previous commit by date in the given branch
if (0 === $this->process->execute(sprintf($guessTemplate, $date, escapeshellarg(trim($line))), $output, $path)) { if (0 === $this->process->execute(sprintf($guessTemplate, $date, ProcessExecutor::escape(trim($line))), $output, $path)) {
$newReference = trim($output); $newReference = trim($output);
} }
@ -286,7 +290,7 @@ class GitDownloader extends VcsDownloader
} }
// checkout the new recovered ref // checkout the new recovered ref
$command = sprintf($template, escapeshellarg($newReference)); $command = sprintf($template, ProcessExecutor::escape($newReference));
if (0 === $this->process->execute($command, $output, $path)) { if (0 === $this->process->execute($command, $output, $path)) {
$this->io->write(' '.$reference.' is gone (history was rewritten?), recovered by checking out '.$newReference); $this->io->write(' '.$reference.' is gone (history was rewritten?), recovered by checking out '.$newReference);
@ -306,7 +310,7 @@ class GitDownloader extends VcsDownloader
if ($protocols[0] !== 'git') { if ($protocols[0] !== 'git') {
$pushUrl = 'https://' . $match[1] . '/'.$match[2].'/'.$match[3].'.git'; $pushUrl = 'https://' . $match[1] . '/'.$match[2].'/'.$match[3].'.git';
} }
$cmd = sprintf('git remote set-url --push origin %s', escapeshellarg($pushUrl)); $cmd = sprintf('git remote set-url --push origin %s', ProcessExecutor::escape($pushUrl));
$this->process->execute($cmd, $ignoredOutput, $path); $this->process->execute($cmd, $ignoredOutput, $path);
} }
} }

2
src/Composer/Downloader/GzipDownloader.php
View File

@ -40,7 +40,7 @@ class GzipDownloader extends ArchiveDownloader
// Try to use gunzip on *nix // Try to use gunzip on *nix
if (!defined('PHP_WINDOWS_VERSION_BUILD')) { if (!defined('PHP_WINDOWS_VERSION_BUILD')) {
$command = 'gzip -cd ' . escapeshellarg($file) . ' > ' . escapeshellarg($targetFilepath); $command = 'gzip -cd ' . ProcessExecutor::escape($file) . ' > ' . ProcessExecutor::escape($targetFilepath);
if (0 === $this->process->execute($command, $ignoredOutput)) { if (0 === $this->process->execute($command, $ignoredOutput)) {
return; return;

11
src/Composer/Downloader/HgDownloader.php
View File

@ -13,6 +13,7 @@
namespace Composer\Downloader; namespace Composer\Downloader;
use Composer\Package\PackageInterface; use Composer\Package\PackageInterface;
use Composer\Util\ProcessExecutor;
/** /**
* @author Per Bernhardt <plb@webfactory.de> * @author Per Bernhardt <plb@webfactory.de>
@ -24,10 +25,10 @@ class HgDownloader extends VcsDownloader
*/ */
public function doDownload(PackageInterface $package, $path, $url) public function doDownload(PackageInterface $package, $path, $url)
{ {
$url = escapeshellarg($url); $url = ProcessExecutor::escape($url);
$ref = escapeshellarg($package->getSourceReference()); $ref = ProcessExecutor::escape($package->getSourceReference());
$this->io->write(" Cloning ".$package->getSourceReference()); $this->io->write(" Cloning ".$package->getSourceReference());
$command = sprintf('hg clone %s %s', $url, escapeshellarg($path)); $command = sprintf('hg clone %s %s', $url, ProcessExecutor::escape($path));
if (0 !== $this->process->execute($command, $ignoredOutput)) { if (0 !== $this->process->execute($command, $ignoredOutput)) {
throw new \RuntimeException('Failed to execute ' . $command . "\n\n" . $this->process->getErrorOutput()); throw new \RuntimeException('Failed to execute ' . $command . "\n\n" . $this->process->getErrorOutput());
} }
@ -42,8 +43,8 @@ class HgDownloader extends VcsDownloader
*/ */
public function doUpdate(PackageInterface $initial, PackageInterface $target, $path, $url) public function doUpdate(PackageInterface $initial, PackageInterface $target, $path, $url)
{ {
$url = escapeshellarg($url); $url = ProcessExecutor::escape($url);
$ref = escapeshellarg($target->getSourceReference()); $ref = ProcessExecutor::escape($target->getSourceReference());
$this->io->write(" Updating to ".$target->getSourceReference()); $this->io->write(" Updating to ".$target->getSourceReference());
if (!is_dir($path.'/.hg')) { if (!is_dir($path.'/.hg')) {

2
src/Composer/Downloader/RarDownloader.php
View File

@ -42,7 +42,7 @@ class RarDownloader extends ArchiveDownloader
// Try to use unrar on *nix // Try to use unrar on *nix
if (!defined('PHP_WINDOWS_VERSION_BUILD')) { if (!defined('PHP_WINDOWS_VERSION_BUILD')) {
$command = 'unrar x ' . escapeshellarg($file) . ' ' . escapeshellarg($path) . ' && chmod -R u+w ' . escapeshellarg($path); $command = 'unrar x ' . ProcessExecutor::escape($file) . ' ' . ProcessExecutor::escape($path) . ' && chmod -R u+w ' . ProcessExecutor::escape($path);
if (0 === $this->process->execute($command, $ignoredOutput)) { if (0 === $this->process->execute($command, $ignoredOutput)) {
return; return;

2
src/Composer/Downloader/ZipDownloader.php
View File

@ -38,7 +38,7 @@ class ZipDownloader extends ArchiveDownloader
// try to use unzip on *nix // try to use unzip on *nix
if (!defined('PHP_WINDOWS_VERSION_BUILD')) { if (!defined('PHP_WINDOWS_VERSION_BUILD')) {
$command = 'unzip '.escapeshellarg($file).' -d '.escapeshellarg($path) . ' && chmod -R u+w ' . escapeshellarg($path); $command = 'unzip '.ProcessExecutor::escape($file).' -d '.ProcessExecutor::escape($path) . ' && chmod -R u+w ' . ProcessExecutor::escape($path);
try { try {
if (0 === $this->process->execute($command, $ignoredOutput)) { if (0 === $this->process->execute($command, $ignoredOutput)) {
return; return;

2
src/Composer/EventDispatcher/EventDispatcher.php
View File

@ -152,7 +152,7 @@ class EventDispatcher
throw $e; throw $e;
} }
} else { } else {
$args = implode(' ', array_map('escapeshellarg', $event->getArguments())); $args = implode(' ', array_map(array('Composer\Util\ProcessExecutor','escape'), $event->getArguments()));
if (0 !== ($exitCode = $this->process->execute($callable . ($args === '' ? '' : ' '.$args)))) { if (0 !== ($exitCode = $this->process->execute($callable . ($args === '' ? '' : ' '.$args)))) {
$event->getIO()->write(sprintf('<error>Script %s handling the %s event returned with an error</error>', $callable, $event->getName())); $event->getIO()->write(sprintf('<error>Script %s handling the %s event returned with an error</error>', $callable, $event->getName()));

5
src/Composer/Installer/LibraryInstaller.php
View File

@ -17,6 +17,7 @@ use Composer\IO\IOInterface;
use Composer\Repository\InstalledRepositoryInterface; use Composer\Repository\InstalledRepositoryInterface;
use Composer\Package\PackageInterface; use Composer\Package\PackageInterface;
use Composer\Util\Filesystem; use Composer\Util\Filesystem;
use Composer\Util\ProcessExecutor;
/** /**
* Package installation manager. * Package installation manager.
@ -296,7 +297,7 @@ class LibraryInstaller implements InstallerInterface
} }
return "@ECHO OFF\r\n". return "@ECHO OFF\r\n".
"SET BIN_TARGET=%~dp0/".trim(escapeshellarg($binPath), '"')."\r\n". "SET BIN_TARGET=%~dp0/".trim(ProcessExecutor::escape($binPath), '"')."\r\n".
"{$caller} \"%BIN_TARGET%\" %*\r\n"; "{$caller} \"%BIN_TARGET%\" %*\r\n";
} }
@ -307,7 +308,7 @@ class LibraryInstaller implements InstallerInterface
return "#!/usr/bin/env sh\n". return "#!/usr/bin/env sh\n".
'SRC_DIR="`pwd`"'."\n". 'SRC_DIR="`pwd`"'."\n".
'cd "`dirname "$0"`"'."\n". 'cd "`dirname "$0"`"'."\n".
'cd '.escapeshellarg(dirname($binPath))."\n". 'cd '.ProcessExecutor::escape(dirname($binPath))."\n".
'BIN_TARGET="`pwd`/'.basename($binPath)."\"\n". 'BIN_TARGET="`pwd`/'.basename($binPath)."\"\n".
'cd "$SRC_DIR"'."\n". 'cd "$SRC_DIR"'."\n".
'"$BIN_TARGET" "$@"'."\n"; '"$BIN_TARGET" "$@"'."\n";

5
src/Composer/Installer/PearInstaller.php
View File

@ -17,6 +17,7 @@ use Composer\Composer;
use Composer\Downloader\PearPackageExtractor; use Composer\Downloader\PearPackageExtractor;
use Composer\Repository\InstalledRepositoryInterface; use Composer\Repository\InstalledRepositoryInterface;
use Composer\Package\PackageInterface; use Composer\Package\PackageInterface;
use Composer\Util\ProcessExecutor;
/** /**
* Package installation manager. * Package installation manager.
@ -124,7 +125,7 @@ class PearInstaller extends LibraryInstaller
"pushd .\r\n". "pushd .\r\n".
"cd %~dp0\r\n". "cd %~dp0\r\n".
"set PHP_PROXY=%CD%\\composer-php.bat\r\n". "set PHP_PROXY=%CD%\\composer-php.bat\r\n".
"cd ".escapeshellarg(dirname($binPath))."\r\n". "cd ".ProcessExecutor::escape(dirname($binPath))."\r\n".
"set BIN_TARGET=%CD%\\".basename($binPath)."\r\n". "set BIN_TARGET=%CD%\\".basename($binPath)."\r\n".
"popd\r\n". "popd\r\n".
"%PHP_PROXY% \"%BIN_TARGET%\" %*\r\n"; "%PHP_PROXY% \"%BIN_TARGET%\" %*\r\n";
@ -134,7 +135,7 @@ class PearInstaller extends LibraryInstaller
return "@echo off\r\n". return "@echo off\r\n".
"pushd .\r\n". "pushd .\r\n".
"cd %~dp0\r\n". "cd %~dp0\r\n".
"cd ".escapeshellarg(dirname($binPath))."\r\n". "cd ".ProcessExecutor::escape(dirname($binPath))."\r\n".
"set BIN_TARGET=%CD%\\".basename($binPath)."\r\n". "set BIN_TARGET=%CD%\\".basename($binPath)."\r\n".
"popd\r\n". "popd\r\n".
$caller." \"%BIN_TARGET%\" %*\r\n"; $caller." \"%BIN_TARGET%\" %*\r\n";

4
src/Composer/Package/Locker.php
View File

@ -341,13 +341,13 @@ class Locker
case 'git': case 'git':
GitUtil::cleanEnv(); GitUtil::cleanEnv();
if (0 === $this->process->execute('git log -n1 --pretty=%ct '.escapeshellarg($sourceRef), $output, $path) && preg_match('{^\s*\d+\s*$}', $output)) { if (0 === $this->process->execute('git log -n1 --pretty=%ct '.ProcessExecutor::escape($sourceRef), $output, $path) && preg_match('{^\s*\d+\s*$}', $output)) {
$datetime = new \DateTime('@'.trim($output), new \DateTimeZone('UTC')); $datetime = new \DateTime('@'.trim($output), new \DateTimeZone('UTC'));
} }
break; break;
case 'hg': case 'hg':
if (0 === $this->process->execute('hg log --template "{date|hgdate}" -r '.escapeshellarg($sourceRef), $output, $path) && preg_match('{^\s*(\d+)\s*}', $output, $match)) { if (0 === $this->process->execute('hg log --template "{date|hgdate}" -r '.ProcessExecutor::escape($sourceRef), $output, $path) && preg_match('{^\s*(\d+)\s*}', $output, $match)) {
$datetime = new \DateTime('@'.$match[1], new \DateTimeZone('UTC')); $datetime = new \DateTime('@'.$match[1], new \DateTimeZone('UTC'));
} }
break; break;

8
src/Composer/Repository/Vcs/GitDriver.php
View File

@ -62,7 +62,7 @@ class GitDriver extends VcsDriver
if (is_dir($this->repoDir) && 0 === $this->process->execute('git rev-parse --git-dir', $output, $this->repoDir) && trim($output) === '.') { if (is_dir($this->repoDir) && 0 === $this->process->execute('git rev-parse --git-dir', $output, $this->repoDir) && trim($output) === '.') {
try { try {
$commandCallable = function ($url) { $commandCallable = function ($url) {
return sprintf('git remote set-url origin %s && git remote update --prune origin', escapeshellarg($url)); return sprintf('git remote set-url origin %s && git remote update --prune origin', ProcessExecutor::escape($url));
}; };
$gitUtil->runCommand($commandCallable, $this->url, $this->repoDir); $gitUtil->runCommand($commandCallable, $this->url, $this->repoDir);
} catch (\Exception $e) { } catch (\Exception $e) {
@ -74,7 +74,7 @@ class GitDriver extends VcsDriver
$repoDir = $this->repoDir; $repoDir = $this->repoDir;
$commandCallable = function ($url) use ($repoDir) { $commandCallable = function ($url) use ($repoDir) {
return sprintf('git clone --mirror %s %s', escapeshellarg($url), escapeshellarg($repoDir)); return sprintf('git clone --mirror %s %s', ProcessExecutor::escape($url), ProcessExecutor::escape($repoDir));
}; };
$gitUtil->runCommand($commandCallable, $this->url, $this->repoDir, true); $gitUtil->runCommand($commandCallable, $this->url, $this->repoDir, true);
@ -147,7 +147,7 @@ class GitDriver extends VcsDriver
} }
if (!isset($this->infoCache[$identifier])) { if (!isset($this->infoCache[$identifier])) {
$resource = sprintf('%s:composer.json', escapeshellarg($identifier)); $resource = sprintf('%s:composer.json', ProcessExecutor::escape($identifier));
$this->process->execute(sprintf('git show %s', $resource), $composer, $this->repoDir); $this->process->execute(sprintf('git show %s', $resource), $composer, $this->repoDir);
if (!trim($composer)) { if (!trim($composer)) {
@ -157,7 +157,7 @@ class GitDriver extends VcsDriver
$composer = JsonFile::parseJson($composer, $resource); $composer = JsonFile::parseJson($composer, $resource);
if (!isset($composer['time'])) { if (!isset($composer['time'])) {
$this->process->execute(sprintf('git log -1 --format=%%at %s', escapeshellarg($identifier)), $output, $this->repoDir); $this->process->execute(sprintf('git log -1 --format=%%at %s', ProcessExecutor::escape($identifier)), $output, $this->repoDir);
$date = new \DateTime('@'.trim($output), new \DateTimeZone('UTC')); $date = new \DateTime('@'.trim($output), new \DateTimeZone('UTC'));
$composer['time'] = $date->format('Y-m-d H:i:s'); $composer['time'] = $date->format('Y-m-d H:i:s');
} }

8
src/Composer/Repository/Vcs/HgDriver.php
View File

@ -56,7 +56,7 @@ class HgDriver extends VcsDriver
// clean up directory and do a fresh clone into it // clean up directory and do a fresh clone into it
$fs->removeDirectory($this->repoDir); $fs->removeDirectory($this->repoDir);
if (0 !== $this->process->execute(sprintf('hg clone --noupdate %s %s', escapeshellarg($this->url), escapeshellarg($this->repoDir)), $output, $cacheDir)) { if (0 !== $this->process->execute(sprintf('hg clone --noupdate %s %s', ProcessExecutor::escape($this->url), ProcessExecutor::escape($this->repoDir)), $output, $cacheDir)) {
$output = $this->process->getErrorOutput(); $output = $this->process->getErrorOutput();
if (0 !== $this->process->execute('hg --version', $ignoredOutput)) { if (0 !== $this->process->execute('hg --version', $ignoredOutput)) {
@ -116,7 +116,7 @@ class HgDriver extends VcsDriver
public function getComposerInformation($identifier) public function getComposerInformation($identifier)
{ {
if (!isset($this->infoCache[$identifier])) { if (!isset($this->infoCache[$identifier])) {
$this->process->execute(sprintf('hg cat -r %s composer.json', escapeshellarg($identifier)), $composer, $this->repoDir); $this->process->execute(sprintf('hg cat -r %s composer.json', ProcessExecutor::escape($identifier)), $composer, $this->repoDir);
if (!trim($composer)) { if (!trim($composer)) {
return; return;
@ -125,7 +125,7 @@ class HgDriver extends VcsDriver
$composer = JsonFile::parseJson($composer, $identifier); $composer = JsonFile::parseJson($composer, $identifier);
if (!isset($composer['time'])) { if (!isset($composer['time'])) {
$this->process->execute(sprintf('hg log --template "{date|rfc3339date}" -r %s', escapeshellarg($identifier)), $output, $this->repoDir); $this->process->execute(sprintf('hg log --template "{date|rfc3339date}" -r %s', ProcessExecutor::escape($identifier)), $output, $this->repoDir);
$date = new \DateTime(trim($output), new \DateTimeZone('UTC')); $date = new \DateTime(trim($output), new \DateTimeZone('UTC'));
$composer['time'] = $date->format('Y-m-d H:i:s'); $composer['time'] = $date->format('Y-m-d H:i:s');
} }
@ -215,7 +215,7 @@ class HgDriver extends VcsDriver
} }
$processExecutor = new ProcessExecutor(); $processExecutor = new ProcessExecutor();
$exit = $processExecutor->execute(sprintf('hg identify %s', escapeshellarg($url)), $ignored); $exit = $processExecutor->execute(sprintf('hg identify %s', ProcessExecutor::escape($url)), $ignored);
return $exit === 0; return $exit === 0;
} }

8
src/Composer/Util/Filesystem.php
View File

@ -112,9 +112,9 @@ class Filesystem
} }
if (defined('PHP_WINDOWS_VERSION_BUILD')) { if (defined('PHP_WINDOWS_VERSION_BUILD')) {
$cmd = sprintf('rmdir /S /Q %s', escapeshellarg(realpath($directory))); $cmd = sprintf('rmdir /S /Q %s', ProcessExecutor::escape(realpath($directory)));
} else { } else {
$cmd = sprintf('rm -rf %s', escapeshellarg($directory)); $cmd = sprintf('rm -rf %s', ProcessExecutor::escape($directory));
} }
$result = $this->getProcess()->execute($cmd, $output) === 0; $result = $this->getProcess()->execute($cmd, $output) === 0;
@ -269,7 +269,7 @@ class Filesystem
if (defined('PHP_WINDOWS_VERSION_BUILD')) { if (defined('PHP_WINDOWS_VERSION_BUILD')) {
// Try to copy & delete - this is a workaround for random "Access denied" errors. // Try to copy & delete - this is a workaround for random "Access denied" errors.
$command = sprintf('xcopy %s %s /E /I /Q', escapeshellarg($source), escapeshellarg($target)); $command = sprintf('xcopy %s %s /E /I /Q', ProcessExecutor::escape($source), ProcessExecutor::escape($target));
$result = $this->processExecutor->execute($command, $output); $result = $this->processExecutor->execute($command, $output);
// clear stat cache because external processes aren't tracked by the php stat cache // clear stat cache because external processes aren't tracked by the php stat cache
@ -283,7 +283,7 @@ class Filesystem
} else { } else {
// We do not use PHP's "rename" function here since it does not support // We do not use PHP's "rename" function here since it does not support
// the case where $source, and $target are located on different partitions. // the case where $source, and $target are located on different partitions.
$command = sprintf('mv %s %s', escapeshellarg($source), escapeshellarg($target)); $command = sprintf('mv %s %s', ProcessExecutor::escape($source), ProcessExecutor::escape($target));
$result = $this->processExecutor->execute($command, $output); $result = $this->processExecutor->execute($command, $output);
// clear stat cache because external processes aren't tracked by the php stat cache // clear stat cache because external processes aren't tracked by the php stat cache

14
src/Composer/Util/ProcessExecutor.php
View File

@ -13,6 +13,7 @@
namespace Composer\Util; namespace Composer\Util;
use Symfony\Component\Process\Process; use Symfony\Component\Process\Process;
use Symfony\Component\Process\ProcessUtils;
use Composer\IO\IOInterface; use Composer\IO\IOInterface;
/** /**
@ -104,4 +105,17 @@ class ProcessExecutor
{ {
static::$timeout = $timeout; static::$timeout = $timeout;
} }
/**
* Escapes a string to be used as a shell argument.
*
* @param string $argument The argument that will be escaped
*
* @return string The escaped argument
*/
public static function escape ($argument)
{
return ProcessUtils::escapeArgument($argument);
}
} }

8
src/Composer/Util/Svn.php
View File

@ -196,11 +196,11 @@ class Svn
$cmd, $cmd,
'--non-interactive ', '--non-interactive ',
$this->getCredentialString(), $this->getCredentialString(),
escapeshellarg($url) ProcessExecutor::escape($url)
); );
if ($path) { if ($path) {
$cmd .= ' ' . escapeshellarg($path); $cmd .= ' ' . ProcessExecutor::escape($path);
} }
return $cmd; return $cmd;
@ -222,8 +222,8 @@ class Svn
return sprintf( return sprintf(
' %s--username %s --password %s ', ' %s--username %s --password %s ',
$this->getAuthCache(), $this->getAuthCache(),
escapeshellarg($this->getUsername()), ProcessExecutor::escape($this->getUsername()),
escapeshellarg($this->getPassword()) ProcessExecutor::escape($this->getPassword())
); );
} }