From 4fc647983762c0b7b372b06b83a988b3b4ab90ea Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Fri, 25 Oct 2019 14:08:30 +0200
Subject: [PATCH 1/2] Fix require command to allow working on network mounts,
 fixes #8231

---
 src/Composer/Command/RequireCommand.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Composer/Command/RequireCommand.php b/src/Composer/Command/RequireCommand.php
index 8f91b6675..1fa280d3f 100644
--- a/src/Composer/Command/RequireCommand.php
+++ b/src/Composer/Command/RequireCommand.php
@@ -99,7 +99,9 @@ EOT
 
             return 1;
         }
-        if (!is_readable($this->file)) {
+        // check for readability by reading the file as is_readable can not be trusted on network-mounts
+        // see https://github.com/composer/composer/issues/8231 and https://bugs.php.net/bug.php?id=68926
+        if (!is_readable($this->file) && false === Silencer::call('file_get_contents', $this->file)) {
             $io->writeError('<error>'.$this->file.' is not readable.</error>');
 
             return 1;

From 8cbc595790c1f8713efbdfb3825a34b3db1a12f9 Mon Sep 17 00:00:00 2001
From: Andreas Schempp <andreas.schempp@terminal42.ch>
Date: Mon, 5 Aug 2019 11:13:48 +0200
Subject: [PATCH 2/2] Validate schema name, type and version

---
 res/composer-schema.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/res/composer-schema.json b/res/composer-schema.json
index cb3594f7b..b4e9d65af 100644
--- a/res/composer-schema.json
+++ b/res/composer-schema.json
@@ -11,7 +11,8 @@
         },
         "type": {
             "description": "Package type, either 'library' for common packages, 'composer-plugin' for plugins, 'metapackage' for empty packages, or a custom type ([a-z0-9-]+) defined by whatever project this package applies to.",
-            "type": "string"
+            "type": "string",
+            "pattern": "^[a-z0-9-]+$"
         },
         "target-dir": {
             "description": "DEPRECATED: Forces the package to be installed into the given subdirectory path. This is used for autoloading PSR-0 packages that do not contain their full path. Use forward slashes for cross-platform compatibility.",
@@ -39,7 +40,8 @@
         },
         "version": {
             "type": "string",
-            "description": "Package version, see https://getcomposer.org/doc/04-schema.md#version for more info on valid schemes."
+            "description": "Package version, see https://getcomposer.org/doc/04-schema.md#version for more info on valid schemes.",
+            "pattern": "^v?\\d+(((\\.\\d+)?\\.\\d+)?\\.\\d+)?"
         },
         "time": {
             "type": "string",