public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Merge pull request #6486 from WilHall/feature/htaccess-protect-option 

Add htaccess-protect option for disabling the creation of .htaccess files
pull/6499/head
Jordi Boggiano 2017-06-17 15:39:56 +02:00 committed by GitHub
parent 91a4e76958 69282de829
commit ef47d8bf05
7 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/03-cli.md
View File

@ -898,4 +898,9 @@ If set to 1, this env changes the default path repository strategy to `mirror` i
of `symlink`. As it is the default strategy being set it can still be overwritten by
repository options.
### COMPOSER_HTACCESS_PROTECT
Defaults to `1`. If set to `0`, Composer will not create `.htaccess` files in the
composer home, cache, and data directories.
← [Libraries](02-libraries.md) | [Schema](04-schema.md) →

5
doc/06-config.md
View File

@ -265,4 +265,9 @@ Example:
}
```
## htaccess-protect
Defaults to `true`. If set to `false`, Composer will not create `.htaccess` files
in the composer home, cache, and data directories.
← [Repositories](05-repositories.md) | [Community](07-community.md) →

4
res/composer-schema.json
View File

@ -274,6 +274,10 @@
"archive-dir": {
"type": "string",
"description": "The default archive path when not provided on cli, defaults to \".\"."
},
"htaccess-protect": {
"type": "boolean",
"description": "Defaults to true. If set to false, Composer will not create .htaccess files in the composer home, cache, and data directories."
}
}
},

1
src/Composer/Command/ConfigCommand.php
View File

@ -402,6 +402,7 @@ EOT
},
),
'github-expose-hostname' => array($booleanValidator, $booleanNormalizer),
'htaccess-protect' => array($booleanValidator, $booleanNormalizer),
);
$multiConfigValues = array(
'github-protocols' => array(

2
src/Composer/Config.php
View File

@ -60,6 +60,7 @@ class Config
'platform' => array(),
'archive-format' => 'tar',
'archive-dir' => '.',
'htaccess-protect' => true,
// valid keys without defaults (auth config stuff):
// bitbucket-oauth
// github-oauth
@ -215,6 +216,7 @@ class Config
case 'cache-vcs-dir':
case 'cafile':
case 'capath':
case 'htaccess-protect':
// convert foo-bar to COMPOSER_FOO_BAR and check if it exists since it overrides the local config
$env = 'COMPOSER_' . strtoupper(strtr($key, '-', '_'));

21
src/Composer/Factory.php
View File

@ -164,16 +164,19 @@ class Factory
'data-dir' => self::getDataDir($home),
)));
// Protect directory against web access. Since HOME could be
// the www-data's user home and be web-accessible it is a
// potential security risk
$dirs = array($config->get('home'), $config->get('cache-dir'), $config->get('data-dir'));
foreach ($dirs as $dir) {
if (!file_exists($dir . '/.htaccess')) {
if (!is_dir($dir)) {
Silencer::call('mkdir', $dir, 0777, true);
$htaccessProtect = (bool) $config->get('htaccess-protect');
if ($htaccessProtect) {
// Protect directory against web access. Since HOME could be
// the www-data's user home and be web-accessible it is a
// potential security risk
$dirs = array($config->get('home'), $config->get('cache-dir'), $config->get('data-dir'));
foreach ($dirs as $dir) {
if (!file_exists($dir . '/.htaccess')) {
if (!is_dir($dir)) {
Silencer::call('mkdir', $dir, 0777, true);
}
Silencer::call('file_put_contents', $dir . '/.htaccess', 'Deny from all');
}
Silencer::call('file_put_contents', $dir . '/.htaccess', 'Deny from all');
}
}

8
tests/Composer/Test/ConfigTest.php
View File

@ -310,4 +310,12 @@ class ConfigTest extends \PHPUnit_Framework_TestCase
$this->assertEquals(0, $config->get('process-timeout'));
putenv('COMPOSER_PROCESS_TIMEOUT');
}
public function testHtaccessProtect()
{
putenv('COMPOSER_HTACCESS_PROTECT=0');
$config = new Config(true);
$this->assertEquals(0, $config->get('htaccess-protect'));
putenv('COMPOSER_HTACCESS_PROTECT');
}
}