Merge pull request #6486 from WilHall/feature/htaccess-protect-option
Add htaccess-protect option for disabling the creation of .htaccess filespull/6499/head
Jordi Boggiano
GitHub
commit
ef47d8bf05
|
|
@ -898,4 +898,9 @@ If set to 1, this env changes the default path repository strategy to `mirror` i
|
||||||
of `symlink`. As it is the default strategy being set it can still be overwritten by
|
of `symlink`. As it is the default strategy being set it can still be overwritten by
|
||||||
repository options.
|
repository options.
|
||||||
|
|
||||||
|
### COMPOSER_HTACCESS_PROTECT
|
||||||
|
|
||||||
|
Defaults to `1`. If set to `0`, Composer will not create `.htaccess` files in the
|
||||||
|
composer home, cache, and data directories.
|
||||||
|
|
||||||
← [Libraries](02-libraries.md) | [Schema](04-schema.md) →
|
← [Libraries](02-libraries.md) | [Schema](04-schema.md) →
|
||||||
|
|
|
||||||
|
|
@ -265,4 +265,9 @@ Example:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## htaccess-protect
|
||||||
|
|
||||||
|
Defaults to `true`. If set to `false`, Composer will not create `.htaccess` files
|
||||||
|
in the composer home, cache, and data directories.
|
||||||
|
|
||||||
← [Repositories](05-repositories.md) | [Community](07-community.md) →
|
← [Repositories](05-repositories.md) | [Community](07-community.md) →
|
||||||
|
|
|
||||||
|
|
@ -274,6 +274,10 @@
|
||||||
"archive-dir": {
|
"archive-dir": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "The default archive path when not provided on cli, defaults to \".\"."
|
"description": "The default archive path when not provided on cli, defaults to \".\"."
|
||||||
|
},
|
||||||
|
"htaccess-protect": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "Defaults to true. If set to false, Composer will not create .htaccess files in the composer home, cache, and data directories."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -402,6 +402,7 @@ EOT
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
'github-expose-hostname' => array($booleanValidator, $booleanNormalizer),
|
'github-expose-hostname' => array($booleanValidator, $booleanNormalizer),
|
||||||
|
'htaccess-protect' => array($booleanValidator, $booleanNormalizer),
|
||||||
);
|
);
|
||||||
$multiConfigValues = array(
|
$multiConfigValues = array(
|
||||||
'github-protocols' => array(
|
'github-protocols' => array(
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,7 @@ class Config
|
||||||
'platform' => array(),
|
'platform' => array(),
|
||||||
'archive-format' => 'tar',
|
'archive-format' => 'tar',
|
||||||
'archive-dir' => '.',
|
'archive-dir' => '.',
|
||||||
|
'htaccess-protect' => true,
|
||||||
// valid keys without defaults (auth config stuff):
|
// valid keys without defaults (auth config stuff):
|
||||||
// bitbucket-oauth
|
// bitbucket-oauth
|
||||||
// github-oauth
|
// github-oauth
|
||||||
|
|
@ -215,6 +216,7 @@ class Config
|
||||||
case 'cache-vcs-dir':
|
case 'cache-vcs-dir':
|
||||||
case 'cafile':
|
case 'cafile':
|
||||||
case 'capath':
|
case 'capath':
|
||||||
|
case 'htaccess-protect':
|
||||||
// convert foo-bar to COMPOSER_FOO_BAR and check if it exists since it overrides the local config
|
// convert foo-bar to COMPOSER_FOO_BAR and check if it exists since it overrides the local config
|
||||||
$env = 'COMPOSER_' . strtoupper(strtr($key, '-', '_'));
|
$env = 'COMPOSER_' . strtoupper(strtr($key, '-', '_'));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -164,16 +164,19 @@ class Factory
|
||||||
'data-dir' => self::getDataDir($home),
|
'data-dir' => self::getDataDir($home),
|
||||||
)));
|
)));
|
||||||
|
|
||||||
// Protect directory against web access. Since HOME could be
|
$htaccessProtect = (bool) $config->get('htaccess-protect');
|
||||||
// the www-data's user home and be web-accessible it is a
|
if ($htaccessProtect) {
|
||||||
// potential security risk
|
// Protect directory against web access. Since HOME could be
|
||||||
$dirs = array($config->get('home'), $config->get('cache-dir'), $config->get('data-dir'));
|
// the www-data's user home and be web-accessible it is a
|
||||||
foreach ($dirs as $dir) {
|
// potential security risk
|
||||||
if (!file_exists($dir . '/.htaccess')) {
|
$dirs = array($config->get('home'), $config->get('cache-dir'), $config->get('data-dir'));
|
||||||
if (!is_dir($dir)) {
|
foreach ($dirs as $dir) {
|
||||||
Silencer::call('mkdir', $dir, 0777, true);
|
if (!file_exists($dir . '/.htaccess')) {
|
||||||
|
if (!is_dir($dir)) {
|
||||||
|
Silencer::call('mkdir', $dir, 0777, true);
|
||||||
|
}
|
||||||
|
Silencer::call('file_put_contents', $dir . '/.htaccess', 'Deny from all');
|
||||||
}
|
}
|
||||||
Silencer::call('file_put_contents', $dir . '/.htaccess', 'Deny from all');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -310,4 +310,12 @@ class ConfigTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertEquals(0, $config->get('process-timeout'));
|
$this->assertEquals(0, $config->get('process-timeout'));
|
||||||
putenv('COMPOSER_PROCESS_TIMEOUT');
|
putenv('COMPOSER_PROCESS_TIMEOUT');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testHtaccessProtect()
|
||||||
|
{
|
||||||
|
putenv('COMPOSER_HTACCESS_PROTECT=0');
|
||||||
|
$config = new Config(true);
|
||||||
|
$this->assertEquals(0, $config->get('htaccess-protect'));
|
||||||
|
putenv('COMPOSER_HTACCESS_PROTECT');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue