1
0
Fork 0

Added secure-http flag, defaults to true

pull/4907/head
cinamo 2016-02-11 14:15:03 +01:00
parent 8808638ea9
commit ef60478926
3 changed files with 19 additions and 0 deletions

View File

@ -331,6 +331,7 @@ EOT
'classmap-authoritative' => array($booleanValidator, $booleanNormalizer), 'classmap-authoritative' => array($booleanValidator, $booleanNormalizer),
'prepend-autoloader' => array($booleanValidator, $booleanNormalizer), 'prepend-autoloader' => array($booleanValidator, $booleanNormalizer),
'disable-tls' => array($booleanValidator, $booleanNormalizer), 'disable-tls' => array($booleanValidator, $booleanNormalizer),
'secure-http' => array($booleanValidator, $booleanNormalizer),
'cafile' => array( 'cafile' => array(
function ($val) { return file_exists($val) && is_readable($val); }, function ($val) { return file_exists($val) && is_readable($val); },
function ($val) { return $val === 'null' ? null : $val; }, function ($val) { return $val === 'null' ? null : $val; },

View File

@ -46,6 +46,7 @@ class Config
'prepend-autoloader' => true, 'prepend-autoloader' => true,
'github-domains' => array('github.com'), 'github-domains' => array('github.com'),
'disable-tls' => false, 'disable-tls' => false,
'secure-http' => true,
'cafile' => null, 'cafile' => null,
'capath' => null, 'capath' => null,
'github-expose-hostname' => true, 'github-expose-hostname' => true,
@ -275,6 +276,9 @@ class Config
case 'disable-tls': case 'disable-tls':
return $this->config[$key] !== 'false' && (bool) $this->config[$key]; return $this->config[$key] !== 'false' && (bool) $this->config[$key];
case 'secure-http':
return $this->config[$key] !== 'false' && (bool) $this->config[$key];
default: default:
if (!isset($this->config[$key])) { if (!isset($this->config[$key])) {
return null; return null;

View File

@ -254,6 +254,20 @@ class RemoteFilesystem
$this->io->writeError(" Downloading: <comment>Connecting...</comment>", false); $this->io->writeError(" Downloading: <comment>Connecting...</comment>", false);
} }
// Check for secure HTTP
if(($this->scheme === 'http' || substr($fileUrl, 0, 5) !== 'https')
&& $this->config && $this->config->get('secure-http')) {
// Rewrite unsecure Packagist urls to use https
if(substr($fileUrl, 0, 21) === 'http://packagist.org/') {
$fileUrl = 'https://packagist.org/' . substr($fileUrl, 21);
} else {
throw new TransportException(
sprintf('Your configuration does not allow connection to %s://%s. Enable http connections in your configuration by setting secure-http=false',
$this->scheme, $originUrl
));
}
}
$errorMessage = ''; $errorMessage = '';
$errorCode = 0; $errorCode = 0;
$result = false; $result = false;